Overview

overview

7

Static

static

3

DupInOutDu...ut.exe

windows7-x64

7

DupInOutDu...ut.exe

windows10-2004-x64

7

DupInOutDu...LA.rtf

windows7-x64

4

DupInOutDu...LA.rtf

windows10-2004-x64

1

DupInOutDu...it.dll

windows7-x64

1

DupInOutDu...it.dll

windows10-2004-x64

1

DupInOutDu...it.dll

windows7-x64

1

DupInOutDu...it.dll

windows10-2004-x64

1

DupInOutDu...rp.dll

windows7-x64

1

DupInOutDu...rp.dll

windows10-2004-x64

1

DupInOutDu...le.exe

windows7-x64

7

DupInOutDu...le.exe

windows10-2004-x64

7

DupInOutDu... -.url

windows7-x64

1

DupInOutDu... -.url

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10/10/2024, 02:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DupInOutDuplicateFinderPortable/DupInOutDuplicateFinderPortable.exe

  • Size

    487KB

  • MD5

    8e333e2ed1e85be63d1c6466eac8f839

  • SHA1

    c913e6d79946b20139903b6372a420350c82bd56

  • SHA256

    7f72040e2217f0bdf1c851d256ceaff016ce81270db2e2eb6344880f396e5f26

  • SHA512

    7066eaeebf6aac73f6156dec92dba0734bbb75e9cfeffb5733910c768e8cdbd23b30dcbfddf9cc8719db1d479070e2485a84d699fae9f7d0b66f28d898ceed7d

  • SSDEEP

    3072:tRHvBKTWHnpx0IT/END9i/7ZhmLsCdF1V98OK15AoCUqX0:thvBGWHnpx02EnhLsst0AoCUd

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DupInOutDuplicateFinderPortable\DupInOutDuplicateFinderPortable.exe
    "C:\Users\Admin\AppData\Local\Temp\DupInOutDuplicateFinderPortable\DupInOutDuplicateFinderPortable.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\Users\Admin\AppData\Local\Temp\DupInOutDuplicateFinderPortable\App\ProgramFiles\DupInOut.exe
      C:\Users\Admin\AppData\Local\Temp\DupInOutDuplicateFinderPortable\App\ProgramFiles\DupInOut.exe
      2⤵
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:1028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\DupInOut\DupInOut.exe_Url_xqxizentoy2l5jvp4cit5xxnyy4lxxth\1.1.3.5\aa1bld4g.newcfg
    Filesize

    165KB

    MD5

    2fda0a5311a9f3632dfacc5d0990aa2c

    SHA1

    e247da7967ec52e4cb0a53d98dc38844f9bc2126

    SHA256

    6fa3abe85a6d743edd4b68dd5052bb3d8a48e2995212c5f31337d73666066cc0

    SHA512

    de00182ff15da98e54cfb823e551a65ab36a9228e564431187fc95ea987f21feb5da4d0af40704a9c6ed7c3d717aa3b62423b1ce32fe649e4170ae6ac482b892

    Download Submit

  • C:\Users\Admin\AppData\Local\DupInOut\DupInOut.exe_Url_xqxizentoy2l5jvp4cit5xxnyy4lxxth\1.1.3.5\rdbg5ium.newcfg
    Filesize

    166KB

    MD5

    7f57581bf1acb1bf7527fddb3c18f1ee

    SHA1

    25a25aee9891c5d06628b19bcd1391c2814909f3

    SHA256

    2eb8c7cdd5fe41c0b22d2a3591ef62a9cb53df657f24ca5c0e8272623f6775cb

    SHA512

    b0fdb6d34092faed5ed8842ddc151fdcc725ccc5524a7018611f31bb5407cc4b8bd643891a9f0bb26d48d7006a9b8eb73825a410d5e721211297b2c11d645dd8

    Download Submit

  • C:\Users\Admin\AppData\Local\DupInOut\DupInOut.exe_Url_xqxizentoy2l5jvp4cit5xxnyy4lxxth\1.1.3.5\user.config
    Filesize

