Overview
overview
10Static
static
10Venus Tool...ol.exe
windows7-x64
7Venus Tool...ol.exe
windows10-2004-x64
8Venus Tool...ge.png
windows7-x64
1Venus Tool...ge.png
windows10-2004-x64
3Venus Tool...g.json
windows7-x64
3Venus Tool...g.json
windows10-2004-x64
3Venus Tool/crack.dll
windows7-x64
9Venus Tool/crack.dll
windows10-2004-x64
9Resubmissions
21-06-2024 12:42
240621-pxhmhazeng 1021-06-2024 12:28
240621-pnlmsszbna 1021-06-2024 12:27
240621-pm82pszbld 10Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
21-06-2024 12:28
Behavioral task
behavioral1
Sample
Venus Tool/Venus Tool.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Venus Tool/Venus Tool.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
Venus Tool/assets/avatars/image.png
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
Venus Tool/assets/avatars/image.png
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Venus Tool/assets/config.json
Resource
win7-20240419-en
Behavioral task
behavioral6
Sample
Venus Tool/assets/config.json
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
Venus Tool/crack.dll
Resource
win7-20240508-en
General
-
Target
Venus Tool/assets/config.json
-
Size
149B
-
MD5
ee9db446b33f463ca8f558873c6fff7e
-
SHA1
d40efe04626a430d9c9c1b8db90dbd1110d8e2f8
-
SHA256
09962830609b0d1d5b286ad3e178245cfc152caa278d660b5b0a3dc21559547e
-
SHA512
7babaeb3edf9a7fcb9da804c5c1c53ce8abfeb91f83774a60bd538ca3c0bb4afb29f0afeb4ebb00bb51575a8c8d7011900367b92643925a1e585f2e73fba86d8
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 1816 OpenWith.exe