Overview

overview

10

Static

static

3

DupeMix Se....0.exe

windows7-x64

7

DupeMix Se....0.exe

windows10-2004-x64

10

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDIR/app-64.7z

windows7-x64

7

$PLUGINSDIR/app-64.7z

windows10-2004-x64

1

locales/sv.pak

windows7-x64

3

locales/sv.pak

windows10-2004-x64

3

locales/sw.pak

windows7-x64

3

locales/sw.pak

windows10-2004-x64

3

locales/ta.pak

windows7-x64

3

locales/ta.pak

windows10-2004-x64

3

locales/te.pak

windows7-x64

3

locales/te.pak

windows10-2004-x64

3

locales/th.pak

windows7-x64

3

locales/th.pak

windows10-2004-x64

3

locales/tr.pak

windows7-x64

3

locales/tr.pak

windows10-2004-x64

3

locales/uk.ps1

windows7-x64

3

locales/uk.ps1

windows10-2004-x64

3

locales/ur.pak

windows7-x64

3

locales/ur.pak

windows10-2004-x64

3

locales/vi.pak

windows7-x64

3

locales/vi.pak

windows10-2004-x64

3

locales/zh-CN.pak

windows7-x64

3

locales/zh-CN.pak

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2024 15:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/app-64.7z

  • Size

    74.6MB

  • MD5

    220de7ae6a29b2b20e66ff46605c1b0f

  • SHA1

    c71eb7e69816d14d5f8d88b6f24ecc597ed8e021

  • SHA256

    904efd8694afce96461b4076e210d6864ad58ec44986d27a17703155dd26d476

  • SHA512

    0395cc5819bd221109b705af76f4ee8e1ba7e60a7337aa765657ec0398e0c8779ff860e4d505632085ec1b588dd38243fa1d21fe87234f5d81f7cce67de5eac6

  • SSDEEP

    1572864:SJ39Kk9Md8JlB8ceyIS7nqYdd6hIEuZRob8j7yn8QNjBkjsD:xk9M+/vP7nMuvWs7y8Q/k4D

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 10 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2124
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1268
    • C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\DupeMix.exe
      "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\DupeMix.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2416

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ffmpeg.dll
      Filesize

      2.7MB

      MD5

      a007299c49fa50aeff594655859780ae

      SHA1

      d202f1f617023763a0e9418878e8ecac96be9fd4

      SHA256

      b78f0036621ad1d5833289f2ad509963ef78f1a89a3c7df0f1370fd2d35a2804

      SHA512

      444c4baa1e1d941bd04f78184cec519c6eb53a83fbc3aa3ea30522bffc9ecde73ebe7b910c1a37c345429298ada3c0ffcb3e3849e21b2009487b5cd1a02cb2a9

      Download Submit