    125KB

    MD5

    fb6439e7a0d27564b2a2d3cf73225991

    SHA1

    99ded4b82b1bd1fe6df3e0e723e4226c27d3c2ab

    SHA256

    3668cd4c478eb3c889a383c66733ad900c03ab3385e66a851975971f914dfb41

    SHA512

    0d10d13e76a587287d6eb67895adfc0b8189632cbfde8ffb8bd2c05861876ca1722e4954ffd0f6791e4cbed87f0a05bb3fea45062aa3190654a9d07e0deeb313

    Download Submit

  • C:\Users\Admin\AppData\Local\DupInOut\DupInOut.exe_Url_xqxizentoy2l5jvp4cit5xxnyy4lxxth\1.1.3.5\user.config
    Filesize

    163KB

    MD5

    43b1e9d1aa66b9408ed7f2bc5851fb19

    SHA1

    e9d3eee45abd2098653a38902c1dcdfa72bd7b5c

    SHA256

    b69ac60f1bd7146f84f7dae73340ada3f4fbb3c5221f4040b394a3187e5cc191

    SHA512

    9167dbb1b3fd8f57e4b9a68ce12e7ae90ffe27f7f09ef06960b6df8104ccfa0df94a7680543fd8c7d6f87dee69fe7b96ca50d0d422eca05b686a7df1a1849e48

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsd87D7.tmp\splash.jpg
    Filesize

    2KB

    MD5

    b72fcb42942baa0c3d64a888bf690093

    SHA1

    73fccd630afc92fc6b4ed858b4759e656b1ca1bd

    SHA256

    da1ba320a3fdcf828c9b6f67a1f5efca679dd198f8798cd75fb9e87e3183dc2b

    SHA512

    fca1718551d8b655e0352c49850751fa7e5953f88c7874ca8dd43d08d08a3454b035e5233b1edd1fdd60891c700c6a67550af0029fc96460ebc01ae13ba55e1b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd87D7.tmp\System.dll
    Filesize

    12KB

    MD5

    192639861e3dc2dc5c08bb8f8c7260d5

    SHA1

    58d30e460609e22fa0098bc27d928b689ef9af78

    SHA256

    23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6

    SHA512

    6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd87D7.tmp\newadvsplash.dll
    Filesize

    8KB

    MD5

    55a723e125afbc9b3a41d46f41749068

    SHA1

    01618b26fec6b8c6bdb866e6e4d0f7a0529fe97c

    SHA256

    0a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06

    SHA512

    559157fa1b3eb6ae1f9c0f2c71ccc692a0a0affb1d6498a8b8db1436d236fd91891897ac620ed5a588beba2efa43ef064211a7fcadb5c3a3c5e2be1d23ef9d4c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd87D7.tmp\registry.dll
    Filesize

    29KB

    MD5

    2880bf3bbbc8dcaeb4367df8a30f01a8

    SHA1

    cb5c65eae4ae923514a67c95ada2d33b0c3f2118

    SHA256

    acb79c55b3b9c460d032a6f3aaf6c642bf8c1d450e23279d091cc0c6ca510973

    SHA512

    ca978702ce7aa04f8d9781a819a57974f9627e969138e23e81e0792ff8356037c300bb27a37a9b5c756220a7788a583c8e40cc23125bcbe48849561b159c4fa3

    Download Submit

  • memory/1028-29-0x0000000073B6E000-0x0000000073B6F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1028-35-0x0000000001EB0000-0x0000000001EBA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1028-34-0x0000000001EB0000-0x0000000001EBA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1028-33-0x0000000004230000-0x0000000004274000-memory.dmp

    Filesize

    272KB

    Download

  • memory/1028-32-0x0000000004CF0000-0x0000000004D64000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1028-31-0x0000000073B60000-0x000000007424E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1028-30-0x0000000000300000-0x000000000043A000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1028-78-0x0000000073B6E000-0x0000000073B6F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1028-79-0x0000000073B60000-0x000000007424E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1028-80-0x0000000001EB0000-0x0000000001EBA000-memory.dmp

    Filesize

    40KB

    Download