Overview

overview

7

Static

static

3

DupInOutDu...ut.exe

windows7-x64

7

DupInOutDu...ut.exe

windows10-2004-x64

7

DupInOutDu...LA.rtf

windows7-x64

4

DupInOutDu...LA.rtf

windows10-2004-x64

1

DupInOutDu...it.dll

windows7-x64

1

DupInOutDu...it.dll

windows10-2004-x64

1

DupInOutDu...it.dll

windows7-x64

1

DupInOutDu...it.dll

windows10-2004-x64

1

DupInOutDu...rp.dll

windows7-x64

1

DupInOutDu...rp.dll

windows10-2004-x64

1

DupInOutDu...le.exe

windows7-x64

7

DupInOutDu...le.exe

windows10-2004-x64

7

DupInOutDu... -.url

windows7-x64

1

DupInOutDu... -.url

windows10-2004-x64

1

Analysis

  • max time kernel
    105s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/10/2024, 02:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    DupInOutDuplicateFinderPortable/DupInOutDuplicateFinderPortable.exe

  • Size

    487KB

  • MD5

    8e333e2ed1e85be63d1c6466eac8f839

  • SHA1

    c913e6d79946b20139903b6372a420350c82bd56

  • SHA256

    7f72040e2217f0bdf1c851d256ceaff016ce81270db2e2eb6344880f396e5f26

  • SHA512

    7066eaeebf6aac73f6156dec92dba0734bbb75e9cfeffb5733910c768e8cdbd23b30dcbfddf9cc8719db1d479070e2485a84d699fae9f7d0b66f28d898ceed7d

  • SSDEEP

    3072:tRHvBKTWHnpx0IT/END9i/7ZhmLsCdF1V98OK15AoCUqX0:thvBGWHnpx02EnhLsst0AoCUd

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DupInOutDuplicateFinderPortable\DupInOutDuplicateFinderPortable.exe
    "C:\Users\Admin\AppData\Local\Temp\DupInOutDuplicateFinderPortable\DupInOutDuplicateFinderPortable.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4036
    • C:\Users\Admin\AppData\Local\Temp\DupInOutDuplicateFinderPortable\App\ProgramFiles\DupInOut.exe
      C:\Users\Admin\AppData\Local\Temp\DupInOutDuplicateFinderPortable\App\ProgramFiles\DupInOut.exe
      2⤵
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:3836

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\DupInOut\DupInOut.exe_Url_xqxizentoy2l5jvp4cit5xxnyy4lxxth\1.1.3.5\user.config
          Filesize

          125KB

          MD5

          fb6439e7a0d27564b2a2d3cf73225991

          SHA1

          99ded4b82b1bd1fe6df3e0e723e4226c27d3c2ab

          SHA256

          3668cd4c478eb3c889a383c66733ad900c03ab3385e66a851975971f914dfb41

          SHA512

          0d10d13e76a587287d6eb67895adfc0b8189632cbfde8ffb8bd2c05861876ca1722e4954ffd0f6791e4cbed87f0a05bb3fea45062aa3190654a9d07e0deeb313

          Download Submit

        • C:\Users\Admin\AppData\Local\DupInOut\DupInOut.exe_Url_xqxizentoy2l5jvp4cit5xxnyy4lxxth\1.1.3.5\user.config
          Filesize

          163KB

          MD5

          43b1e9d1aa66b9408ed7f2bc5851fb19

          SHA1

          e9d3eee45abd2098653a38902c1dcdfa72bd7b5c

          SHA256

          b69ac60f1bd7146f84f7dae73340ada3f4fbb3c5221f4040b394a3187e5cc191

          SHA512

          9167dbb1b3fd8f57e4b9a68ce12e7ae90ffe27f7f09ef06960b6df8104ccfa0df94a7680543fd8c7d6f87dee69fe7b96ca50d0d422eca05b686a7df1a1849e48

          Download Submit

        • C:\Users\Admin\AppData\Local\DupInOut\DupInOut.exe_Url_xqxizentoy2l5jvp4cit5xxnyy4lxxth\1.1.3.5\user.config
          Filesize

          165KB

          MD5

          86d865c3a11a76bd34d83d33ea47f30d

          SHA1

          d80fc1d2c2fda9570f12c0385656cd9ad904dc66

          SHA256

          4a1beeb38372a104dcd11ac3768be05de4720e5dbd868e037c68b469b6b9bb30

          SHA512

          15bf11c4564b038b5c6f8f471153757e25fa9d6b9e36ecc11879ba02a164cbed1aaafdb1ef9c11e922052ce559e50d113c0689c1068e243d4702593d730f778f

