Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
6Static
static
3ventoy-1.0...sk.exe
windows7-x64
6ventoy-1.0...sk.exe
windows10-2004-x64
6ventoy-1.0...on.exe
windows7-x64
6ventoy-1.0...on.exe
windows10-2004-x64
6ventoy-1.0...nk.exe
windows7-x64
3ventoy-1.0...nk.exe
windows10-2004-x64
3ventoy-1.0...RM.exe
windows7-x64
ventoy-1.0...RM.exe
windows10-2004-x64
ventoy-1.0...64.exe
windows7-x64
ventoy-1.0...64.exe
windows10-2004-x64
ventoy-1.0...64.exe
windows7-x64
6ventoy-1.0...64.exe
windows10-2004-x64
6ventoy-1.0...64.exe
windows7-x64
6ventoy-1.0...64.exe
windows10-2004-x64
6www/index.html
windows7-x64
3www/index.html
windows10-2004-x64
3www/plugso...l.html
windows7-x64
3www/plugso...l.html
windows10-2004-x64
3www/plugso...k.html
windows7-x64
3www/plugso...k.html
windows10-2004-x64
3www/plugso...e.html
windows7-x64
3www/plugso...e.html
windows10-2004-x64
3www/plugso...l.html
windows7-x64
3www/plugso...l.html
windows10-2004-x64
3www/plugso...n.html
windows7-x64
3www/plugso...n.html
windows10-2004-x64
3www/plugson_dud.html
windows7-x64
3www/plugson_dud.html
windows10-2004-x64
1www/plugso...t.html
windows7-x64
3www/plugso...t.html
windows10-2004-x64
3www/plugso...n.html
windows7-x64
3www/plugso...n.html
windows10-2004-x64
3Analysis
-
max time kernel
93s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
03/08/2024, 01:06
Static task
static1
Behavioral task
behavioral1
Sample
ventoy-1.0.99/Ventoy2Disk.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
ventoy-1.0.99/Ventoy2Disk.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
ventoy-1.0.99/VentoyPlugson.exe
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
ventoy-1.0.99/VentoyPlugson.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
ventoy-1.0.99/VentoyVlnk.exe
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
ventoy-1.0.99/VentoyVlnk.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
ventoy-1.0.99/altexe/Ventoy2Disk_ARM.exe
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
ventoy-1.0.99/altexe/Ventoy2Disk_ARM.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
ventoy-1.0.99/altexe/Ventoy2Disk_ARM64.exe
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
ventoy-1.0.99/altexe/Ventoy2Disk_ARM64.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
ventoy-1.0.99/altexe/Ventoy2Disk_X64.exe
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
ventoy-1.0.99/altexe/Ventoy2Disk_X64.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
ventoy-1.0.99/altexe/VentoyPlugson_X64.exe
Resource
win7-20240705-en
Behavioral task
behavioral14
Sample
ventoy-1.0.99/altexe/VentoyPlugson_X64.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
www/index.html
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
www/index.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
www/plugson_auto_install.html
Resource
win7-20240729-en
Behavioral task
behavioral18
Sample
www/plugson_auto_install.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
www/plugson_auto_memdisk.html
Resource
win7-20240705-en
Behavioral task
behavioral20
Sample
www/plugson_auto_memdisk.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
www/plugson_conf_replace.html
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
www/plugson_conf_replace.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
www/plugson_control.html
Resource
win7-20240704-en
Behavioral task
behavioral24
Sample
www/plugson_control.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
www/plugson_donation.html
Resource
win7-20240704-en
Behavioral task
behavioral26
Sample
www/plugson_donation.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
www/plugson_dud.html
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
www/plugson_dud.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
www/plugson_image_list.html
Resource
win7-20240704-en
Behavioral task
behavioral30
Sample
www/plugson_image_list.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
www/plugson_injection.html
Resource
win7-20240705-en
Behavioral task
behavioral32
Sample
www/plugson_injection.html
Resource
win10v2004-20240802-en
General
-
Target
ventoy-1.0.99/Ventoy2Disk.exe
-
Size
589KB
-
MD5
f8d95eb8c84c6de968a90496256180b1
-
SHA1
52ec2c2d0dfb4e0ee4cacf58c06308673caf7535
-
SHA256
d0fbb98b3de71b571276016743d1a2b56fc71b8708455a533a7489fdb64e63de
-
SHA512
0b2a33093ecab5307c496283bec5d8fcd40a53921b7f73ea643c2b43c712c6264337fc16f340c9021fa17f45a02e888c19b4d2a244f970376720416bbbfb883e
-
SSDEEP
12288:tubXcwafJcLln5QwnVWqqPIBONhxsU/E:turP90r/xsU/E
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\D: Ventoy2Disk.exe File opened (read-only) \??\F: Ventoy2Disk.exe -
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum Ventoy2Disk.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\Count Ventoy2Disk.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Ventoy2Disk.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 5020 Ventoy2Disk.exe 5020 Ventoy2Disk.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ventoy-1.0.99\Ventoy2Disk.exe"C:\Users\Admin\AppData\Local\Temp\ventoy-1.0.99\Ventoy2Disk.exe"1⤵
- Enumerates connected drives
- Maps connected drives based on registry
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5020
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5f0e336e6189ccffb001420a4598b0f6d
SHA104acdfece9d0f9031488932102e90a0222cd93dc
SHA256465bd9b381e7261f9b5db1665205e4b4583e597869ae5636205bd56cb1628787
SHA5123e95a5b1982ef0fd3b97d728e152f47be65538050a86412e24944874b7b801a3a87dbad858b6ad584886014be86cd43eab4c55a6a96041b58eb840e2377e380b