b7790340a5f9c92e58fd6244e1674938d97589c2668406ebda9ed6be6f5012b7

Analysis

max time kernel
153s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7790340a5f9c92e58fd6244e1674938d97589c2668406ebda9ed6be6f5012b7.exe
Size

180KB
MD5

25e5898fb48bec69e73b452c5ff23ef0
SHA1

19399bda6677f7b55f0e665372e3ebda7dfae053
SHA256

b7790340a5f9c92e58fd6244e1674938d97589c2668406ebda9ed6be6f5012b7
SHA512

145e8e5d5529c7bded9b65004c117a44353513fe969be7fb6c426d3cb877ab65ecd3a34ff7e0d3b99e209af414fe31bb2a1a64c4e1dbdbe6c500ef9c1957b2de
SSDEEP

1536:TnHowMGIYD1Enu0TBFoiz6IDncBAZ9FMfHEhKgK7qSg1+mdIEAr:rFgK7Dg1+mdYr

Score

10^/10

evasion persistence

Malware Config

Signatures

Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	veazoem.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation	b7790340a5f9c92e58fd6244e1674938d97589c2668406ebda9ed6be6f5012b7.exe

Executes dropped EXE 1 IoCs

pid	Process
3932	veazoem.exe

Adds Run key to start application 2 TTPs 51 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /I"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /T"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /f"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /g"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /V"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /z"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /c"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /t"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /B"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /G"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /d"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /o"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /R"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /S"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /K"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /H"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /n"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /j"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /x"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /M"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /X"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /Q"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /h"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /m"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /A"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /v"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /e"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /s"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /p"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /F"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /Z"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /y"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /O"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /i"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /N"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /P"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /q"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /a"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /k"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /D"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /U"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /L"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /E"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /w"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /l"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /J"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /b"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /r"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /C"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /W"	veazoem.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\veazoem = "C:\\Users\\Admin\\veazoem.exe /Y"	veazoem.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe
3932	veazoem.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
316	b7790340a5f9c92e58fd6244e1674938d97589c2668406ebda9ed6be6f5012b7.exe
3932	veazoem.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 316 wrote to memory of 3932	316	b7790340a5f9c92e58fd6244e1674938d97589c2668406ebda9ed6be6f5012b7.exe	98
PID 316 wrote to memory of 3932	316	b7790340a5f9c92e58fd6244e1674938d97589c2668406ebda9ed6be6f5012b7.exe	98
PID 316 wrote to memory of 3932	316	b7790340a5f9c92e58fd6244e1674938d97589c2668406ebda9ed6be6f5012b7.exe	98
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91
PID 3932 wrote to memory of 316	3932	veazoem.exe	91

C:\Users\Admin\AppData\Local\Temp\b7790340a5f9c92e58fd6244e1674938d97589c2668406ebda9ed6be6f5012b7.exe
"C:\Users\Admin\AppData\Local\Temp\b7790340a5f9c92e58fd6244e1674938d97589c2668406ebda9ed6be6f5012b7.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:316
- C:\Users\Admin\veazoem.exe
  "C:\Users\Admin\veazoem.exe"
  2⤵
  - Modifies visiblity of hidden/system files in Explorer
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1404 --field-trial-handle=3044,i,17059189006398306756,4247826696353232857,262144 --variations-seed-version /prefetch:8
1⤵
PID:4920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\veazoem.exe

Filesize
180KB

MD5
2265fbe66b3fc4db91becadcd8e1aa53

SHA1
7a1398413807def98b1ae4e69146999c4011a939

SHA256
0c1d578a24b33bba207a33be02cc00bba74f5a70df88a7e581a17d497681f199

SHA512
735b232a9bb4ac75cbee2467de312b0692b5d677209ddb2e5ff4be628745b43e4fb1b441d1cdbd7b9c115e760f6003493398d3f4c245dadb85ab118cb5c17e44

Download Submit