Analysis
-
max time kernel
15s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
31-07-2024 16:37
Behavioral task
behavioral1
Sample
V3NOM FINAL (REDO).exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
V3NOM FINAL (REDO).exe
Resource
win10v2004-20240730-en
General
-
Target
V3NOM FINAL (REDO).exe
-
Size
42.1MB
-
MD5
a13a991baa860c7f565f49c52df9cee9
-
SHA1
57a283899380711e3f680b579f0ebe08977f594f
-
SHA256
dbe6751c0bcb80da8c48b8099ae41d726a3f6c378e1db723393b91e8f2b4d347
-
SHA512
e8f1b96711a688177df6a8d150c0e623fd17fb396e69eb4483dade15bf56cb12a948544a8dd4b856e405a472a2821809cd8e70dd089f0bd46976c355cfcc0312
-
SSDEEP
786432:ucPdbuzcY876JmeIi6/9x9ta9eyq8OThzvcdpJ0q8TPZUd3GfS49trYB7Q/sAYd0:ucPdiE7MdIiYweyJulZUdgjt/Z9U
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
V3NOM FINAL (REDO).exepid process 812 V3NOM FINAL (REDO).exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI21122\python312.dll upx behavioral1/memory/812-148-0x000007FEF5D20000-0x000007FEF63E4000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
V3NOM FINAL (REDO).exedescription pid process target process PID 2112 wrote to memory of 812 2112 V3NOM FINAL (REDO).exe V3NOM FINAL (REDO).exe PID 2112 wrote to memory of 812 2112 V3NOM FINAL (REDO).exe V3NOM FINAL (REDO).exe PID 2112 wrote to memory of 812 2112 V3NOM FINAL (REDO).exe V3NOM FINAL (REDO).exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\V3NOM FINAL (REDO).exe"C:\Users\Admin\AppData\Local\Temp\V3NOM FINAL (REDO).exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2112 -
C:\Users\Admin\AppData\Local\Temp\V3NOM FINAL (REDO).exe"C:\Users\Admin\AppData\Local\Temp\V3NOM FINAL (REDO).exe"2⤵
- Loads dropped DLL
PID:812
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.7MB
MD58f165bfadf970edafd59067ad45a3952
SHA116c1876f2233087156b49db35d4d935c6e17be6a
SHA25622470af77229d53d9141823c12780db63c43703dd525940bc479730d2e43513d
SHA512b3af95dc9a68e21e8eca98e451b935f72663c2552ebf26de299716f17193f238d55c292df953d641defcbcec3ea18eb37cd4b839800804efa8f40658427263ae