7eedde384dfb203fdff6e4c8047835c4561e859f05f68ef7291643a1df77f77e | Triage

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20-04-2024 10:41

Sharing

Report Analysis Logs

General

Target

VenGen.exe
Size

9.6MB
MD5

d10bfb2b9ab555b464ef95d06c746090
SHA1

af905eee8eea0fb11ae622e6235734deae1121fc
SHA256

7eedde384dfb203fdff6e4c8047835c4561e859f05f68ef7291643a1df77f77e
SHA512

8e352ee91522aa81b483b97278e7424225f383a4c4752cf20076d635ca12a7b420e2e65b62975993b4e26c88b87c66af64c858409c47c639587bdc3c0a0620a6
SSDEEP

196608:xn4luqXu8mSxCyf4FMIZETSejPePdrQJ/BKKKgvVSPQiLPVhk:V0Xu8mSxZQETSevJ0KKgdSIWPVhk

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

VenGen.exe

pid process

2500 VenGen.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

VenGen.exe

description	pid	process	target process
PID 2764 wrote to memory of 2500	2764	VenGen.exe	VenGen.exe
PID 2764 wrote to memory of 2500	2764	VenGen.exe	VenGen.exe
PID 2764 wrote to memory of 2500	2764	VenGen.exe	VenGen.exe

C:\Users\Admin\AppData\Local\Temp\VenGen.exe
"C:\Users\Admin\AppData\Local\Temp\VenGen.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2764

C:\Users\Admin\AppData\Local\Temp\VenGen.exe
"C:\Users\Admin\AppData\Local\Temp\VenGen.exe"
2⤵
- Loads dropped DLL
PID:2500

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI27642\python311.dll
Filesize
5.5MB

MD5
5a5dd7cad8028097842b0afef45bfbcf

SHA1
e247a2e460687c607253949c52ae2801ff35dc4a

SHA256
a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

SHA512
e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

Download Submit