Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

DupInOutDu...ut.exe

windows7-x64

7

DupInOutDu...ut.exe

windows10-2004-x64

7

DupInOutDu...LA.rtf

windows7-x64

4

DupInOutDu...LA.rtf

windows10-2004-x64

1

DupInOutDu...it.dll

windows7-x64

1

DupInOutDu...it.dll

windows10-2004-x64

1

DupInOutDu...it.dll

windows7-x64

1

DupInOutDu...it.dll

windows10-2004-x64

1

DupInOutDu...rp.dll

windows7-x64

1

DupInOutDu...rp.dll

windows10-2004-x64

1

DupInOutDu...le.exe

windows7-x64

7

DupInOutDu...le.exe

windows10-2004-x64

7

DupInOutDu... -.url

windows7-x64

1

DupInOutDu... -.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    742c1febeb55eb98b4deb688bcd8601ccdd0634650fe388c29cd7c4bf7d5742d

  • Size

    1.3MB

  • Sample

    241010-chyzqazfjm

  • MD5

    cd4ef9811a4af7bcd80ca3e57db56b16

  • SHA1

    01c909567d7cd4ef18076f1e7adaa18be9767d19

  • SHA256

    742c1febeb55eb98b4deb688bcd8601ccdd0634650fe388c29cd7c4bf7d5742d

  • SHA512

    738f5fcd760e80e5576b9bdb3d858fa0f810398de6049c5790dc2ce812b4cd3a232079d419b38ab2885810ddc6395129f3be92db23eebbb5fb423df34fa01e24

  • SSDEEP

    24576:T5lYgE3AlP2leJbjpCcxTfdkRJR2c1F9DKBjRHUh+yqZtNcg+:PhE3NeN95SRD2c3cld0PqjNc

Score
7/10
discovery

Malware Config

Targets

    • Target

      DupInOutDuplicateFinderPortable/App/ProgramFiles/DupInOut.exe

    • Size

      1.2MB

    • MD5

      adf4ee26aa02f6e13b96e0e63bab6c76

    • SHA1

      40bc393a1cc8a2a4aad8d4923218374a09eade54

    • SHA256

      79ceafcd892910b8bedb9176e511ddfdeef5fd35383eb3a305795a82f75a846a

    • SHA512

      6ee054170ce71bb411ed65d9520ea71bf7162aa0ded965d8add393ab0d49aeec8b3aa3ca97093277bca9c4d34b65f51a567b62f9db61a0a65c0a62bac7371bf6

    • SSDEEP

      24576:267YNVenV3DUHmXF+Z3iSj3zHV/huMXLPLF7CAvMLn7VFMzFvuicg+fdYkPtEth:F7/3D3V+Z3iSj3zHV/huMXLPLF7CAvMQ

    Score
    7/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

    • Target

      DupInOutDuplicateFinderPortable/App/ProgramFiles/EULA.rtf

    • Size

      10KB

    • MD5

      9d965387b280ea706e8c3bed38a11b2e

    • SHA1

      f166e40c120c19a55d502faeac2bb4bf797eb8af

    • SHA256

      b76436b9c9896bc99be38240a92d809ee316fcfbc3005cf2cc281e925bc07213

    • SHA512

      7488ff7464ce36cc29c8738fb8cd9a793dbf6ad596f94a13d2dfbcaaff2a2b8948f5297c89665a44e75030da49c8262c4b00533946a4ac1e5851ae981f79d234

    • SSDEEP

      192:MC8OI7ork/bRrxvRMDv7tMY8nKkVVyzfy3ihk62Nre7W4MDEErZ2:r/I7o4T7J2t4yzYA2Ze64MDx12

    Score
    4/10
    discovery
    behavioral3behavioral4

    • Target

      DupInOutDuplicateFinderPortable/App/ProgramFiles/System.Windows.Controls.DataVisualization.Toolkit.dll

