Overview

overview

4

Static

static

3

DuoHacker.exe

windows7-x64

1

DuoHacker.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    91s
  • max time network
    109s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-09-2024 16:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DuoHacker.exe

  • Size

    146.5MB

  • MD5

    936228d3ed89688fa1196ec11ac8432d

  • SHA1

    8d3ebae8e41cf1a688c90230bca87b0a023e4cff

  • SHA256

    521caf203a5da1060ad0afd04cb017df04a28d32f94a33b3d8ea1aa767334d73

  • SHA512

    7bf74036fe615cb2235102c3b5fe5a4fdac686a4b7ad3aabcfcb7a086a9e08fa00627f3ddb85489deea6b4e742b524bf189461b762fcc9cca90adeecd4bb132f

  • SSDEEP

    1572864:WNmJTQ4ALZ4K5M9Mtu2HiQwoqDzx9KBl91jjgTaw8Im+Pn79ITVKR:WNI0Jw1YSXPxYVg

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DuoHacker.exe
    "C:\Users\Admin\AppData\Local\Temp\DuoHacker.exe"
    1⤵
      PID:4876
    • C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\UnlockUnprotect.vbe"
      1⤵
        PID:1948
      • C:\Windows\system32\mspaint.exe
        "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\DenyRequest.emf"
        1⤵
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:4976
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
        1⤵
          PID:2728

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads