Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
18/08/2024, 18:42
Behavioral task
behavioral1
Sample
46173d25c61f353cb1c5047b6108cae5d4eb30bf24e9981dfc94f78b85f92c69.exe
Resource
win7-20240708-en
5 signatures
150 seconds
General
-
Target
46173d25c61f353cb1c5047b6108cae5d4eb30bf24e9981dfc94f78b85f92c69.exe
-
Size
73KB
-
MD5
27653cc5fe7648b0055edbf486cff863
-
SHA1
8afcabe5a089dd089431eb9ef15084019a50735a
-
SHA256
46173d25c61f353cb1c5047b6108cae5d4eb30bf24e9981dfc94f78b85f92c69
-
SHA512
05a766bb2a334ed099e1be65a6201eb984a4b8ad07134b9e8f19f101247c4f22194e1a45ad7b75f36af3702c33a248154974d960d5710c8916b967d251efc05e
-
SSDEEP
1536:LUUPcxVteCW7PMVee9VdQkhDIyH1bf/LEQzc33VclN:LUmcxV4x7PMVee9VdQgH1bfDEQylY
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
C2
103.252.93.30:4449
Mutex
jaxvjfwhmxamotc
Attributes
-
delay
1
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
resource yara_rule behavioral2/memory/1920-1-0x0000000000A80000-0x0000000000A96000-memory.dmp VenomRAT -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1920 46173d25c61f353cb1c5047b6108cae5d4eb30bf24e9981dfc94f78b85f92c69.exe 1920 46173d25c61f353cb1c5047b6108cae5d4eb30bf24e9981dfc94f78b85f92c69.exe 1920 46173d25c61f353cb1c5047b6108cae5d4eb30bf24e9981dfc94f78b85f92c69.exe 1920 46173d25c61f353cb1c5047b6108cae5d4eb30bf24e9981dfc94f78b85f92c69.exe 1920 46173d25c61f353cb1c5047b6108cae5d4eb30bf24e9981dfc94f78b85f92c69.exe 1920 46173d25c61f353cb1c5047b6108cae5d4eb30bf24e9981dfc94f78b85f92c69.exe 1920 46173d25c61f353cb1c5047b6108cae5d4eb30bf24e9981dfc94f78b85f92c69.exe 1920 46173d25c61f353cb1c5047b6108cae5d4eb30bf24e9981dfc94f78b85f92c69.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1920 46173d25c61f353cb1c5047b6108cae5d4eb30bf24e9981dfc94f78b85f92c69.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1920 46173d25c61f353cb1c5047b6108cae5d4eb30bf24e9981dfc94f78b85f92c69.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\46173d25c61f353cb1c5047b6108cae5d4eb30bf24e9981dfc94f78b85f92c69.exe"C:\Users\Admin\AppData\Local\Temp\46173d25c61f353cb1c5047b6108cae5d4eb30bf24e9981dfc94f78b85f92c69.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1920