Overview

overview

7

Static

static

3

duplicate-...us.exe

windows7-x64

7

duplicate-...us.exe

windows10-2004-x64

7

去脚本�...��.url

windows7-x64

1

去脚本�...��.url

windows10-2004-x64

1

服务器软件.url

windows7-x64

1

服务器软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/05/2024, 02:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    duplicate-file-finder-plus.exe

  • Size

    1.0MB

  • MD5

    3982a59fecc661a9f9c4bee8d0a0db24

  • SHA1

    5b49c38701fb9f9498d86f6407ce27df26441cc0

  • SHA256

    d250963a7a6e43845a709e1f4e62ed8c65a704186960a815b1cc48caa5fd54c5

  • SHA512

    050fdfe6f1fc506ff6bbcbe90608edf83611dec5586567de336da835c30ccf20a8cd1a7ebccfdd388bcf1761e7455ab4824d8d40c01e2d612aa666c4da58f5fd

  • SSDEEP

    24576:T86iAA9v8hV0I4KgrIcblcxf2tuzwn6HOq:3FA9vSz4KgrIcblmf20wnK

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\duplicate-file-finder-plus.exe
    "C:\Users\Admin\AppData\Local\Temp\duplicate-file-finder-plus.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4460
    • C:\Users\Admin\AppData\Local\Temp\is-URIF9.tmp\duplicate-file-finder-plus.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-URIF9.tmp\duplicate-file-finder-plus.tmp" /SL5="$C0066,572632,141312,C:\Users\Admin\AppData\Local\Temp\duplicate-file-finder-plus.exe"
      2⤵
      • Executes dropped EXE
      PID:1412

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-URIF9.tmp\duplicate-file-finder-plus.tmp
          Filesize

          1.2MB

          MD5

          66fc30d325e9b1d4f8a2b36bec302d8a

          SHA1

          e4cd469eb2a92c54af902af3c367ea188d088bed

          SHA256

          3512db9b1a8d5a80548fa3c4847da8d1adfab5076b1c4afa14e6f12526a553e2

          SHA512

          ee2bda160947b5c138ed6a40cd841f178899b1aa45cd4b980adafc28ef2ef6a494e53632a420a953611bb1c8d100bf4284de3f301dd766d6f2727152682a9223

          Download Submit

        • memory/1412-6-0x0000000000400000-0x0000000000533000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1412-9-0x0000000000400000-0x0000000000533000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4460-0-0x0000000000400000-0x000000000042C000-memory.dmp

          Filesize

          176KB

          Download

        • memory/4460-2-0x0000000000401000-0x0000000000412000-memory.dmp

          Filesize

          68KB

          Download

        • memory/4460-8-0x0000000000400000-0x000000000042C000-memory.dmp

          Filesize

          176KB

          Download