Analysis
-
max time kernel
105s -
max time network
106s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
10/10/2024, 02:05
General
-
Target
DupInOutDuplicateFinderPortable/DupInOutDuplicateFinderPortable.exe
-
Size
487KB
-
MD5
8e333e2ed1e85be63d1c6466eac8f839
-
SHA1
c913e6d79946b20139903b6372a420350c82bd56
-
SHA256
7f72040e2217f0bdf1c851d256ceaff016ce81270db2e2eb6344880f396e5f26
-
SHA512
7066eaeebf6aac73f6156dec92dba0734bbb75e9cfeffb5733910c768e8cdbd23b30dcbfddf9cc8719db1d479070e2485a84d699fae9f7d0b66f28d898ceed7d
-
SSDEEP
3072:tRHvBKTWHnpx0IT/END9i/7ZhmLsCdF1V98OK15AoCUqX0:thvBGWHnpx02EnhLsst0AoCUd
Malware Config
Signatures
-
Loads dropped DLL 4 IoCs
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 7 IoCs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\DupInOutDuplicateFinderPortable\DupInOutDuplicateFinderPortable.exe"C:\Users\Admin\AppData\Local\Temp\DupInOutDuplicateFinderPortable\DupInOutDuplicateFinderPortable.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\DupInOutDuplicateFinderPortable\App\ProgramFiles\DupInOut.exeC:\Users\Admin\AppData\Local\Temp\DupInOutDuplicateFinderPortable\App\ProgramFiles\DupInOut.exe2⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
125KB
MD5fb6439e7a0d27564b2a2d3cf73225991
SHA199ded4b82b1bd1fe6df3e0e723e4226c27d3c2ab
SHA2563668cd4c478eb3c889a383c66733ad900c03ab3385e66a851975971f914dfb41
SHA5120d10d13e76a587287d6eb67895adfc0b8189632cbfde8ffb8bd2c05861876ca1722e4954ffd0f6791e4cbed87f0a05bb3fea45062aa3190654a9d07e0deeb313
-
Filesize
163KB
MD543b1e9d1aa66b9408ed7f2bc5851fb19
SHA1e9d3eee45abd2098653a38902c1dcdfa72bd7b5c
SHA256b69ac60f1bd7146f84f7dae73340ada3f4fbb3c5221f4040b394a3187e5cc191
SHA5129167dbb1b3fd8f57e4b9a68ce12e7ae90ffe27f7f09ef06960b6df8104ccfa0df94a7680543fd8c7d6f87dee69fe7b96ca50d0d422eca05b686a7df1a1849e48
-
Filesize
165KB
MD586d865c3a11a76bd34d83d33ea47f30d
SHA1d80fc1d2c2fda9570f12c0385656cd9ad904dc66
SHA2564a1beeb38372a104dcd11ac3768be05de4720e5dbd868e037c68b469b6b9bb30
SHA51215bf11c4564b038b5c6f8f471153757e25fa9d6b9e36ecc11879ba02a164cbed1aaafdb1ef9c11e922052ce559e50d113c0689c1068e243d4702593d730f778f
-
Filesize
166KB
MD53482e49f5dbc707d63fa83aa46928ef5
SHA14afbdafcd6ba05b25f2a9377a9b5be6c86a5d082
SHA2566f10c7aa5f9b212d41bff5ee0e8fae878e10440b34f684f43dc050a437feda8a
SHA512894d7942db11910c582c811086a40c95bf48babac23f495ddb1e08ba8ab4f7015b401c7616c4bab10c746fc086144000d533339cc68d919834beb151204415d9
-
Filesize
9KB
MD57050d5ae8acfbe560fa11073fef8185d
SHA15bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b
-
Filesize
12KB
MD5192639861e3dc2dc5c08bb8f8c7260d5
SHA158d30e460609e22fa0098bc27d928b689ef9af78
SHA25623d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6
SHA5126e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc
-
Filesize
8KB
MD555a723e125afbc9b3a41d46f41749068
SHA101618b26fec6b8c6bdb866e6e4d0f7a0529fe97c
SHA2560a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06
SHA512559157fa1b3eb6ae1f9c0f2c71ccc692a0a0affb1d6498a8b8db1436d236fd91891897ac620ed5a588beba2efa43ef064211a7fcadb5c3a3c5e2be1d23ef9d4c
-
Filesize
29KB
MD52880bf3bbbc8dcaeb4367df8a30f01a8
SHA1cb5c65eae4ae923514a67c95ada2d33b0c3f2118
SHA256acb79c55b3b9c460d032a6f3aaf6c642bf8c1d450e23279d091cc0c6ca510973
SHA512ca978702ce7aa04f8d9781a819a57974f9627e969138e23e81e0792ff8356037c300bb27a37a9b5c756220a7788a583c8e40cc23125bcbe48849561b159c4fa3
-
Filesize
2KB
MD5b72fcb42942baa0c3d64a888bf690093
SHA173fccd630afc92fc6b4ed858b4759e656b1ca1bd
SHA256da1ba320a3fdcf828c9b6f67a1f5efca679dd198f8798cd75fb9e87e3183dc2b
SHA512fca1718551d8b655e0352c49850751fa7e5953f88c7874ca8dd43d08d08a3454b035e5233b1edd1fdd60891c700c6a67550af0029fc96460ebc01ae13ba55e1b
-
Filesize
1.2MB
-
Filesize
464KB
-
Filesize
224KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
272KB
-
Filesize
7.7MB
-
Filesize
56KB
-
Filesize
408KB
-
Filesize
136KB
-
Filesize
7.7MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
7.7MB
