Analysis

  • max time kernel
    93s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/08/2024, 01:06

General

  • Target

    ventoy-1.0.99/Ventoy2Disk.exe

  • Size

    589KB

  • MD5

    f8d95eb8c84c6de968a90496256180b1

  • SHA1

    52ec2c2d0dfb4e0ee4cacf58c06308673caf7535

  • SHA256

    d0fbb98b3de71b571276016743d1a2b56fc71b8708455a533a7489fdb64e63de

  • SHA512

    0b2a33093ecab5307c496283bec5d8fcd40a53921b7f73ea643c2b43c712c6264337fc16f340c9021fa17f45a02e888c19b4d2a244f970376720416bbbfb883e

  • SSDEEP

    12288:tubXcwafJcLln5QwnVWqqPIBONhxsU/E:turP90r/xsU/E

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ventoy-1.0.99\Ventoy2Disk.exe
    "C:\Users\Admin\AppData\Local\Temp\ventoy-1.0.99\Ventoy2Disk.exe"
    1⤵
    • Enumerates connected drives
    • Maps connected drives based on registry
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:5020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ventoy-1.0.99\log.txt

    Filesize

    2KB

    MD5

    f0e336e6189ccffb001420a4598b0f6d

    SHA1

    04acdfece9d0f9031488932102e90a0222cd93dc

    SHA256

    465bd9b381e7261f9b5db1665205e4b4583e597869ae5636205bd56cb1628787

    SHA512

    3e95a5b1982ef0fd3b97d728e152f47be65538050a86412e24944874b7b801a3a87dbad858b6ad584886014be86cd43eab4c55a6a96041b58eb840e2377e380b