Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows10_x64 -
resource
win10-en-20211104 -
submitted
05-12-2021 16:09
Static task
static1
Behavioral task
behavioral1
Sample
DuplicatePhotoCleaner.exe
Resource
win7-en-20211014
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
DuplicatePhotoCleaner.exe
Resource
win10-en-20211104
windows10_x64
0 signatures
0 seconds
General
-
Target
DuplicatePhotoCleaner.exe
-
Size
7.6MB
-
MD5
cae7c55bfc0a850e05699058e0054bfc
-
SHA1
e433fc82fb883c3ea676a3da172010de58c5d653
-
SHA256
3b2de0f8e064ee52cee995a84b91120fefdead01f90d1861b4ee8b875c10688d
-
SHA512
c5baeefc3dfc71bfb2c6faa1e20fc97af20867d35f7906fb0ce769c6f59af3a8eae75bfb7d3b4deabc4ebee68781ee231f5ed1f1508dec4a7fed7b3aa6f59ac2
Score
10/10
Malware Config
Signatures
-
Registers COM server for autorun 1 TTPs
-
Modifies registry class 4 IoCs
Processes:
DuplicatePhotoCleaner.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\CLSID\{2B72BD98-421B-4411-BED3-46F583C97B8E} DuplicatePhotoCleaner.exe Set value (str) \REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\CLSID\{2B72BD98-421B-4411-BED3-46F583C97B8E}\ = "ClassMoniker" DuplicatePhotoCleaner.exe Key created \REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\CLSID\{2B72BD98-421B-4411-BED3-46F583C97B8E}\InprocServer32 DuplicatePhotoCleaner.exe Set value (str) \REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\CLSID\{2B72BD98-421B-4411-BED3-46F583C97B8E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\DuplicatePhotoCleaner.exe" DuplicatePhotoCleaner.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
DuplicatePhotoCleaner.exepid process 2436 DuplicatePhotoCleaner.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2436-118-0x00000000001B0000-0x00000000001B1000-memory.dmpFilesize
4KB