Resubmissions

21-06-2024 12:42

240621-pxhmhazeng 10

21-06-2024 12:28

240621-pnlmsszbna 10

21-06-2024 12:27

240621-pm82pszbld 10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    21-06-2024 12:28

General

  • Target

    Venus Tool/assets/config.json

  • Size

    149B

  • MD5

    ee9db446b33f463ca8f558873c6fff7e

  • SHA1

    d40efe04626a430d9c9c1b8db90dbd1110d8e2f8

  • SHA256

    09962830609b0d1d5b286ad3e178245cfc152caa278d660b5b0a3dc21559547e

  • SHA512

    7babaeb3edf9a7fcb9da804c5c1c53ce8abfeb91f83774a60bd538ca3c0bb4afb29f0afeb4ebb00bb51575a8c8d7011900367b92643925a1e585f2e73fba86d8

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Venus Tool\assets\config.json"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2952
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Venus Tool\assets\config.json
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2688
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Venus Tool\assets\config.json"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    7a12b92d7ecaa3d5be735acb1342e132

    SHA1

    c81ec0ba8f186271e3a547e082b44e7a70751221

    SHA256

    f20b72ef67c1d8108e08782c8c1899705df8c1327dcf224ca10a3b150c8b298c

    SHA512

    4667cf741ec50069a9f373464450fc86d51151ef5374491114d895450cdd6849bc95a53bf07b01f1deeb4e6b05f8bff6266d289c0d5f8e3412b3a2ebacbcbd39