Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27-06-2024 15:54

General

  • Target

    Venom Vip Chc/Venom CHC .exe

  • Size

    7.6MB

  • MD5

    6d4a06d15be9d7be4bac8c1f22bb2634

  • SHA1

    872f23ad2cb9179b83543e4459ea73fad3406ed2

  • SHA256

    51f8c411a9412866a3f23a89efc44882ae433ceb4b7eb5a07cc8f4beec9f4abf

  • SHA512

    8bf2a879c26938f099d8b86c8dc0867ada5d920ff36107be0ede80d7b1e0c59eaa1ad8b134cbc8acc58325330a33fb14671eec0a8a4e08decdd35063ddad6ad0

  • SSDEEP

    196608:jrB40cDewdLjv+bhqNVoBKUh8mz4Iv9Plu1D7Ay:jieoL+9qz8/b4IzuRAy

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Venom Vip Chc\Venom CHC .exe
    "C:\Users\Admin\AppData\Local\Temp\Venom Vip Chc\Venom CHC .exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1936
    • C:\Users\Admin\AppData\Local\Temp\Venom Vip Chc\Venom CHC .exe
      "C:\Users\Admin\AppData\Local\Temp\Venom Vip Chc\Venom CHC .exe"
      2⤵
      • Loads dropped DLL
      PID:2624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI19362\python311.dll

    Filesize

    1.6MB

    MD5

    0b66c50e563d74188a1e96d6617261e8

    SHA1

    cfd778b3794b4938e584078cbfac0747a8916d9e

    SHA256

    02c665f77db6b255fc62f978aedbe2092b7ef1926836290da68fd838dbf2a9f2

    SHA512

    37d710cb5c0ceb5957d11b61684cfbc65951c1d40ab560f3f3cb8feca42f9d43bd981a0ff44c3cb7562779264f18116723457e79e0e23852d7638b1a954a258f

  • memory/2624-23-0x000007FEF60B0000-0x000007FEF6699000-memory.dmp

    Filesize

    5.9MB