db05884a860b9c355c9908f593ea8defa65e17e0d75ebac77c7305641c81f012

Analysis

max time kernel
141s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 15:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dda901fe686bd96e8b563ae189d5a043.exe
Size

8.3MB
MD5

dda901fe686bd96e8b563ae189d5a043
SHA1

e54bcd2a20e11802ffcd34a6d2f7bae025eba757
SHA256

db05884a860b9c355c9908f593ea8defa65e17e0d75ebac77c7305641c81f012
SHA512

7c3d753d60ff3e2c0888624a6090f1e9cf769dc172530329be9242dfc628163941b66d49d38c2b0e75b7e0a5ed204ce15b5d0a9cff495e87424fdaa6402d78be
SSDEEP

49152:EQFRHrmQG+yrV2BQFRHrmQG+yGrmQlQG+yrV2BQFRHrmQG+2QG+yGrmQlQG+yrV/:EcKycKjQycKbjQy2cKbjQI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2508	mnvfqk.exe

Loads dropped DLL 2 IoCs

pid	Process
1680	dda901fe686bd96e8b563ae189d5a043.exe
1680	dda901fe686bd96e8b563ae189d5a043.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	mnvfqk.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2508	mnvfqk.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2508	mnvfqk.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2508	mnvfqk.exe
2508	mnvfqk.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 2508	1680	dda901fe686bd96e8b563ae189d5a043.exe	16
PID 1680 wrote to memory of 2508	1680	dda901fe686bd96e8b563ae189d5a043.exe	16
PID 1680 wrote to memory of 2508	1680	dda901fe686bd96e8b563ae189d5a043.exe	16
PID 1680 wrote to memory of 2508	1680	dda901fe686bd96e8b563ae189d5a043.exe	16

C:\Users\Admin\AppData\Local\Temp\dda901fe686bd96e8b563ae189d5a043.exe
"C:\Users\Admin\AppData\Local\Temp\dda901fe686bd96e8b563ae189d5a043.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Users\Admin\AppData\Local\Temp\mnvfqk.exe
  C:\Users\Admin\AppData\Local\Temp\mnvfqk.exe -run C:\Users\Admin\AppData\Local\Temp\dda901fe686bd96e8b563ae189d5a043.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mnvfqk.exe

Filesize
161KB

MD5
5a60a7e2b60fc1b017a377a4579872b4

SHA1
79a76153f41c86c7db795c6f6b680841e66c03d5

SHA256
06925d5acb984bd36462dd43641d4dd76ee7a54d11af5643247bcfece24d5e3e

SHA512
3991201e7007808e85c5c36e8f1cf426d040271ff4e4332ad478e73551e8e82a9442ed3fe3989fc7b15f2325b668a33c7320b275d44ffbb38e077b42afa6d7a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\mnvfqk.exe

Filesize
65KB

MD5
69fa1432bf46a04c95eec197577dc663

SHA1
7880999290f2a3cdbe7a2cfa09a9d3e620ddc580

SHA256
04740ecbaed1d51f29a3bff8bd49f4f215e3b1691faff4fbdb2b4a0b3501fb15

SHA512
dd589014b2c2e80ba4eba97d348e0be990d3b6b1c52c2a5e053ebd464ab4459400f623519c08cab42e2a71524d3808b8621df91ce6bf39d406c8e6cd8037a7b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\mnvfqk.exe

Filesize
86KB

MD5
73905a3aef4b7583bc27fec2fc555e99

SHA1
19d79d009f7398d771fce0a21d8f042c3b0cd0b0

SHA256
447787783cf60de6bc8a991ae2fd304c1b9add4cc71c695a9cc58dc426776206

SHA512
be48cac52cf3bd4489449521c7dc933c85ff0cf3f39971eadbd8f60d8e318f1f1a0c146d2766e17883bd46656d429e34b5b20b34755eb1b5511fb8c9b75f7860

Download Submit
\Users\Admin\AppData\Local\Temp\mnvfqk.exe

Filesize
50KB

MD5
4ab419e755a22876937934b150259428

SHA1
1e2bf4cb7772a4961df86b32bb343a1b7e19f573

SHA256
31d692f0833a4b5b092bba51bfe313c695934bf36e1f2a3cd3be9e9f51197d34

SHA512
8a4eac2db807bb9c0eb6f9a6b32699da3e0a01a864816824902a2e8ef806bb7d0cbca5f185fc116c252222a07dbc0ffd6e9a9d1d1fbfcb95a4198880a56f2a92

Download Submit
\Users\Admin\AppData\Local\Temp\mnvfqk.exe

Filesize
29KB

MD5
537c1c45458196e526e713169623e63a

SHA1
3ff3ec4f15b502b4ccb71b237b6a0f731a272363

SHA256
07a5cf790f161eba9e0f258bce92bb4d1f78f8b0e8c4349e2427aa6ee303af38

SHA512
7cebc07ee1e2bb5e011b0820786bdbc7ce8e7ce643571e23fa7974d85d513661d3bb62a42d82efe49b5eefd7e0853197ea5f360dfd0a46e1821e6ea31b830376

Download Submit
memory/1680-19-0x0000000000950000-0x0000000000951000-memory.dmp

Filesize
4KB

Download
memory/1680-16-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/1680-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1680-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1680-2-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1680-3-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1680-4-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/1680-5-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1680-6-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/1680-7-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/1680-8-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/1680-9-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/1680-10-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/1680-11-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/1680-12-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/1680-13-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/1680-14-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/1680-15-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/1680-17-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/1680-18-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1680-1-0x00000000002C0000-0x0000000000310000-memory.dmp

Filesize
320KB

Download
memory/1680-20-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1680-51-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1680-49-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1680-48-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1680-50-0x00000000002C0000-0x0000000000310000-memory.dmp

Filesize
320KB

Download
memory/1680-37-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1680-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1680-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1680-28-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1680-39-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1680-38-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1680-21-0x00000000006F0000-0x00000000006F1000-memory.dmp

Filesize
4KB

Download
memory/1680-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1680-24-0x0000000000710000-0x0000000000711000-memory.dmp

Filesize
4KB

Download
memory/1680-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1680-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1680-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1680-27-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/1680-26-0x0000000000940000-0x0000000000941000-memory.dmp

Filesize
4KB

Download
memory/1680-25-0x0000000000960000-0x0000000000961000-memory.dmp

Filesize
4KB

Download
memory/1680-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1680-23-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/1680-22-0x0000000000720000-0x0000000000721000-memory.dmp

Filesize
4KB

Download
memory/2508-61-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2508-59-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2508-53-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2508-57-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2508-58-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2508-56-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2508-66-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2508-65-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2508-63-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2508-67-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2508-55-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2508-64-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2508-54-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2508-68-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2508-70-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2508-71-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2508-73-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2508-72-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2508-69-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2508-62-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2508-60-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2508-105-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download