    • Size

      250KB

    • MD5

      857631afc720b8955b26696e1998ef7f

    • SHA1

      ef5c4f8dbf70517d9643543466fc690f0b6f0811

    • SHA256

      862acc50a8ed16781c3be98336cd8e49c7778859fd6006f68d1c823f8be425db

    • SHA512

      2a048596bfb8682177300adbf0d6df0b6cf5d716ab69ffbd25a01a3f23b59492b16823fb762ca91541bbb9bc82d6ca4d48bba2ff2f2e73cde7df60a9a7fde52f

    • SSDEEP

      3072:RGFBcWR7g0T2oF0QkSseut1BjHadJoNT1OuLsnKUFMsoobQvsvqoD:RGr80b0Gu3FadJoNT1OuLuKUdoHg

    Score
    1/10
    behavioral5behavioral6

    • Target

      DupInOutDuplicateFinderPortable/App/ProgramFiles/WPFToolkit.dll

    • Size

      446KB

    • MD5

      56765db9d5bb0957e0bcd43e48dac999

    • SHA1

      a003693df359d52cbf1288279bb1a74640f9c5eb

    • SHA256

      870cca9257df7287c30f58b329eadef825db6d7992ea6feb65e5293311e8fa92

    • SHA512

      650758c7202a82bc969a89fe7280592967c1e6a389a9f8b83c3e3715335ea669e91fc46fbe7a6487f0a436a8469e7aab926af0c5cdec3b8f735d1548cf02f5a2

    • SSDEEP

      12288:b7D+OTvePnOiCndN0OE0Qe1oRxxRSozG1ruos:b7D+OTvrndN0OE0QWlUG1ruos

    Score
    1/10
    behavioral7behavioral8

    • Target

      DupInOutDuplicateFinderPortable/App/ProgramFiles/taglib-sharp.dll

    • Size

      479KB

    • MD5

      7fd5aa9f5fc1c59b9b37327940274a03

    • SHA1

      8e511b8359a3bb32d6c9d84b83a3845cfcc575e6

    • SHA256

      e79ca19838b09f4ece43ca178bf767db4fc625268bf2816147bbc57aa6ce5aac

    • SHA512

      0c9263ebdaf786a334a90a109872ad022e751a52efb74bbc6d8f2c0179cfac5ccc77663f6f208991376ede0378cb036ad19cd0033ebe59cdef120352c983e4b1

    • SSDEEP

      6144:5g9PZ14AIIejScmHqQ9aj4nMRVd3HmPRNe/bQqvzW59XbZ6yLOChycp2bdzwptxH:GNQmKQ9aj4nsd3HOiVvzEZ6Hc2xz

    Score
    1/10
    behavioral10behavioral9

    • Target

      DupInOutDuplicateFinderPortable/DupInOutDuplicateFinderPortable.exe

    • Size

      487KB

    • MD5

      8e333e2ed1e85be63d1c6466eac8f839

    • SHA1

      c913e6d79946b20139903b6372a420350c82bd56

    • SHA256

      7f72040e2217f0bdf1c851d256ceaff016ce81270db2e2eb6344880f396e5f26

    • SHA512

      7066eaeebf6aac73f6156dec92dba0734bbb75e9cfeffb5733910c768e8cdbd23b30dcbfddf9cc8719db1d479070e2485a84d699fae9f7d0b66f28d898ceed7d

    • SSDEEP

      3072:tRHvBKTWHnpx0IT/END9i/7ZhmLsCdF1V98OK15AoCUqX0:thvBGWHnpx02EnhLsst0AoCUd

    Score
    7/10
    discovery

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral11behavioral12

    • Target

      DupInOutDuplicateFinderPortable/Muchos Portables!!!! -.url

    • Size

      132B

    • MD5

      ea3755b22fc8dff0c051ede0f21f4d94

    • SHA1

      1d3a7b0183c4927ba494cd60bf49a77c1c786aea

    • SHA256

      894932952f9af3520ed210322ccfff9770e86a1e8fdbfc7e7a5b89dbcf03ec33

    • SHA512

      99af953f1606820ddc545c5d78a969a37170d5002b659780415a5be6117e59d739bb8d584b4a8bfbb43dff28c2c89bfceb54f0cba935021313195c385b0fe040

    Score
    1/10
    behavioral13behavioral14

MITRE ATT&CK Enterprise v15

Tasks