Resubmissions
08-12-2024 22:38
241208-2kpw9svqbx 10Analysis
-
max time kernel
56s -
max time network
21s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
08-12-2024 22:38
Behavioral task
behavioral1
Sample
Venom RAT + HVNC + Stealer + Grabber.exe
Resource
win7-20240903-en
windows7-x64
8 signatures
150 seconds
General
-
Target
Venom RAT + HVNC + Stealer + Grabber.exe
-
Size
14.2MB
-
MD5
3b3a304c6fc7a3a1d9390d7cbff56634
-
SHA1
e8bd5244e6362968f5017680da33f1e90ae63dd7
-
SHA256
7331368c01b2a16bda0f013f376a039e6aeb4cb2dd8b0c2afc7ca208fb544c58
-
SHA512
7f1beacb6449b3b3e108016c8264bb9a21ecba526c2778794f16a7f9c817c0bbd5d4cf0c208d706d25c54322a875da899ab047aab1e07684f6b7b6083981abe5
-
SSDEEP
196608:Nja6chUZX81lbFklbYJygrP7aIBhLkNPFCZZwiJl1NLIsPA8fxvuIMzd/95UhS14:qT+P+Zw6NLIsFfskh1BmXG04
Malware Config
Signatures
-
Asyncrat family
-
Suspicious behavior: EnumeratesProcesses 25 IoCs
pid Process 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3060 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3060 taskmgr.exe -
Suspicious use of FindShellTrayWindow 40 IoCs
pid Process 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe -
Suspicious use of SendNotifyMessage 40 IoCs
pid Process 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe 3060 taskmgr.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2544 wrote to memory of 1636 2544 Venom RAT + HVNC + Stealer + Grabber.exe 31 PID 2544 wrote to memory of 1636 2544 Venom RAT + HVNC + Stealer + Grabber.exe 31 PID 2544 wrote to memory of 1636 2544 Venom RAT + HVNC + Stealer + Grabber.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\Venom RAT + HVNC + Stealer + Grabber.exe"C:\Users\Admin\AppData\Local\Temp\Venom RAT + HVNC + Stealer + Grabber.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2544 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2544 -s 5282⤵PID:1636
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2472
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3060