Overview
overview
10Static
static
10Venom-Rat-...0.html
windows7-x64
1Venom-Rat-...0.html
windows10-2004-x64
1Venom-Rat-...0.html
windows7-x64
1Venom-Rat-...0.html
windows10-2004-x64
1Venom-Rat-...il.dll
windows7-x64
1Venom-Rat-...il.dll
windows10-2004-x64
1Venom-Rat-...at.dll
windows7-x64
1Venom-Rat-...at.dll
windows10-2004-x64
1Venom-Rat-...me.dll
windows7-x64
1Venom-Rat-...me.dll
windows10-2004-x64
1Venom-Rat-...ed.exe
windows7-x64
8Venom-Rat-...ed.exe
windows10-2004-x64
8Majid Z Hacker.exe
windows7-x64
8Majid Z Hacker.exe
windows10-2004-x64
8Majid Z Hacker.exe
windows7-x64
10Majid Z Hacker.exe
windows10-2004-x64
10Windows Program.exe
windows7-x64
7Windows Program.exe
windows10-2004-x64
7script.vbs
windows7-x64
10script.vbs
windows10-2004-x64
10windows registry.exe
windows7-x64
10windows registry.exe
windows10-2004-x64
10firewall.exe
windows7-x64
8firewall.exe
windows10-2004-x64
Venom Cracked.exe
windows7-x64
1Venom Cracked.exe
windows10-2004-x64
1Venom-Rat-...er.exe
windows7-x64
1Venom-Rat-...er.exe
windows10-2004-x64
1Venom-Rat-...ed.exe
windows7-x64
10Venom-Rat-...ed.exe
windows10-2004-x64
10Majid Z Ha...te.exe
windows7-x64
10Majid Z Ha...te.exe
windows10-2004-x64
10Analysis
-
max time kernel
1s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
31-05-2024 12:30
Behavioral task
behavioral1
Sample
Venom-Rat-Cracked--main/Clients/Morpheus@DESKTOP-ALON1A1_367DDFD/Logs/10-31-2020.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Venom-Rat-Cracked--main/Clients/Morpheus@DESKTOP-ALON1A1_367DDFD/Logs/10-31-2020.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Venom-Rat-Cracked--main/Clients/Sam@DESKTOP-1HP3JNB_440CF1F/Logs/05-17-2020.html
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Venom-Rat-Cracked--main/Clients/Sam@DESKTOP-1HP3JNB_440CF1F/Logs/05-17-2020.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Venom-Rat-Cracked--main/Mono.Cecil.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Venom-Rat-Cracked--main/Mono.Cecil.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
Venom-Rat-Cracked--main/Mono.Nat.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Venom-Rat-Cracked--main/Mono.Nat.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
Venom-Rat-Cracked--main/VelyseTheme.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
Venom-Rat-Cracked--main/VelyseTheme.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
Venom-Rat-Cracked--main/Venom Activated Cracked.exe
Resource
win7-20240215-en
Behavioral task
behavioral12
Sample
Venom-Rat-Cracked--main/Venom Activated Cracked.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
Majid Z Hacker.exe
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
Majid Z Hacker.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
Majid Z Hacker.exe
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
Majid Z Hacker.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
Windows Program.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
Windows Program.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
script.vbs
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
script.vbs
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
windows registry.exe
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
windows registry.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
firewall.exe
Resource
win7-20240419-en
Behavioral task
behavioral24
Sample
firewall.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
Venom Cracked.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
Venom Cracked.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral27
Sample
Venom-Rat-Cracked--main/Venom Binder.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
Venom-Rat-Cracked--main/Venom Binder.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
Venom-Rat-Cracked--main/Venom Software RAT Activated Cracked.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
Venom-Rat-Cracked--main/Venom Software RAT Activated Cracked.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral31
Sample
Majid Z Hacker Website.exe
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
Majid Z Hacker Website.exe
Resource
win10v2004-20240508-en
General
-
Target
Venom-Rat-Cracked--main/Venom Activated Cracked.exe
-
Size
10.1MB
-
MD5
4dabfeed4b250a3248714458ae370ca8
-
SHA1
6e215b2a20039a4dbde18579a1419a4eb10946ac
-
SHA256
eb23cbc820d2b8fdc0227b2e89274edf2671163cae40e0a9bb930b91c05ac3a9
-
SHA512
7ea826cf27da942ce2e9db4a800b3c247670a8fc260af8686d14c48583f38f14b935d5af282a3774a9811f0957ca7318dc883307254554e907f7cfb5f6419a4c
-
SSDEEP
196608:m6+0f/ylacMb5mCbClb12UK4RDx5gRIAL1xXPm68DwOHRR+kc4N4FmDdgW7NaREE:m0f/KacMbR2J2UKEdiRIAL1xXPCwkEn7
Malware Config
Signatures
-
Modifies Windows Firewall 2 TTPs 42 IoCs
Processes:
netsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exepid process 3512 netsh.exe 3240 netsh.exe 3112 netsh.exe 5384 netsh.exe 5932 netsh.exe 644 netsh.exe 3824 netsh.exe 5164 netsh.exe 4600 netsh.exe 4812 netsh.exe 1216 netsh.exe 2764 netsh.exe 5704 netsh.exe 4440 netsh.exe 6140 netsh.exe 6128 netsh.exe 4512 netsh.exe 3876 netsh.exe 652 netsh.exe 3404 netsh.exe 1884 netsh.exe 4980 netsh.exe 5204 netsh.exe 4588 netsh.exe 2272 netsh.exe 3612 netsh.exe 2172 netsh.exe 4872 netsh.exe 1124 netsh.exe 5200 netsh.exe 5188 netsh.exe 2704 netsh.exe 4476 netsh.exe 1092 netsh.exe 2724 netsh.exe 4616 netsh.exe 2424 netsh.exe 5404 netsh.exe 3760 netsh.exe 2148 netsh.exe 3124 netsh.exe 3200 netsh.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
Venom Activated Cracked.exeMajid Z Hacker.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation Venom Activated Cracked.exe Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation Majid Z Hacker.exe -
Executes dropped EXE 4 IoCs
Processes:
Venom Cracked.exeMajid Z Hacker.exeMajid Z Hacker.exefirewall.exepid process 1928 Venom Cracked.exe 4832 Majid Z Hacker.exe 3088 Majid Z Hacker.exe 4936 firewall.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
