8fb707fe0323280a191fc45579ec97672caaa3ca7d6c02be8a34653d46c519d8 | Triage

Analysis

max time kernel
301s
max time network
293s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2023 11:56

Sharing

Report Analysis Logs

General

Target

tvnserver.exe
Size

1.6MB
MD5

db02477d08ea2fe71ef17ece4ed11116
SHA1

38b8ae855f18f6d0dd671652e3f37c7b3832d950
SHA256

819e2e99234092e09df610597ed2e4a2e2ba099655254e7c14d5792f2d1e43cc
SHA512

16b8df339fe861f4b55ec95480679738ee0988103729fbff311f16f0ebdb2051a73c181e1df6db7a5f9446fbad5569d214441f6f1814e5854ad924fb7dacebe1
SSDEEP

24576:tH7ZEcRPm9ljdTMfQuNiDcScDRS99TErUPopzFv73OZNXHZk724p2:x7KcRO9DuMcYjTErUPUhvGHS7L2

Score

1^/10

Malware Config

Signatures

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe
1820	tvnserver.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4432 wrote to memory of 1820	4432	tvnserver.exe	83
PID 4432 wrote to memory of 1820	4432	tvnserver.exe	83

C:\Users\Admin\AppData\Local\Temp\tvnserver.exe
"C:\Users\Admin\AppData\Local\Temp\tvnserver.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4432
- C:\Users\Admin\AppData\Local\Temp\tvnserver.exe
  "C:\Users\Admin\AppData\Local\Temp\tvnserver.exe" -controlapp -slave
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads