Overview

overview

7

Static

static

Duplicate ...us.exe

windows7-x64

1

Duplicate ...us.exe

windows10-2004-x64

6

Duplicate ...xe.xml

windows7-x64

1

Duplicate ...xe.xml

windows10-2004-x64

1

Duplicate ...ry.dll

windows7-x64

1

Duplicate ...ry.dll

windows10-2004-x64

1

Duplicate ...es.dll

windows7-x64

1

Duplicate ...es.dll

windows10-2004-x64

1

Duplicate ...le.exe

windows7-x64

7

Duplicate ...le.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    04/10/2022, 10:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Duplicate File Finder Plus/App/DuplicateFileFinderPlus/Duplicate File Finder Plus.exe

  • Size

    315KB

  • MD5

    226b40e0e43d60e79795c24b6c609848

  • SHA1

    0984091f7f2156963e2562589092dfe89da94c71

  • SHA256

    064be21f3e44a433084ee83eb1e0029f835c5f78e96efcc630e72deeef5c5412

  • SHA512

    16315dcc6d4d573e7d178ba1aba27e2657fff3fafca35ccc8c999cd3af8ee289ae772715dd7676734e1a21c53f2086a17bc005fb08d1805f8b5bf66b05f24ba1

  • SSDEEP

    3072:F8cNAwyjD/cUV4ucdmlJ/c5/eq4Dtxel2/ccJVQ5xoBcTYULBnmSkDgFiW+vf+6K:cw6NXiO47XNgVPMwHDNLO7AZwehq2/

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 4 IoCs
    evasionspywaretrojan
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Duplicate File Finder Plus\App\DuplicateFileFinderPlus\Duplicate File Finder Plus.exe
    "C:\Users\Admin\AppData\Local\Temp\Duplicate File Finder Plus\App\DuplicateFileFinderPlus\Duplicate File Finder Plus.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:1816
    • C:\Windows\explorer.exe
      explorer "https://DuplicateFileFinder4PC.com/duplicate-file-finder-plus.htm?selectedTab=updates"
      2⤵
        PID:1540
      • C:\Windows\explorer.exe
        explorer "https://duplicatefilefinder4pc.com/f/duplicate-file-finder-plus.zip"
        2⤵
          PID:576
      • C:\Windows\explorer.exe
        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:1260
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" https://duplicatefilefinder4pc.com/duplicate-file-finder-plus.htm?selectedTab=updates
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1284
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1284 CREDAT:275457 /prefetch:2
            3⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1688
      • C:\Windows\explorer.exe
        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:1608
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" https://duplicatefilefinder4pc.com/f/duplicate-file-finder-plus.zip
          2⤵
          • Modifies Internet Explorer Phishing Filter
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1812
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1812 CREDAT:275457 /prefetch:2
            3⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1796

      Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
              Filesize

              1KB

              MD5

              8d0b18acdb128088cd477b70eb24769b

              SHA1

              89252f65ecc925e8aa910ee6cfed4e0468e42ae6

              SHA256

              1604e28cfd2b93bb422911155840c3437838662434cb4a35f0309a04939f239b

              SHA512

              c23eb94268245b5e45e9adf4d2791910a26fe3da4cd68774c45f834136f2707b35c4b741d7ca936fff8702e0deafed2ae2bcaa8dc1e33b3a40fc856c09534879

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
              Filesize

              1KB

              MD5

              8d0b18acdb128088cd477b70eb24769b

              SHA1

              89252f65ecc925e8aa910ee6cfed4e0468e42ae6

              SHA256

              1604e28cfd2b93bb422911155840c3437838662434cb4a35f0309a04939f239b

              SHA512

              c23eb94268245b5e45e9adf4d2791910a26fe3da4cd68774c45f834136f2707b35c4b741d7ca936fff8702e0deafed2ae2bcaa8dc1e33b3a40fc856c09534879

