0dc45546bbd24a266d52876385c3b588b05192d54289a1c130b47783e3074c8e

Resubmissions

27/01/2025, 23:37

250127-3mmelaznan 10

27/01/2025, 23:34

250127-3kgrbszmcr 10

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/01/2025, 23:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Venom 2.8 CRACKED - FINAL/VenomRemote_Cracked.exe
Size

38.5MB
MD5

83626a159e3399dc2bec680220ba8969
SHA1

c8fb91953976291310ddc645e2b9275277c57ec2
SHA256

0e59d8a36fc73b40178732c2e9dec9143ceb3dfd590547221dbce65983042141
SHA512

6640d88a9aff7507d8372317e34422aa7a493d00194c945c2292d20445e0e0b6a0004ef90e8c263fe683b352292d89b28bdcb5fa4135be4333d4ef7076119f09
SSDEEP

393216:OFdlmXJTD1jJTDQMvfOjmM27kv1Bx0bQox/UlGkNCoIZZJTD2Mm1Zg6YH3mH1gfB:GLxMvDUjCbQa/O11t1Zg6kmH1gEEE

Score

7^/10

agilenet discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2384	VenomRemote_Cracked.exe

Obfuscated with Agile.Net obfuscator 38 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral1/memory/2384-1-0x0000000000A20000-0x00000000030B0000-memory.dmp	agile_net
behavioral1/memory/2384-7-0x0000000008710000-0x000000000876A000-memory.dmp	agile_net
behavioral1/memory/2384-14-0x000000000A850000-0x000000000A8BE000-memory.dmp	agile_net
behavioral1/memory/2384-15-0x0000000006A20000-0x0000000006A2E000-memory.dmp	agile_net
behavioral1/memory/2384-17-0x000000000C480000-0x000000000C574000-memory.dmp	agile_net
behavioral1/memory/2384-25-0x0000000011360000-0x0000000011548000-memory.dmp	agile_net
behavioral1/memory/2384-34-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-87-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-35-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-95-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-93-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-91-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-89-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-85-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-83-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-81-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-79-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-77-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-75-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-73-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-71-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-69-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-67-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-65-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-63-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-61-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-59-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-57-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-55-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-53-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-51-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-49-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-47-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-45-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-43-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-41-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-39-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net
behavioral1/memory/2384-37-0x0000000011360000-0x0000000011544000-memory.dmp	agile_net

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VenomRemote_Cracked.exe

Suspicious behavior: EnumeratesProcesses 54 IoCs

pid	Process
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe
2384	VenomRemote_Cracked.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2384	VenomRemote_Cracked.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2384	VenomRemote_Cracked.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2384	VenomRemote_Cracked.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2384	VenomRemote_Cracked.exe

C:\Users\Admin\AppData\Local\Temp\Venom 2.8 CRACKED - FINAL\VenomRemote_Cracked.exe
"C:\Users\Admin\AppData\Local\Temp\Venom 2.8 CRACKED - FINAL\VenomRemote_Cracked.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3088aa38-89fa-4724-b305-b602622698ff\GunaDotNetRT.dll

Filesize
136KB

MD5
9af5eb006bb0bab7f226272d82c896c7

SHA1
c2a5bb42a5f08f4dc821be374b700652262308f0

SHA256
77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db

SHA512
7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Venom 2.8 CRACKED - FINAL\settings.xml

Filesize
475B

MD5
d09aa30a9db577b6ef7a4ac13dc8a5be

SHA1
2c437a903c46dfde529edf0c5c5fa60c92654c4e

SHA256
47982a9078391d08d3a6abd2315049aa9a2ed3927333f5305e654e6f87a70035

SHA512
49eb85f805df47fafaffaad7a97808b8904b09ca24dfa5a6fd03c4ebc47e4641b86bff281907e4dca76678febde3557ace8dcb25b9ba5bf99cc024f9c83feac8

Download Submit
C:\Users\Admin\AppData\Local\VenomS\VenomRemote_Cracked.exe_Url_blfedaw4wjnv4jfq1mpvnvpgb3sjck12\2.8.0.1\user.config

