Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

dda901fe68...43.exe

windows7-x64

7

dda901fe68...43.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 15:41 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dda901fe686bd96e8b563ae189d5a043.exe

  • Size

    8.3MB

  • MD5

    dda901fe686bd96e8b563ae189d5a043

  • SHA1

    e54bcd2a20e11802ffcd34a6d2f7bae025eba757

  • SHA256

    db05884a860b9c355c9908f593ea8defa65e17e0d75ebac77c7305641c81f012

  • SHA512

    7c3d753d60ff3e2c0888624a6090f1e9cf769dc172530329be9242dfc628163941b66d49d38c2b0e75b7e0a5ed204ce15b5d0a9cff495e87424fdaa6402d78be

  • SSDEEP

    49152:EQFRHrmQG+yrV2BQFRHrmQG+yGrmQlQG+yrV2BQFRHrmQG+2QG+yGrmQlQG+yrV/:EcKycKjQycKbjQy2cKbjQI

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dda901fe686bd96e8b563ae189d5a043.exe
    "C:\Users\Admin\AppData\Local\Temp\dda901fe686bd96e8b563ae189d5a043.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1680
    • C:\Users\Admin\AppData\Local\Temp\mnvfqk.exe
      C:\Users\Admin\AppData\Local\Temp\mnvfqk.exe -run C:\Users\Admin\AppData\Local\Temp\dda901fe686bd96e8b563ae189d5a043.exe
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2508

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\mnvfqk.exe
    Filesize

    161KB

    MD5

    5a60a7e2b60fc1b017a377a4579872b4

    SHA1

    79a76153f41c86c7db795c6f6b680841e66c03d5

    SHA256

    06925d5acb984bd36462dd43641d4dd76ee7a54d11af5643247bcfece24d5e3e

    SHA512

    3991201e7007808e85c5c36e8f1cf426d040271ff4e4332ad478e73551e8e82a9442ed3fe3989fc7b15f2325b668a33c7320b275d44ffbb38e077b42afa6d7a5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mnvfqk.exe
    Filesize

    65KB

    MD5

    69fa1432bf46a04c95eec197577dc663

    SHA1

    7880999290f2a3cdbe7a2cfa09a9d3e620ddc580

    SHA256

    04740ecbaed1d51f29a3bff8bd49f4f215e3b1691faff4fbdb2b4a0b3501fb15

    SHA512

    dd589014b2c2e80ba4eba97d348e0be990d3b6b1c52c2a5e053ebd464ab4459400f623519c08cab42e2a71524d3808b8621df91ce6bf39d406c8e6cd8037a7b6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mnvfqk.exe
    Filesize

    86KB

    MD5

    73905a3aef4b7583bc27fec2fc555e99

    SHA1

    19d79d009f7398d771fce0a21d8f042c3b0cd0b0

    SHA256

    447787783cf60de6bc8a991ae2fd304c1b9add4cc71c695a9cc58dc426776206

    SHA512

    be48cac52cf3bd4489449521c7dc933c85ff0cf3f39971eadbd8f60d8e318f1f1a0c146d2766e17883bd46656d429e34b5b20b34755eb1b5511fb8c9b75f7860

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mnvfqk.exe
    Filesize

    50KB

    MD5

    4ab419e755a22876937934b150259428

    SHA1

    1e2bf4cb7772a4961df86b32bb343a1b7e19f573

    SHA256

    31d692f0833a4b5b092bba51bfe313c695934bf36e1f2a3cd3be9e9f51197d34

    SHA512

    8a4eac2db807bb9c0eb6f9a6b32699da3e0a01a864816824902a2e8ef806bb7d0cbca5f185fc116c252222a07dbc0ffd6e9a9d1d1fbfcb95a4198880a56f2a92

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mnvfqk.exe
    Filesize

    29KB

    MD5

    537c1c45458196e526e713169623e63a

    SHA1

    3ff3ec4f15b502b4ccb71b237b6a0f731a272363

    SHA256

    07a5cf790f161eba9e0f258bce92bb4d1f78f8b0e8c4349e2427aa6ee303af38

    SHA512

    7cebc07ee1e2bb5e011b0820786bdbc7ce8e7ce643571e23fa7974d85d513661d3bb62a42d82efe49b5eefd7e0853197ea5f360dfd0a46e1821e6ea31b830376

    Download Submit

  • memory/1680-19-0x0000000000950000-0x0000000000951000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1680-16-0x0000000000390000-0x0000000000391000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1680-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1680-0-0x0000000000400000-0x0000000000536000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1680-2-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1680-3-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1680-4-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1680-5-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1680-6-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1680-7-0x0000000000310000-0x0000000000311000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1680-8-0x0000000002B10000-0x0000000002B11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1680-9-0x0000000000290000-0x0000000000291000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1680-10-0x0000000002B00000-0x0000000002B02000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1680-11-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1680-12-0x0000000000380000-0x0000000000381000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1680-13-0x0000000000370000-0x0000000000371000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1680-14-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1680-15-0x0000000000360000-0x0000000000361000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1680-17-0x00000000003D0000-0x00000000003D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1680-18-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1680-1-0x00000000002C0000-0x0000000000310000-memory.dmp

    Filesize

    320KB

    Download

  • memory/1680-20-0x0000000000700000-0x0000000000701000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1680-51-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1680-49-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1680-48-0x0000000000400000-0x0000000000536000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1680-50-0x00000000002C0000-0x0000000000310000-memory.dmp

    Filesize

    320KB

    Download

  • memory/1680-37-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1680-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1680-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1680-28-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1680-39-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1680-38-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1680-21-0x00000000006F0000-0x00000000006F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1680-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1680-24-0x0000000000710000-0x0000000000711000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1680-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1680-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1680-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1680-27-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1680-26-0x0000000000940000-0x0000000000941000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1680-25-0x0000000000960000-0x0000000000961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1680-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1680-23-0x00000000006E0000-0x00000000006E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1680-22-0x0000000000720000-0x0000000000721000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2508-61-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2508-59-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2508-53-0x00000000002F0000-0x00000000002F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2508-57-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2508-58-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2508-56-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2508-66-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2508-65-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2508-63-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2508-67-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2508-55-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2508-64-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2508-54-0x0000000002B10000-0x0000000002B11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2508-68-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2508-70-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2508-71-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2508-73-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2508-72-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2508-69-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2508-62-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2508-60-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2508-105-0x0000000000400000-0x0000000000536000-memory.dmp

    Filesize

    1.2MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.