Analysis
-
max time kernel
121s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
20-04-2024 10:41
Behavioral task
behavioral1
Sample
VenGen.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
VenGen.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
VenGen.pyc
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
VenGen.pyc
Resource
win10v2004-20240412-en
General
-
Target
VenGen.exe
-
Size
9.6MB
-
MD5
d10bfb2b9ab555b464ef95d06c746090
-
SHA1
af905eee8eea0fb11ae622e6235734deae1121fc
-
SHA256
7eedde384dfb203fdff6e4c8047835c4561e859f05f68ef7291643a1df77f77e
-
SHA512
8e352ee91522aa81b483b97278e7424225f383a4c4752cf20076d635ca12a7b420e2e65b62975993b4e26c88b87c66af64c858409c47c639587bdc3c0a0620a6
-
SSDEEP
196608:xn4luqXu8mSxCyf4FMIZETSejPePdrQJ/BKKKgvVSPQiLPVhk:V0Xu8mSxZQETSevJ0KKgdSIWPVhk
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
VenGen.exepid process 2500 VenGen.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
VenGen.exedescription pid process target process PID 2764 wrote to memory of 2500 2764 VenGen.exe VenGen.exe PID 2764 wrote to memory of 2500 2764 VenGen.exe VenGen.exe PID 2764 wrote to memory of 2500 2764 VenGen.exe VenGen.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI27642\python311.dllFilesize
5.5MB
MD55a5dd7cad8028097842b0afef45bfbcf
SHA1e247a2e460687c607253949c52ae2801ff35dc4a
SHA256a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce
SHA512e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858