Overview

overview

10

Static

static

10

Venom 2.8 ...ed.exe

windows11-21h2-x64

7

Resubmissions

27-01-2025 23:37

250127-3mmelaznan 10

27-01-2025 23:34

250127-3kgrbszmcr 10

Analysis

  • max time kernel
    974s
  • max time network
    659s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    27-01-2025 23:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Venom 2.8 CRACKED - FINAL/VenomRemote_Cracked.exe

  • Size

    38.5MB

  • MD5

    83626a159e3399dc2bec680220ba8969

  • SHA1

    c8fb91953976291310ddc645e2b9275277c57ec2

  • SHA256

    0e59d8a36fc73b40178732c2e9dec9143ceb3dfd590547221dbce65983042141

  • SHA512

    6640d88a9aff7507d8372317e34422aa7a493d00194c945c2292d20445e0e0b6a0004ef90e8c263fe683b352292d89b28bdcb5fa4135be4333d4ef7076119f09

  • SSDEEP

    393216:OFdlmXJTD1jJTDQMvfOjmM27kv1Bx0bQox/UlGkNCoIZZJTD2Mm1Zg6YH3mH1gfB:GLxMvDUjCbQa/O11t1Zg6kmH1gEEE

Score
7/10
agilenetdiscovery

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Venom 2.8 CRACKED - FINAL\VenomRemote_Cracked.exe
    "C:\Users\Admin\AppData\Local\Temp\Venom 2.8 CRACKED - FINAL\VenomRemote_Cracked.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:784
  • C:\Windows\system32\BackgroundTransferHost.exe
    "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
    1⤵
    • Modifies registry class
    PID:3728
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://c;/
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4556
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc53853cb8,0x7ffc53853cc8,0x7ffc53853cd8
      2⤵
        PID:1536
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,1130894843133815408,6523869338113916822,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
        2⤵
          PID:3828
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,1130894843133815408,6523869338113916822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4504
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,1130894843133815408,6523869338113916822,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
          2⤵
            PID:2996
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1130894843133815408,6523869338113916822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
            2⤵
              PID:2560
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1130894843133815408,6523869338113916822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
              2⤵
                PID:2716
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1130894843133815408,6523869338113916822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
                2⤵
                  PID:776
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1130894843133815408,6523869338113916822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
                  2⤵
                    PID:2980
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,1130894843133815408,6523869338113916822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3936 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4380
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:2376
                  • C:\Windows\System32\CompPkgSrv.exe
                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                    1⤵
                      PID:4492

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                      Filesize

                      152B

                      MD5

                      051a939f60dced99602add88b5b71f58

                      SHA1

                      a71acd61be911ff6ff7e5a9e5965597c8c7c0765

                      SHA256

                      2cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10

                      SHA512

                      a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                      Filesize

                      152B

                      MD5

                      003b92b33b2eb97e6c1a0929121829b8

                      SHA1

                      6f18e96c7a2e07fb5a80acb3c9916748fd48827a

                      SHA256

                      8001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54

                      SHA512

                      18005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                      Filesize

                      180B

                      MD5

                      00a455d9d155394bfb4b52258c97c5e5

                      SHA1

                      2761d0c955353e1982a588a3df78f2744cfaa9df

                      SHA256

                      45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

                      SHA512

                      9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                      Filesize

                      5KB

                      MD5

                      f9e210621157ffbcfc83ff717e2d3cd1

                      SHA1

                      e41ec8f6282ca634a83f0d8b16c442d5faba4e68

                      SHA256

                      79343a9b0ea81277f74ef388c38d97f7ab1aafc0e50a85c60b5cf780d9118871

                      SHA512

                      414b5cfb37e8a5bbeb68782cd40ae07d27540e75ae9b1ac65b94f7fcafa41ada80abedfa94e8313e234bab1fe6ede505268db0be3ec07573346ded20b705b4b9

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                      Filesize

                      5KB

                      MD5

                      831a18dd52bf48ab0a2ac5fefda78ef9

                      SHA1

                      a47bdc170033211a329160191423949dd8cc4608

                      SHA256

                      b0a40e390f44cb94c256f8a3d1ad80b4babe07dc4c7ccc1e15e794dadc9dbed8

                      SHA512

                      d8a7e9e7beea8b0e9a9f5cb40a33b3f2bbeac1309575e527d5ce406643219787dccc0a1f7dcf4473ddff2331dc1540ce805cd581ebd862261807c3be428e2ebc

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                      Filesize

                      10KB

                      MD5

                      d29808e6e5949a40dd69217a50843a23

                      SHA1

                      1d0f5627acbc89afcffbd05e8a1acb00191006ce

                      SHA256

                      aa8597b61b952f4b9c442da3181a88eedc02ec5b2e0c8bd9482db23d3325597f

                      SHA512

                      140ed15d28258dfca710efaa2a469bfcdd1236f32a15a4bb6f266d645f9eed86229faf433700177231fb37a56a4941c6d0422c24def3014d52677d20c984b8fd

                      Download Submit

                    • memory/784-5-0x0000000075020000-0x00000000757D1000-memory.dmp

                      Filesize

                      7.7MB

                      Download

                    • memory/784-8-0x0000000075020000-0x00000000757D1000-memory.dmp

                      Filesize

                      7.7MB

                      Download

                    • memory/784-9-0x000000007502E000-0x000000007502F000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/784-10-0x0000000075020000-0x00000000757D1000-memory.dmp

                      Filesize

                      7.7MB

                      Download

                    • memory/784-11-0x0000000075020000-0x00000000757D1000-memory.dmp

                      Filesize

                      7.7MB

                      Download

                    • memory/784-12-0x0000000075020000-0x00000000757D1000-memory.dmp

                      Filesize

                      7.7MB

                      Download

                    • memory/784-7-0x0000000007C90000-0x0000000007CA4000-memory.dmp

                      Filesize

                      80KB

                      Download

                    • memory/784-6-0x0000000007E30000-0x0000000007F7E000-memory.dmp

                      Filesize

                      1.3MB

                      Download

                    • memory/784-0-0x000000007502E000-0x000000007502F000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/784-4-0x0000000007A10000-0x0000000007A1A000-memory.dmp

                      Filesize

                      40KB

                      Download

                    • memory/784-3-0x0000000007A90000-0x0000000007B22000-memory.dmp

                      Filesize

                      584KB

                      Download

                    • memory/784-2-0x0000000008040000-0x00000000085E6000-memory.dmp

                      Filesize

                      5.6MB

                      Download

                    • memory/784-1-0x00000000008B0000-0x0000000002F40000-memory.dmp

                      Filesize

                      38.6MB

                      Download