Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Duplicate ...16.exe

windows7-x64

7

Duplicate ...16.exe

windows10-2004-x64

7

feniks-sit...ik.url

windows7-x64

1

feniks-sit...ik.url

windows10-2004-x64

1

feniks-sit...io.url

windows7-x64

1

feniks-sit...io.url

windows10-2004-x64

1

feniks-sit...pl.url

windows7-x64

6

feniks-sit...pl.url

windows10-2004-x64

3

Analysis

  • max time kernel
    1815s
  • max time network
    1854s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 14:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Duplicate Cleaner Pro 5.16 RePack/Duplicate Cleaner 5.16.exe

  • Size

    48.7MB

  • MD5

    ab413f5789c16c5607a489bf608f1036

  • SHA1

    230985872b049138f416642e2c9e2d499cfdf5c7

  • SHA256

    258cafd85557926016126321b0ed7d3df31a728c5b16c16c7da1744fcd0415bd

  • SHA512

    2c36b9b6215657cd4923222e271ead27c691dad36ec60bcbcc46ce63f1b5d5c83338dfc8f60312295068739ef25d9a523a165e4304ae3960f189b0f7ec6cbcb6

  • SSDEEP

    786432:T3jWdZevCMBksIblng6Fv9MPHw6GQnEdTg6KIIs8qJ4EogI97YDW0:T3gev/kZbFg6BynGQ9Nds8ELo9qt

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 6 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Duplicate Cleaner Pro 5.16 RePack\Duplicate Cleaner 5.16.exe
    "C:\Users\Admin\AppData\Local\Temp\Duplicate Cleaner Pro 5.16 RePack\Duplicate Cleaner 5.16.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Users\Admin\AppData\Local\Temp\is-FD6SJ.tmp\Duplicate Cleaner 5.16.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-FD6SJ.tmp\Duplicate Cleaner 5.16.tmp" /SL5="$400DE,50670845,58880,C:\Users\Admin\AppData\Local\Temp\Duplicate Cleaner Pro 5.16 RePack\Duplicate Cleaner 5.16.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:856
      • C:\Program Files (x86)\Duplicate Cleaner\Duplicate Cleaner 5.exe
        "C:\Program Files (x86)\Duplicate Cleaner\Duplicate Cleaner 5.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:2344

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Duplicate Cleaner\Duplicate Cleaner 5.exe
    Filesize

    1.4MB

    MD5

    b4deeff0fdc0a9d10715867285d116d0

    SHA1

    f3aa5286e5164e2f850b286a122433f5b30b1bb5

    SHA256

    e92e08cdcd33e163ceffb7233dbe8c9b38fd6bfb342c004d2bd37ad9e89e8ea1

    SHA512

    76b15a30b27f4d84395a91a5a0f146e6feac104f1c397c014ad28020c557100870ce4525b5a1263448391e535731b679cfe2ea3bd4ecafa686f9158b505d40be

    Download Submit

  • C:\Program Files (x86)\Duplicate Cleaner\Duplicate Cleaner 5.exe
    Filesize

    348KB

    MD5

    39fc6d7339954d2314bcc14ce2e4e574

    SHA1

    e6eb8400fc53eccceb2935422443ce9181b4143e

    SHA256

    e205b482f71398c02591f5b3a3b486f445e4d36b63350606a4e2ddb9fbaf6c6d

    SHA512

    11afa29ec595c4a8f12f3bb570664dfbe4475e9d71723371fcf9ad78570a6104340eab9b57f4a502a978b106df32dd096555480944e191d61607888b65a5ae2e

    Download Submit

  • C:\Program Files (x86)\Duplicate Cleaner\Duplicate Cleaner 5.exe
    Filesize

    3.4MB

    MD5

    44b59e0f6e79efc87db1dd01fcb01c46

    SHA1

    57344c6c08d02ec112c1de0d0d09bbf80862d390

    SHA256

    ed2d604760e4bc8677595e2a6c17522d228d18c309c212271b6c6f6712785b3d

    SHA512

    c88ffc2d76c28a7ad1009d47b2d8e114ed8b70374357c28dd3e6156f77ff51f1e5aa4333e0d91e7a9b590f6fdb1f988bcbb737ea2758305f267de499163aa589

    Download Submit

  • C:\Program Files (x86)\Duplicate Cleaner\Duplicate Cleaner 5.exe.config
    Filesize

