Overview

overview

10

Static

static

10

Venom-Rat-...0.html

windows7-x64

1

Venom-Rat-...0.html

windows10-2004-x64

1

Venom-Rat-...0.html

windows7-x64

1

Venom-Rat-...0.html

windows10-2004-x64

1

Venom-Rat-...il.dll

windows7-x64

1

Venom-Rat-...il.dll

windows10-2004-x64

1

Venom-Rat-...at.dll

windows7-x64

1

Venom-Rat-...at.dll

windows10-2004-x64

1

Venom-Rat-...me.dll

windows7-x64

1

Venom-Rat-...me.dll

windows10-2004-x64

1

Venom-Rat-...ed.exe

windows7-x64

8

Venom-Rat-...ed.exe

windows10-2004-x64

8

Majid Z Hacker.exe

windows7-x64

8

Majid Z Hacker.exe

windows10-2004-x64

8

Majid Z Hacker.exe

windows7-x64

10

Majid Z Hacker.exe

windows10-2004-x64

10

Windows Program.exe

windows7-x64

7

Windows Program.exe

windows10-2004-x64

7

script.vbs

windows7-x64

10

script.vbs

windows10-2004-x64

10

windows registry.exe

windows7-x64

10

windows registry.exe

windows10-2004-x64

10

firewall.exe

windows7-x64

8

firewall.exe

windows10-2004-x64

Venom Cracked.exe

windows7-x64

1

Venom Cracked.exe

windows10-2004-x64

1

Venom-Rat-...er.exe

windows7-x64

1

Venom-Rat-...er.exe

windows10-2004-x64

1

Venom-Rat-...ed.exe

windows7-x64

10

Venom-Rat-...ed.exe

windows10-2004-x64

10

Majid Z Ha...te.exe

windows7-x64

10

Majid Z Ha...te.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    80s
  • max time network
    80s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-05-2024 12:30

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    firewall.exe

  • Size

    40KB

  • MD5

    085242fc50844dc41d1966e620d3e121

  • SHA1

    5e9a343256313938468d5d4fb92e39c5ef6f8c91

  • SHA256

    180b8e0169f2c89d3b4f34d3ee5b26f5578211068be74cf9c2fd194d8cda9b3d

  • SHA512

    3341c74802aa98ce2bd7b15d2921d3082110c62ee6d82df784cb610c1594d905c82c6ae79cf43d76f98db7a8a4951686898ba1dddeb9615fca6480ac6bb7887b

  • SSDEEP

    768:6LY4BORYOvIqY4EoURZW/CtjZ7wPda7+WoSKD4+:6qIfoU/W/Ctt7w1mo

Score
8/10
evasionpersistence

Malware Config

Signatures

  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Drops startup file 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops autorun.inf file 1 TTPs 8 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\firewall.exe
    "C:\Users\Admin\AppData\Local\Temp\firewall.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • Drops autorun.inf file
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5800
    • C:\Windows\SysWOW64\netsh.exe
      "netsh.exe" firewall set opmode disable
      2⤵
      • Modifies Windows Firewall
      PID:2612

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Music\firewall.exe
    Filesize

    40KB

    MD5

    085242fc50844dc41d1966e620d3e121

    SHA1

    5e9a343256313938468d5d4fb92e39c5ef6f8c91

    SHA256

    180b8e0169f2c89d3b4f34d3ee5b26f5578211068be74cf9c2fd194d8cda9b3d

    SHA512

    3341c74802aa98ce2bd7b15d2921d3082110c62ee6d82df784cb610c1594d905c82c6ae79cf43d76f98db7a8a4951686898ba1dddeb9615fca6480ac6bb7887b

    Download Submit
  • memory/5800-0-0x00000000752C2000-0x00000000752C3000-memory.dmp
    Filesize

    4KB

    Download
  • memory/5800-1-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-2-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-26-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-27-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-28-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-29-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-30-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-31-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-32-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-33-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-34-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-35-0x00000000752C2000-0x00000000752C3000-memory.dmp
    Filesize

    4KB

    Download
  • memory/5800-36-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-37-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-38-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-39-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-40-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-42-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-41-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-43-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-44-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-46-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-45-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-47-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-48-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-49-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-50-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-51-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-52-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-54-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-53-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-55-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-56-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-58-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-57-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-59-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-60-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-62-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-61-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-63-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-64-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-66-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-65-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-67-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-68-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-70-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-69-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-72-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-71-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-74-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-73-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-76-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-75-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-78-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-77-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-79-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-80-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-82-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-81-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-84-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-83-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-85-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-86-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-88-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-87-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-90-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-89-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-92-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-91-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-94-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-93-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-96-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-95-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-97-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-99-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-98-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-101-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-100-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-102-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-103-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-105-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-104-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-106-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-107-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-109-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-108-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-111-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-110-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-112-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-114-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-113-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-115-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-117-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-116-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/5800-118-0x00000000752C0000-0x0000000075871000-memory.dmp
    Filesize

    5.7MB

    Download