f69a5e869d6f4fd848f9df36d3ba0055eb22b5c28b4e7b87b25601472c0704ba

Analysis

max time kernel
1442s
max time network
1445s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
28/08/2024, 11:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

venus.exe
Size

103.7MB
MD5

5162dcc21c9799cd6f69a7fba17b21b6
SHA1

ae0e92a7f5aff86cf1cb18c2e272b365cecc0a45
SHA256

0ff9ab22b8115ba20885aca09eb5df210fa2b2ca29c1d9da2bfb52b6a2a7eac8
SHA512

090adf19cb9bf0ae19bf76ba4ab1b3d4e4df30ec97ce2323b9579aa1391b9458ca4faf98f0e8a1effd15bf2394c5a7b2f611257af866de46a0548044d1dff6b4
SSDEEP

3145728:jPgOb8S6xjKcBa6c2qHO5iVIinGQbRe0zJcB8a6qrbZo:jbgSWNa6sHCip1XcB8a6q

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2520	venus.exe
2520	venus.exe
2520	venus.exe
2520	venus.exe
2520	venus.exe
2520	venus.exe
2520	venus.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 2520	2908	venus.exe	30
PID 2908 wrote to memory of 2520	2908	venus.exe	30
PID 2908 wrote to memory of 2520	2908	venus.exe	30

C:\Users\Admin\AppData\Local\Temp\venus.exe
"C:\Users\Admin\AppData\Local\Temp\venus.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Users\Admin\AppData\Local\Temp\venus.exe
  "C:\Users\Admin\AppData\Local\Temp\venus.exe"
  2⤵
  - Loads dropped DLL
  PID:2520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI29082\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
11e0c5fd19f44e1462d40b432f2a2360

SHA1
1b0a138086f7393ffb44df54187ecf9de1dd69fe

SHA256
8e668c0b0e9de7ef135308a251b5a293dbf6b778d563bee57c3f1d903cc5f332

SHA512
4262bd62d9c7ff116abb90693f44fdb7c934cefef0ef1800e44a7420173d17922a066a21b4b737e92c58a2081da9c8d5057e7680d27271ecc4b9dd44d78dfec7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29082\python312.dll

Filesize
6.6MB

MD5
cae8fa4e7cb32da83acf655c2c39d9e1

SHA1
7a0055588a2d232be8c56791642cb0f5abbc71f8

SHA256
8ad53c67c2b4db4387d5f72ee2a3ca80c40af444b22bf41a6cfda2225a27bb93

SHA512
db2190da2c35bceed0ef91d7553ff0dea442286490145c3d0e89db59ba1299b0851e601cc324b5f7fd026414fc73755e8eff2ef5fb5eeb1c54a9e13e7c66dd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29082\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29082\setuptools\_vendor\jaraco.text-3.12.1.dist-info\LICENSE

Filesize
1023B

MD5
141643e11c48898150daa83802dbc65f

SHA1
0445ed0f69910eeaee036f09a39a13c6e1f37e12

SHA256
86da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741

SHA512
ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29082\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

Filesize
92B

MD5
43136dde7dd276932f6197bb6d676ef4

SHA1
6b13c105452c519ea0b65ac1a975bd5e19c50122

SHA256
189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714

SHA512
e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29082\ucrtbase.dll

Filesize
987KB

MD5
0c9d205deacd8aa9b28d63b55a16a257

SHA1
bf6f8c1ba272efa97648d821bdefa732c041d836

SHA256
c6392865a153f86698d5ef20c2c14d443d2c0f9a7aa3819b10fa2418a1ce5b73

SHA512
7ed74a6cdc65f65a136b546280c1507468c3d5f85a4beec569e7f8d46c16abdf5ad36364280961cbd30193a528554833bab368d71464fe5e2179dda7d17c2652

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29082\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
1a8c0cd78adaba2396b28bf31bd73185

SHA1
0aeebb8463c5bf7e5193b7e00f3091ac9bdd4ef8

SHA256
680be94de44f1f474cac055f4d68a67bf667be6f3b25f5e7ce8ac492c0ae3477

SHA512
bfabfea70e2f930d1080e5bf3e46a6fb37cad7b2e852a0da5b5b1aefb1518692af70651785102a6bf6f53b201294c35b250caa74cd042a9fcfcce28fe1089289

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29082\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
985f3e4bb4780106966f142ecb5f10e8

SHA1
176722b5fef7b68a032fc9efaacfdd6165f48d5b

SHA256
1e796f9913dc3b56e362f75196b4cbca6defd31aac5f4982ea8bd83633ddf622

SHA512
a105b343fa0c70ef5d21ae7215580e00626ad025be7dc632b3d130dbe5484d07e152d4c94b3ce632b9530c83b6fd1ecbc598b096bef5e582bcf54c1346996f2a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29082\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
dbf0dde7e7f97ab5c427f8702a797104

SHA1
d3c1e1963f2bbd88f6578b6b5680e98accb90ce3

SHA256
0b0f8998384a5196fe5d8c326109cfb563c6503651053ca5ad48e9a55d22d88f

SHA512
62c22c0dbd89d924d078be93134e897542ea4b4fc27602a58b21b779849b70e44004286f659399b3668f419c4443b117c4320089ac839efbbf623f1acf66926c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29082\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
394187f15fb59dabca1c852cce8fb338

SHA1
9c141e0ceb87c9a8b9d4df3a5d2a2f1a53af2217

SHA256
e11507a65876997cc77cd5e2b7c82ddcd0252718c43a86fe940f09483bd37bf0

SHA512
b3f0aeb8c2f3fd6f28e2e8f1ff66f117234ac5e3e7f9487b3399ab98aab0fd234161ec3858e8d7774ceedd95b06024457f9ed891c7967eb7bb3ab9aca1f5a700

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads