Overview
overview
10Static
static
10Venom-Rat-...0.html
windows7-x64
1Venom-Rat-...0.html
windows10-2004-x64
1Venom-Rat-...0.html
windows7-x64
1Venom-Rat-...0.html
windows10-2004-x64
1Venom-Rat-...il.dll
windows7-x64
1Venom-Rat-...il.dll
windows10-2004-x64
1Venom-Rat-...at.dll
windows7-x64
1Venom-Rat-...at.dll
windows10-2004-x64
1Venom-Rat-...me.dll
windows7-x64
1Venom-Rat-...me.dll
windows10-2004-x64
1Venom-Rat-...ed.exe
windows7-x64
8Venom-Rat-...ed.exe
windows10-2004-x64
8Majid Z Hacker.exe
windows7-x64
8Majid Z Hacker.exe
windows10-2004-x64
8Majid Z Hacker.exe
windows7-x64
10Majid Z Hacker.exe
windows10-2004-x64
10Windows Program.exe
windows7-x64
7Windows Program.exe
windows10-2004-x64
7script.vbs
windows7-x64
10script.vbs
windows10-2004-x64
10windows registry.exe
windows7-x64
10windows registry.exe
windows10-2004-x64
10firewall.exe
windows7-x64
8firewall.exe
windows10-2004-x64
Venom Cracked.exe
windows7-x64
1Venom Cracked.exe
windows10-2004-x64
1Venom-Rat-...er.exe
windows7-x64
1Venom-Rat-...er.exe
windows10-2004-x64
1Venom-Rat-...ed.exe
windows7-x64
10Venom-Rat-...ed.exe
windows10-2004-x64
10Majid Z Ha...te.exe
windows7-x64
10Majid Z Ha...te.exe
windows10-2004-x64
10Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
31-05-2024 12:30
Behavioral task
behavioral1
Sample
Venom-Rat-Cracked--main/Clients/Morpheus@DESKTOP-ALON1A1_367DDFD/Logs/10-31-2020.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Venom-Rat-Cracked--main/Clients/Morpheus@DESKTOP-ALON1A1_367DDFD/Logs/10-31-2020.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Venom-Rat-Cracked--main/Clients/Sam@DESKTOP-1HP3JNB_440CF1F/Logs/05-17-2020.html
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Venom-Rat-Cracked--main/Clients/Sam@DESKTOP-1HP3JNB_440CF1F/Logs/05-17-2020.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Venom-Rat-Cracked--main/Mono.Cecil.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Venom-Rat-Cracked--main/Mono.Cecil.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
Venom-Rat-Cracked--main/Mono.Nat.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Venom-Rat-Cracked--main/Mono.Nat.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
Venom-Rat-Cracked--main/VelyseTheme.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
Venom-Rat-Cracked--main/VelyseTheme.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
Venom-Rat-Cracked--main/Venom Activated Cracked.exe
Resource
win7-20240215-en
Behavioral task
behavioral12
Sample
Venom-Rat-Cracked--main/Venom Activated Cracked.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
Majid Z Hacker.exe
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
Majid Z Hacker.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
Majid Z Hacker.exe
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
Majid Z Hacker.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
Windows Program.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
Windows Program.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
script.vbs
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
script.vbs
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
windows registry.exe
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
windows registry.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
firewall.exe
Resource
win7-20240419-en
Behavioral task
behavioral24
Sample
firewall.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
Venom Cracked.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
Venom Cracked.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral27
Sample
Venom-Rat-Cracked--main/Venom Binder.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
Venom-Rat-Cracked--main/Venom Binder.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
Venom-Rat-Cracked--main/Venom Software RAT Activated Cracked.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
Venom-Rat-Cracked--main/Venom Software RAT Activated Cracked.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral31
Sample
Majid Z Hacker Website.exe
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
Majid Z Hacker Website.exe
Resource
win10v2004-20240508-en
General
-
Target
Majid Z Hacker.exe
-
Size
462KB
-
MD5
a8a8d6f3b48466242959545235d1c9b6
-
SHA1
0c2d670dc3b3b07a2498756e1d46fd1fee53a621
-
SHA256
09d709640f6884d6b7e7501175cfdcc3724df07785c081c0e14b20cbcdf382ec
-
SHA512
09f08dd6026b2e24a05e20505723055deceffaba3d351dd49cdc934d038ef0796a3d8d481fe7734b3ec3ba80f4800994983441204dbc3f12baf4f637534a4796
-
SSDEEP
12288:6rs81bE0LfUk6XLbwxMY4R/3CDOpeYYhN7zjYC/M:6H5rh6XPbYuCDOpmPzjZM
Malware Config
Signatures
-
Modifies Windows Firewall 2 TTPs 36 IoCs
Processes:
netsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exepid process 2744 netsh.exe 3524 netsh.exe 1292 netsh.exe 316 netsh.exe 1824 netsh.exe 3900 netsh.exe 5508 netsh.exe 1348 netsh.exe 1492 netsh.exe 4044 netsh.exe 2996 netsh.exe 3348 netsh.exe 4872 netsh.exe 4260 netsh.exe 4508 netsh.exe 2380 netsh.exe 3696 netsh.exe 4836 netsh.exe 4676 netsh.exe 1536 netsh.exe 3148 netsh.exe 1248 netsh.exe 4864 netsh.exe 1352 netsh.exe 3816 netsh.exe 4712 netsh.exe 512 netsh.exe 684 netsh.exe 4508 netsh.exe 3172 netsh.exe 2268 netsh.exe 4520 netsh.exe 544 netsh.exe 3368 netsh.exe 3480 netsh.exe 4476 netsh.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
Majid Z Hacker.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation Majid Z Hacker.exe -
Executes dropped EXE 1 IoCs
Processes:
firewall.exepid process 1832 firewall.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
Majid Z Hacker.exedescription pid process target process PID 2276 wrote to memory of 4528 2276 Majid Z Hacker.exe Majid Z Hacker.exe PID 2276 wrote to memory of 4528 2276 Majid Z Hacker.exe Majid Z Hacker.exe PID 2276 wrote to memory of 4528 2276 Majid Z Hacker.exe Majid Z Hacker.exe PID 2276 wrote to memory of 1832 2276 Majid Z Hacker.exe firewall.exe PID 2276 wrote to memory of 1832 2276 Majid Z Hacker.exe firewall.exe PID 2276 wrote to memory of 1832 2276 Majid Z Hacker.exe firewall.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"2⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"3⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"4⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"5⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"7⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"8⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"9⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"10⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"11⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"12⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"13⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"14⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"15⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"16⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"17⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"18⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"19⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"20⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"21⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"22⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"23⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"24⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"25⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