Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Duplicate ...16.exe

windows7-x64

7

Duplicate ...16.exe

windows10-2004-x64

7

feniks-sit...ik.url

windows7-x64

1

feniks-sit...ik.url

windows10-2004-x64

1

feniks-sit...io.url

windows7-x64

1

feniks-sit...io.url

windows10-2004-x64

1

feniks-sit...pl.url

windows7-x64

6

feniks-sit...pl.url

windows10-2004-x64

3

Analysis

  • max time kernel
    1830s
  • max time network
    1147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 14:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Duplicate Cleaner Pro 5.16 RePack/Duplicate Cleaner 5.16.exe

  • Size

    48.7MB

  • MD5

    ab413f5789c16c5607a489bf608f1036

  • SHA1

    230985872b049138f416642e2c9e2d499cfdf5c7

  • SHA256

    258cafd85557926016126321b0ed7d3df31a728c5b16c16c7da1744fcd0415bd

  • SHA512

    2c36b9b6215657cd4923222e271ead27c691dad36ec60bcbcc46ce63f1b5d5c83338dfc8f60312295068739ef25d9a523a165e4304ae3960f189b0f7ec6cbcb6

  • SSDEEP

    786432:T3jWdZevCMBksIblng6Fv9MPHw6GQnEdTg6KIIs8qJ4EogI97YDW0:T3gev/kZbFg6BynGQ9Nds8ELo9qt

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Duplicate Cleaner Pro 5.16 RePack\Duplicate Cleaner 5.16.exe
    "C:\Users\Admin\AppData\Local\Temp\Duplicate Cleaner Pro 5.16 RePack\Duplicate Cleaner 5.16.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3408
    • C:\Users\Admin\AppData\Local\Temp\is-LBE6U.tmp\Duplicate Cleaner 5.16.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-LBE6U.tmp\Duplicate Cleaner 5.16.tmp" /SL5="$40218,50670845,58880,C:\Users\Admin\AppData\Local\Temp\Duplicate Cleaner Pro 5.16 RePack\Duplicate Cleaner 5.16.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-I4J62.tmp\innocallback.dll
    Filesize

    63KB

    MD5

    1c55ae5ef9980e3b1028447da6105c75

    SHA1

    f85218e10e6aa23b2f5a3ed512895b437e41b45c

    SHA256

    6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

    SHA512

    1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-LBE6U.tmp\Duplicate Cleaner 5.16.tmp
    Filesize

    915KB

    MD5

    90b4f778d1c40053bec5a5be0ecb7d85

    SHA1

    fb49d586ea9c385696c0a29456c9a53c6366856b

    SHA256

    a26e135ce3945988545d4982bb81e2c17c55a7a672c28b528c81cc97191460fa

    SHA512

    a744a042f57088c803bb810bbe5ea929ac946c3e2ac05636eb92e2e47756fb12dfe984c816cb9af808cf9d7f3e8e60eca909a136b1c4a53ba9bd692686b025ca

    Download Submit

  • memory/3232-17-0x00000000022D0000-0x00000000022D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3232-39-0x0000000005280000-0x0000000005295000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3232-58-0x0000000000400000-0x00000000004F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/3232-45-0x0000000000400000-0x00000000004F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/3232-12-0x0000000000400000-0x00000000004F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/3232-14-0x0000000000400000-0x00000000004F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/3232-40-0x00000000022D0000-0x00000000022D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3232-38-0x0000000000400000-0x00000000004F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/3232-27-0x0000000005280000-0x0000000005295000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3232-32-0x0000000005280000-0x0000000005295000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3232-31-0x0000000000400000-0x00000000004F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/3408-30-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3408-2-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3408-6-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3408-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3408-8-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3408-4-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download