          Download Submit

        • C:\Users\Admin\AppData\Local\DupInOut\DupInOut.exe_Url_xqxizentoy2l5jvp4cit5xxnyy4lxxth\1.1.3.5\user.config
          Filesize

          166KB

          MD5

          3482e49f5dbc707d63fa83aa46928ef5

          SHA1

          4afbdafcd6ba05b25f2a9377a9b5be6c86a5d082

          SHA256

          6f10c7aa5f9b212d41bff5ee0e8fae878e10440b34f684f43dc050a437feda8a

          SHA512

          894d7942db11910c582c811086a40c95bf48babac23f495ddb1e08ba8ab4f7015b401c7616c4bab10c746fc086144000d533339cc68d919834beb151204415d9

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
          Filesize

          9KB

          MD5

          7050d5ae8acfbe560fa11073fef8185d

          SHA1

          5bc38e77ff06785fe0aec5a345c4ccd15752560e

          SHA256

          cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

          SHA512

          a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsv8791.tmp\System.dll
          Filesize

          12KB

          MD5

          192639861e3dc2dc5c08bb8f8c7260d5

          SHA1

          58d30e460609e22fa0098bc27d928b689ef9af78

          SHA256

          23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6

          SHA512

          6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsv8791.tmp\newadvsplash.dll
          Filesize

          8KB

          MD5

          55a723e125afbc9b3a41d46f41749068

          SHA1

          01618b26fec6b8c6bdb866e6e4d0f7a0529fe97c

          SHA256

          0a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06

          SHA512

          559157fa1b3eb6ae1f9c0f2c71ccc692a0a0affb1d6498a8b8db1436d236fd91891897ac620ed5a588beba2efa43ef064211a7fcadb5c3a3c5e2be1d23ef9d4c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsv8791.tmp\registry.dll
          Filesize

          29KB

          MD5

          2880bf3bbbc8dcaeb4367df8a30f01a8

          SHA1

          cb5c65eae4ae923514a67c95ada2d33b0c3f2118

          SHA256

          acb79c55b3b9c460d032a6f3aaf6c642bf8c1d450e23279d091cc0c6ca510973

          SHA512

          ca978702ce7aa04f8d9781a819a57974f9627e969138e23e81e0792ff8356037c300bb27a37a9b5c756220a7788a583c8e40cc23125bcbe48849561b159c4fa3

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsv8791.tmp\splash.jpg
          Filesize

          2KB

          MD5

          b72fcb42942baa0c3d64a888bf690093

          SHA1

          73fccd630afc92fc6b4ed858b4759e656b1ca1bd

          SHA256

          da1ba320a3fdcf828c9b6f67a1f5efca679dd198f8798cd75fb9e87e3183dc2b

          SHA512

          fca1718551d8b655e0352c49850751fa7e5953f88c7874ca8dd43d08d08a3454b035e5233b1edd1fdd60891c700c6a67550af0029fc96460ebc01ae13ba55e1b

          Download Submit

        • memory/3836-29-0x0000000000630000-0x000000000076A000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3836-31-0x00000000052C0000-0x0000000005334000-memory.dmp

          Filesize

          464KB

          Download

        • memory/3836-35-0x0000000005C10000-0x0000000005C48000-memory.dmp

          Filesize

          224KB

          Download

        • memory/3836-34-0x0000000005AB0000-0x0000000005AB8000-memory.dmp

          Filesize

          32KB

          Download

        • memory/3836-37-0x0000000005BF0000-0x0000000005BF8000-memory.dmp

          Filesize

          32KB

          Download

        • memory/3836-33-0x0000000005930000-0x0000000005974000-memory.dmp

          Filesize

          272KB

          Download

        • memory/3836-32-0x00000000737B0000-0x0000000073F60000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3836-36-0x0000000005BD0000-0x0000000005BDE000-memory.dmp

          Filesize

          56KB

          Download

        • memory/3836-63-0x0000000008C50000-0x0000000008CB6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/3836-65-0x000000000D8C0000-0x000000000D8E2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/3836-30-0x00000000737B0000-0x0000000073F60000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3836-28-0x00000000737BE000-0x00000000737BF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3836-88-0x00000000737BE000-0x00000000737BF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3836-89-0x00000000737B0000-0x0000000073F60000-memory.dmp

          Filesize

          7.7MB

          Download