"26⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"27⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"28⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"29⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"30⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"31⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"32⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"33⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"34⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"35⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"36⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"37⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"38⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"38⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"37⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable38⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"36⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable37⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"35⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable36⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"34⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable35⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"33⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable34⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"32⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable33⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"31⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable32⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"30⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable31⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"29⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable30⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"28⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable29⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"27⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable28⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"26⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable27⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"25⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable26⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"24⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable25⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"23⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable24⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"22⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable23⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"21⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable22⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"20⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable21⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"19⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable20⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"18⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable19⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"17⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable18⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"16⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable17⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"15⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable16⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"14⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable15⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"13⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable14⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"12⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable13⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"11⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable12⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"10⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable11⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"9⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable10⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"8⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable9⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"7⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable8⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"6⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable7⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"5⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable6⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"4⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable5⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"3⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable4⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable3⤵
- Modifies Windows Firewall
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\BlackData.datFilesize
3B
MD593cba07454f06a4a960172bbd6e2a435
SHA15397e0583f14f6c88de06b1ef28f460a1fb5b0ae
SHA25685a39ab345d672ff8ca9b9c6876f3adcacf45ee7c1e2dbd2408fd338bd55e07e
SHA5126b99acba1e4e469610f9227829648fa52e7ad463f22568f0a04188f2d465a585ba077f12d1a527674c338470e79665fd16e54f25553482cddd85845232d186f9
-
C:\Users\Admin\AppData\Local\Temp\firewall.exeFilesize
40KB
MD5085242fc50844dc41d1966e620d3e121
SHA15e9a343256313938468d5d4fb92e39c5ef6f8c91
SHA256180b8e0169f2c89d3b4f34d3ee5b26f5578211068be74cf9c2fd194d8cda9b3d
SHA5123341c74802aa98ce2bd7b15d2921d3082110c62ee6d82df784cb610c1594d905c82c6ae79cf43d76f98db7a8a4951686898ba1dddeb9615fca6480ac6bb7887b
-
C:\Users\Admin\Documents\My Music\autorun.infFilesize
287B
MD515755ea8c0f620cfdaf9ada425e6b4c2
SHA1868d9aca932d7a1a0d26ba19d613e34f3325a4eb
SHA2563ae21c30b4273c6dfcc5841aaa18d776e53dd9dd9458051cb5457e25af4250fe
SHA5126a44ff83fcf9d22fe1d06d3333be2bcfd45df0a9bc449cdf857d255c69d88497efc8c00c6a4ba383da6ebd7d422e87fea2e78ad62ec678fa3dc1aac29e34fae9
-
C:\Users\Admin\Documents\My Pictures\autorun.infFilesize
299B
MD5d7111cd7ccdee778d8261d4e03614a85
SHA1f88c30e0403764b7384e3ef64cb54a1c2f5121f4
SHA2566ad6f66d55b492f4f982a1bbe9ba99b20f3c77b93285cca02ca7843642336aa3
SHA51215578fff5e7ee767edeaa4da93a66b2a634d8caa7a0a06223481fa6ab1c97c64f3871a36550406bc29f2e1262bb01e282d022cd55e9e7aa8ce9745fa3037c5b1
-
C:\Users\Admin\Documents\My Videos\autorun.infFilesize
291B
MD55cda9292cfaacb554b5ddda7a5d8daa0
SHA105d78ca665e4186a6245c29c9b392e090a9d0937
SHA2568cbbcbdb2618fb7eaf7e09ceceee1c9d0cbdf609e4f0fc9a6a2de71912ceb174
SHA512825381e97b7a0458898f27a95584affa011d1038a380a3e19c81cb04a80bbb9924536fa6c53dbde073d371de2918ede9a0e2427b9227888ce208b6ac50accdba
-
C:\Users\Admin\Documents\OneNote Notebooks\autorun.infFilesize
323B
MD5f949be5c00056b76437bc780e92999de
SHA1fd9920081f3bf1e7eb86433b1ac1a4d8f25174e6
SHA2563c4ffecacd1c4c008d3fb69855972b2209e12e9695386b687038e12c5ec80ce8
SHA512619eec04a8c1cce943aa27f69f65480428f07685a03a543d69800e0fdc41321ccd2cc57ff7ba310d22a0196b6cfdb5b30e5331c1a1ac6f0c94382cb27d32f270
-
memory/1832-8-0x0000000073BC2000-0x0000000073BC3000-memory.dmpFilesize
4KB
-
memory/1832-9-0x0000000073BC0000-0x0000000074171000-memory.dmpFilesize
5.7MB
-
memory/1832-11-0x0000000073BC0000-0x0000000074171000-memory.dmpFilesize
5.7MB