Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
15/12/2024, 17:12
Behavioral task
behavioral1
Sample
hh.exe
Resource
win7-20240729-en
7 signatures
150 seconds
General
-
Target
hh.exe
-
Size
74KB
-
MD5
2c43c5cd1bba8a4fa23b867065253068
-
SHA1
c6649471b371fcde5f52c23b8ca74fdc9451bdce
-
SHA256
12a5bcb300a793abd9b400aa92a187d175500700de373e32989ba99cc7d198fd
-
SHA512
f7795d8fd05833d02280ede7e39ad4e39daa527b270d1563d67902b9c30f7fc8176ac215d7fe538f1d3dc71d3a2812dd00f94e05df8deaa862c0e82b58bf7f43
-
SSDEEP
1536:gUEkcx4VHsC0SPMVeY7AX0I9H1bORi4zzeFQzcSLVclN:gUxcx4GfSPMVX0XzH1bOZzaQDBY
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
C2
127.0.0.1:4449
Mutex
exyujhmexylpfeeot
Attributes
-
delay
1
-
install
false
-
install_folder
%AppData%
aes.plain
Signatures
-
Asyncrat family
-
resource yara_rule behavioral2/memory/4876-1-0x0000000000720000-0x0000000000738000-memory.dmp VenomRAT -
Venomrat family
-
Suspicious behavior: EnumeratesProcesses 31 IoCs
pid Process 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe 4876 hh.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4876 hh.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4876 hh.exe