Filesize
842B

MD5
1f6c9231a439fbdb5984c0bdb718c68a

SHA1
14648ed2b2a4c87aed66eba043fe717dbe232301

SHA256
a7f68f213d60aaa778af526aec53511e9f7d7108500e6cdf7bfb3c9831995746

SHA512
4084f6d23af625952f3fb1806e3ea2c5a3ef0214991699f54f8134b41d35297ac1093feb9681cb6859551dc3c91b5385a1a5e0fd518cc1fac203315f5ff414b9

Download Submit
memory/2384-0-0x00000000743CE000-0x00000000743CF000-memory.dmp

Filesize
4KB

Download
memory/2384-1-0x0000000000A20000-0x00000000030B0000-memory.dmp

Filesize
38.6MB

Download
memory/2384-2-0x0000000006F50000-0x000000000709E000-memory.dmp

Filesize
1.3MB

Download
memory/2384-3-0x0000000000490000-0x00000000004A4000-memory.dmp

Filesize
80KB

Download
memory/2384-4-0x00000000743C0000-0x0000000074AAE000-memory.dmp

Filesize
6.9MB

Download
memory/2384-5-0x00000000743C0000-0x0000000074AAE000-memory.dmp

Filesize
6.9MB

Download
memory/2384-6-0x00000000743C0000-0x0000000074AAE000-memory.dmp

Filesize
6.9MB

Download
memory/2384-7-0x0000000008710000-0x000000000876A000-memory.dmp

Filesize
360KB

Download
memory/2384-8-0x000000000A600000-0x000000000A71A000-memory.dmp

Filesize
1.1MB

Download
memory/2384-9-0x000000000A720000-0x000000000A786000-memory.dmp

Filesize
408KB

Download
memory/2384-10-0x0000000004680000-0x0000000004696000-memory.dmp

Filesize
88KB

Download
memory/2384-11-0x00000000743CE000-0x00000000743CF000-memory.dmp

Filesize
4KB

Download
memory/2384-12-0x00000000743C0000-0x0000000074AAE000-memory.dmp

Filesize
6.9MB

Download
memory/2384-13-0x00000000743C0000-0x0000000074AAE000-memory.dmp

Filesize
6.9MB

Download
memory/2384-14-0x000000000A850000-0x000000000A8BE000-memory.dmp

Filesize
440KB

Download
memory/2384-15-0x0000000006A20000-0x0000000006A2E000-memory.dmp

Filesize
56KB

Download
memory/2384-16-0x0000000006E40000-0x0000000006E4E000-memory.dmp

Filesize
56KB

Download
memory/2384-17-0x000000000C480000-0x000000000C574000-memory.dmp

Filesize
976KB

Download
memory/2384-18-0x0000000006E30000-0x0000000006E36000-memory.dmp

Filesize
24KB

Download
memory/2384-22-0x000000000FD10000-0x000000000FD20000-memory.dmp

Filesize
64KB

Download
memory/2384-23-0x00000000743C0000-0x0000000074AAE000-memory.dmp

Filesize
6.9MB

Download
memory/2384-24-0x00000000743C0000-0x0000000074AAE000-memory.dmp

Filesize
6.9MB

Download
memory/2384-25-0x0000000011360000-0x0000000011548000-memory.dmp

Filesize
1.9MB

Download
memory/2384-34-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-87-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-35-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-33-0x00000000741C0000-0x0000000074240000-memory.dmp

Filesize
512KB

Download
memory/2384-32-0x000000006E190000-0x000000006E1C7000-memory.dmp

Filesize
220KB

Download
memory/2384-95-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-93-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-91-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-89-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-85-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-83-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-81-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-79-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-77-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-75-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-73-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-71-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-69-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-67-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-65-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-63-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-61-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-59-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-57-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-55-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-53-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-51-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-49-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-47-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-45-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-43-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-41-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-39-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-37-0x0000000011360000-0x0000000011544000-memory.dmp

Filesize
1.9MB

Download
memory/2384-11336-0x000000006E190000-0x000000006E1C7000-memory.dmp

Filesize
220KB

Download
memory/2384-11435-0x00000000743C0000-0x0000000074AAE000-memory.dmp

Filesize
6.9MB

Download
memory/2384-11441-0x00000000743C0000-0x0000000074AAE000-memory.dmp

Filesize
6.9MB

Download