    3KB

    MD5

    b6df270030cfeac0eb39ed4c437d4221

    SHA1

    9639323cb9ecfb2eefa9937fb007de0693f61e92

    SHA256

    13edfe2cd3c3c9d58a280cd1e23577fec7a24802585eead6d73f71179aacf4f9

    SHA512

    2af5fe0fae2b676cbe90a8722efba9a1e0ce7b811d83251c3867c813ee7b67ab0fee9fc815214a30c6a0ef41c2b5b4f2a90d03d887ca0b5e0a65bc7ffd5673f3

    Download Submit

  • \Program Files (x86)\Duplicate Cleaner\Duplicate Cleaner 5.exe
    Filesize

    1.9MB

    MD5

    ae347ede9072b035778f462fd3028869

    SHA1

    150ecf7b37132b788204002ae1209a9e01ccde4b

    SHA256

    d4ec58c1a8ee6316865f5c22e6046a426f9017d50994075639b5040722132275

    SHA512

    ad9641aa2c51547824e8c8b4bb4b99af5db6ae263fa0d970bad5891d7351b392f1eee8c9cdb445d7fb194fa4fc7dd1b40a18de606fad3408a471a8d142c44338

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-FD6SJ.tmp\Duplicate Cleaner 5.16.tmp
    Filesize

    915KB

    MD5

    90b4f778d1c40053bec5a5be0ecb7d85

    SHA1

    fb49d586ea9c385696c0a29456c9a53c6366856b

    SHA256

    a26e135ce3945988545d4982bb81e2c17c55a7a672c28b528c81cc97191460fa

    SHA512

    a744a042f57088c803bb810bbe5ea929ac946c3e2ac05636eb92e2e47756fb12dfe984c816cb9af808cf9d7f3e8e60eca909a136b1c4a53ba9bd692686b025ca

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-NR1MN.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-NR1MN.tmp\innocallback.dll
    Filesize

    63KB

    MD5

    1c55ae5ef9980e3b1028447da6105c75

    SHA1

    f85218e10e6aa23b2f5a3ed512895b437e41b45c

    SHA256

    6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

    SHA512

    1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

    Download Submit

  • memory/856-38-0x0000000000400000-0x00000000004F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/856-228-0x0000000000400000-0x00000000004F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/856-40-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/856-47-0x00000000023C0000-0x00000000024C0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/856-36-0x0000000000700000-0x0000000000715000-memory.dmp

    Filesize

    84KB

    Download

  • memory/856-217-0x0000000000400000-0x00000000004F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/856-218-0x0000000000700000-0x0000000000715000-memory.dmp

    Filesize

    84KB

    Download

  • memory/856-35-0x0000000000400000-0x00000000004F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/856-246-0x0000000000400000-0x00000000004F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/856-229-0x0000000000700000-0x0000000000715000-memory.dmp

    Filesize

    84KB

    Download

  • memory/856-18-0x0000000000700000-0x0000000000715000-memory.dmp

    Filesize

    84KB

    Download

  • memory/856-11-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2112-247-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2112-34-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2112-2-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2112-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2344-263-0x000000001BD20000-0x000000001BD9E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2344-272-0x0000000002370000-0x000000000237A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2344-250-0x000000001B7E0000-0x000000001BD1C000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2344-252-0x0000000002330000-0x000000000234A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2344-232-0x000007FEF4A70000-0x000007FEF545C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2344-234-0x000000001B480000-0x000000001B500000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2344-256-0x000000001B400000-0x000000001B462000-memory.dmp

    Filesize

    392KB

    Download

  • memory/2344-265-0x000000001D6C0000-0x000000001D7E8000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2344-268-0x000000001BDA0000-0x000000001BDC5000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2344-231-0x0000000000050000-0x00000000004D8000-memory.dmp

    Filesize

    4.5MB

    Download

  • memory/2344-261-0x0000000002350000-0x0000000002366000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2344-248-0x000000001B480000-0x000000001B500000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2344-271-0x0000000002370000-0x000000000237A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2344-254-0x000000001B3C0000-0x000000001B3F6000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2344-293-0x000000001C020000-0x000000001C050000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2344-294-0x000000001B480000-0x000000001B500000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2344-295-0x000000001B480000-0x000000001B500000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2344-296-0x000007FEF4A70000-0x000007FEF545C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2344-297-0x000000001B480000-0x000000001B500000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2344-298-0x000000001B480000-0x000000001B500000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2344-300-0x0000000002370000-0x000000000237A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2344-299-0x0000000002370000-0x000000000237A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2344-301-0x000000001B480000-0x000000001B500000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2344-302-0x000000001B480000-0x000000001B500000-memory.dmp

    Filesize

    512KB

    Download