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
              Filesize

              60KB

              MD5

              d15aaa7c9be910a9898260767e2490e1

              SHA1

              2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

              SHA256

              f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

              SHA512

              7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
              Filesize

              1KB

              MD5

              a266bb7dcc38a562631361bbf61dd11b

              SHA1

              3b1efd3a66ea28b16697394703a72ca340a05bd5

              SHA256

              df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

              SHA512

              0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
              Filesize

              1KB

              MD5

              a266bb7dcc38a562631361bbf61dd11b

              SHA1

              3b1efd3a66ea28b16697394703a72ca340a05bd5

              SHA256

              df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

              SHA512

              0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
              Filesize

              408B

              MD5

              87e8154db0188c31c1a8a796b3b5e4b8

              SHA1

              0f89f8f38690704b0fa98bad96bb2d1f9e30d593

              SHA256

              29147c38bb71c571c3b269a2e2a8c8b2f9728f39a160bcea3464252c0290a172

              SHA512

              355b924f0da07b1284858c2315439ddbc6ed27d84cab7c19aa7ec17edc793574a897875527a31a162e888fa3e40d22ef9447e2423a2289946e42c170dadad102

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
              Filesize

              408B

              MD5

              428f5f76d2345098272ab6509b093df5

              SHA1

              9e91544bdbef935ffec0d607c6a08e006bfa22e2

              SHA256

              eec8286e85ed3528133e6ae88589adfa9004bde5c92bcfcc071a4845c386eb1d

              SHA512

              54da2c0dd7fa6c1d9f099966a69606e359cbd20d01399b29e5c3224e19545c80909ed513022a7af12fe345d5b3ccd1b75a1fd2f51b9ee49f2cfe92f03387e5bc

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
              Filesize

              408B

              MD5

              adf8077a03ac343444e87b105bea74bb

              SHA1

              e0e3d37152c0754106b36badea45688354d328f0

              SHA256

              74df73e299307a632e743d1205d48f7c898139cf576e84ee9717fc1ae7ecb873

              SHA512

              63482a0e7c25532256e25c9ec1274ff8a6217c61664cdb3d84c005e4a0c5d3c8594a3e51283065b608c3778917efde2842ee19b2714204bd00e89a926d3be46d

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
              Filesize

              408B

              MD5

              0846ef2c7a56ac311d44799adef90d9d

              SHA1

              680dc645554a023699fbf502134010d41f876f44

              SHA256

              940db7726d5342f00cbc9ac021ea143ac29fcd3a5d6490b8bb2404a74a9ba582

              SHA512

              57ece99e5f4fd6e771d196f8615244510731f81e122d76097e9182cf898c09dba7ec66bed3f88b70f2b1784e7a1002bf824fd2e3b2e5bffe376e30be9d6c1238

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              eb61054c357b77562f352ab641744d66

              SHA1

              afd4483f85ce89edd99fef6f5835be39c915a440

              SHA256

              9ebe9863db6e42880e56e0718caf4232b8c2462de75c06002d63c297a20365b2

              SHA512

              dccef72f9351dcaa98d37cf492c8acd1abc0367a8ed35b0f362465fc0b8dcfd078ac69c085298ebecb69c79ada88488e74e6b794f63e0d8e96f5dc5496e747a6

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              8f416bc7606290ad1db8d714537ce762

              SHA1

              48346df385dfbd6cc11e1d34fbf980631cd66881

              SHA256

              abba31375ac165a336909176b4a27411803012985b6f22b7c0d308c9ce9ba395

              SHA512

              e6558aa9040fe58c4deb1a971e2f890d46d29a456a60bab4046c38fc25dac7caac14886bd27e5f38ca75ed1f714560d3161970cca53897a07937c422a0cd11e0