NSIS installer 2 IoCs
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe nsis_installer_1 C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe nsis_installer_2 -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
Venom Activated Cracked.exeMajid Z Hacker.exedescription pid process target process PID 1180 wrote to memory of 1928 1180 Venom Activated Cracked.exe Venom Cracked.exe PID 1180 wrote to memory of 1928 1180 Venom Activated Cracked.exe Venom Cracked.exe PID 1180 wrote to memory of 4832 1180 Venom Activated Cracked.exe Majid Z Hacker.exe PID 1180 wrote to memory of 4832 1180 Venom Activated Cracked.exe Majid Z Hacker.exe PID 1180 wrote to memory of 4832 1180 Venom Activated Cracked.exe Majid Z Hacker.exe PID 4832 wrote to memory of 3088 4832 Majid Z Hacker.exe Majid Z Hacker.exe PID 4832 wrote to memory of 3088 4832 Majid Z Hacker.exe Majid Z Hacker.exe PID 4832 wrote to memory of 3088 4832 Majid Z Hacker.exe Majid Z Hacker.exe PID 4832 wrote to memory of 4936 4832 Majid Z Hacker.exe firewall.exe PID 4832 wrote to memory of 4936 4832 Majid Z Hacker.exe firewall.exe PID 4832 wrote to memory of 4936 4832 Majid Z Hacker.exe firewall.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Venom-Rat-Cracked--main\Venom Activated Cracked.exe"C:\Users\Admin\AppData\Local\Temp\Venom-Rat-Cracked--main\Venom Activated Cracked.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Venom Cracked.exe"C:\Users\Admin\AppData\Local\Temp\Venom Cracked.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"4⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"5⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"7⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"8⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"9⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"10⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"11⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"12⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"13⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"14⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"15⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"16⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"17⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"18⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"19⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"20⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"21⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"22⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"23⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"24⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"25⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"26⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"27⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"28⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"29⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"30⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"31⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"32⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"33⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"34⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"35⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"36⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"37⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"38⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"39⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"40⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"41⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"42⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"43⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"44⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"45⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"45⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"44⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable45⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"43⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable44⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"42⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable43⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"41⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable42⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"40⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable41⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"39⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable40⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"38⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable39⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"37⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable38⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"36⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable37⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"35⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable36⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"34⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable35⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"33⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable34⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"32⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable33⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"31⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable32⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"30⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable31⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"29⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable30⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"28⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable29⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"27⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable28⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"26⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable27⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"25⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable26⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"24⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable25⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"23⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable24⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"22⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable23⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"21⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable22⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"20⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable21⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"19⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable20⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"18⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable19⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"17⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable18⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"16⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable17⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"15⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable16⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"14⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable15⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"13⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable14⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"12⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable13⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"11⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable12⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"10⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable11⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"9⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable10⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"8⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable9⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"7⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable8⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"6⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable7⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"5⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable6⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"4⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable5⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable4⤵
- Modifies Windows Firewall
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\BlackData.datFilesize
3B
MD593cba07454f06a4a960172bbd6e2a435
SHA15397e0583f14f6c88de06b1ef28f460a1fb5b0ae
SHA25685a39ab345d672ff8ca9b9c6876f3adcacf45ee7c1e2dbd2408fd338bd55e07e
SHA5126b99acba1e4e469610f9227829648fa52e7ad463f22568f0a04188f2d465a585ba077f12d1a527674c338470e79665fd16e54f25553482cddd85845232d186f9
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exeFilesize
462KB
MD5a8a8d6f3b48466242959545235d1c9b6
SHA10c2d670dc3b3b07a2498756e1d46fd1fee53a621
SHA25609d709640f6884d6b7e7501175cfdcc3724df07785c081c0e14b20cbcdf382ec
SHA51209f08dd6026b2e24a05e20505723055deceffaba3d351dd49cdc934d038ef0796a3d8d481fe7734b3ec3ba80f4800994983441204dbc3f12baf4f637534a4796
-
C:\Users\Admin\AppData\Local\Temp\Venom Cracked.exeFilesize
12.1MB
MD5750015e08a9409c80cd3837daebb970a
SHA1bfd1122f8c459862717b0b7a50b7216fc2573880
SHA2563c413ee4b07c531c891ac1852d3d1b6a60bdc92e549e9cf4744d4fe85ebb5de2
SHA512f35938eac84d6084d9239977462c965bab95924895cd2b73e501a7d7c2ff400aaeaefbdc3302ac8f8c13cd49e22d19e95ef530cf1cc10f79f6ab62653021e5ac
-
C:\Users\Admin\AppData\Local\Temp\firewall.exeFilesize
40KB
MD5085242fc50844dc41d1966e620d3e121
SHA15e9a343256313938468d5d4fb92e39c5ef6f8c91
SHA256180b8e0169f2c89d3b4f34d3ee5b26f5578211068be74cf9c2fd194d8cda9b3d
SHA5123341c74802aa98ce2bd7b15d2921d3082110c62ee6d82df784cb610c1594d905c82c6ae79cf43d76f98db7a8a4951686898ba1dddeb9615fca6480ac6bb7887b
-
C:\Users\Admin\Documents\My Music\autorun.infFilesize
287B
MD515755ea8c0f620cfdaf9ada425e6b4c2
SHA1868d9aca932d7a1a0d26ba19d613e34f3325a4eb
SHA2563ae21c30b4273c6dfcc5841aaa18d776e53dd9dd9458051cb5457e25af4250fe
SHA5126a44ff83fcf9d22fe1d06d3333be2bcfd45df0a9bc449cdf857d255c69d88497efc8c00c6a4ba383da6ebd7d422e87fea2e78ad62ec678fa3dc1aac29e34fae9
-
C:\Users\Admin\Documents\My Pictures\autorun.infFilesize
299B
MD5d7111cd7ccdee778d8261d4e03614a85
SHA1f88c30e0403764b7384e3ef64cb54a1c2f5121f4
SHA2566ad6f66d55b492f4f982a1bbe9ba99b20f3c77b93285cca02ca7843642336aa3
SHA51215578fff5e7ee767edeaa4da93a66b2a634d8caa7a0a06223481fa6ab1c97c64f3871a36550406bc29f2e1262bb01e282d022cd55e9e7aa8ce9745fa3037c5b1
-
C:\Users\Admin\Documents\My Videos\autorun.infFilesize
291B
MD55cda9292cfaacb554b5ddda7a5d8daa0
SHA105d78ca665e4186a6245c29c9b392e090a9d0937
SHA2568cbbcbdb2618fb7eaf7e09ceceee1c9d0cbdf609e4f0fc9a6a2de71912ceb174
SHA512825381e97b7a0458898f27a95584affa011d1038a380a3e19c81cb04a80bbb9924536fa6c53dbde073d371de2918ede9a0e2427b9227888ce208b6ac50accdba
-
C:\Users\Admin\Documents\OneNote Notebooks\autorun.infFilesize
323B
MD5f949be5c00056b76437bc780e92999de
SHA1fd9920081f3bf1e7eb86433b1ac1a4d8f25174e6
SHA2563c4ffecacd1c4c008d3fb69855972b2209e12e9695386b687038e12c5ec80ce8
SHA512619eec04a8c1cce943aa27f69f65480428f07685a03a543d69800e0fdc41321ccd2cc57ff7ba310d22a0196b6cfdb5b30e5331c1a1ac6f0c94382cb27d32f270
-
memory/1928-18-0x00007FFE83493000-0x00007FFE83495000-memory.dmpFilesize
8KB
-
memory/1928-29-0x0000000000110000-0x0000000000D2A000-memory.dmpFilesize
12.1MB