Overview
overview
10Static
static
10Venom Imag...config
windows7-x64
3Venom Imag...config
windows10-2004-x64
3Venom Imag...om.exe
windows7-x64
10Venom Imag...om.exe
windows10-2004-x64
10Venom Imag...in.exe
windows7-x64
7Venom Imag...in.exe
windows10-2004-x64
7Venom Imag...fig.py
windows7-x64
3Venom Imag...fig.py
windows10-2004-x64
3Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
07-04-2024 06:46
Behavioral task
behavioral1
Sample
Venom Image Logger v3.1/Venom-main/.editorconfig
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral2
Sample
Venom Image Logger v3.1/Venom-main/.editorconfig
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Venom Image Logger v3.1/Venom-main/Venom.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral4
Sample
Venom Image Logger v3.1/Venom-main/Venom.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Venom Image Logger v3.1/Venom-main/dist/main.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
Venom Image Logger v3.1/Venom-main/dist/main.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Venom Image Logger v3.1/Venom-main/src/config.py
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral8
Sample
Venom Image Logger v3.1/Venom-main/src/config.py
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
Venom Image Logger v3.1/Venom-main/.editorconfig
-
Size
158B
-
MD5
34972a6636960201f371fde437feeb61
-
SHA1
4c1cac0da96766a730ca654ac96b756489e7125b
-
SHA256
af6d40deee9e0a2bf5e5bd9e71f857dcdb5c81d5b453425da0616f202b4c679b
-
SHA512
952e3af7b03fa3f68e4cc18e77c3c7a7795c86a292fa1e0800dc2372e2111107324287f7d95fbae5e1d312d8809e1d84fcbbed9ed2ea1d96890b93f5775f3211
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_Classes\Local Settings rundll32.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe 2172 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1204 wrote to memory of 2172 1204 cmd.exe 29 PID 1204 wrote to memory of 2172 1204 cmd.exe 29 PID 1204 wrote to memory of 2172 1204 cmd.exe 29
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Venom Image Logger v3.1\Venom-main\.editorconfig"1⤵
- Suspicious use of WriteProcessMemory
PID:1204 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Venom Image Logger v3.1\Venom-main\.editorconfig2⤵
- Modifies registry class
- Suspicious use of FindShellTrayWindow
PID:2172
-