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
              Filesize

              242B

              MD5

              3f4d54f05d686ea0f0908a8bb3658711

              SHA1

              b421c77c6273da778dbf04699254bcc9d4bf8a6f

              SHA256

              4454efc8121c295e7744656a407a65750733e76ae54c7a5dba0cd39df7454a01

              SHA512

              6aa9afc90b063b97003385a8ed893671df4a82b781a725cedc4f4a130f835e6f4e5ae4ff011323969f61ea8116b0554ef97f24faf35859688cef8c49f078ac4d

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
              Filesize

              242B

              MD5

              3f4d54f05d686ea0f0908a8bb3658711

              SHA1

              b421c77c6273da778dbf04699254bcc9d4bf8a6f

              SHA256

              4454efc8121c295e7744656a407a65750733e76ae54c7a5dba0cd39df7454a01

              SHA512

              6aa9afc90b063b97003385a8ed893671df4a82b781a725cedc4f4a130f835e6f4e5ae4ff011323969f61ea8116b0554ef97f24faf35859688cef8c49f078ac4d

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E2125DD1-43DC-11ED-8FA0-42A98B637845}.dat
              Filesize

              4KB

              MD5

              29b4de063d30e63620f37a273f28414a

              SHA1

              e12c274d4de1d2e627c8699932616ff0fe4ade89

              SHA256

              4798595dc29b0ae87d161fb1c90d9412729d03a7c05146a807d758d9ede62902

              SHA512

              da34afb91b16eee85912417e1ab78cfcafb3749e1bfd9c93e6d3c5879811627b3d3f7e6a5808fe307f7c7430541b36a493ef209969241b86a0104190f906c89d

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E21284E1-43DC-11ED-8FA0-42A98B637845}.dat
              Filesize

              5KB

              MD5

              0aefe5393ee957048fcd44a1a961a90a

              SHA1

              92246cad14ec7f0d1aa9b75e54852c25ecf9da41

              SHA256

              69643c11c846bbe367b4f93ec3486b32e181b828c7717964143d07a71c0f66a0

              SHA512

              ff90ef915fecb070b5a932f61f06721885d169029ac574ba4bc0cf5d84d91589d47499c531054f550fc5f3d403d7809923e14fd1f901a4ec183233aec660f2fe

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat
              Filesize

              5KB

              MD5

              ccfd88a97619b5b85adec4aad656437f

              SHA1

              e590ccc4b2350cc3f775d53fad087c35247d4123

              SHA256

              276fb8982290fba2dd59b4724db23534a62adf2cd5b149bf531ecc8ceb2ffc9a

              SHA512

              09580eea61aff1c5ed8b0d45d70496fda38f79cae2a66634e25e9f62cbf36ae7072f31b1532fdc2286afaf5e503aa79ada3d02fa247044c6d53363c57b7fe1a1

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\QM9IQ4ET.txt
              Filesize

              606B

              MD5

              f17080a289941c14953acede27ce6f48

              SHA1

              dd7a4ac3dfc0fe826ff2bb0e1fdc3ba900074bbb

              SHA256

              eb2a9cefd85d0854cf7a44d2392920ea105ac8b419cfc1de27da790bc2363720

              SHA512

              133042db7d4de3dc190753a9343a4f018804f8f4937a60dbc1b17eaa7120dde4b645e4e8d21324752acd438439d73057bf118006461f6c2238e562e9a2431556

              Download Submit

            • memory/1540-59-0x000007FEFC181000-0x000007FEFC183000-memory.dmp

              Filesize

              8KB

              Download

            • memory/1816-57-0x0000000000B46000-0x0000000000B65000-memory.dmp

              Filesize

              124KB

              Download

            • memory/1816-54-0x000007FEF4410000-0x000007FEF4E33000-memory.dmp

              Filesize

              10.1MB

              Download

            • memory/1816-55-0x000007FEF3370000-0x000007FEF4406000-memory.dmp

              Filesize

              16.6MB

              Download

            • memory/1816-56-0x0000000000B46000-0x0000000000B65000-memory.dmp

              Filesize

              124KB

              Download