796cf93efd52fe870ec214efa6a9df0fa43d51f5a3cd7cc3bf89a194a45efbc2

Analysis

max time kernel
60s
max time network
101s
platform
windows7_x64
resource
win7-en-20210920
submitted
22-10-2021 00:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Discord IP Puller.exe
Size

10.1MB
MD5

b98d223c71d68edd727cd7e4a281e8a7
SHA1

ebb02b048ef8cce653425d02c8f7a195b0cd9500
SHA256

796cf93efd52fe870ec214efa6a9df0fa43d51f5a3cd7cc3bf89a194a45efbc2
SHA512

26b9fd80856e403d7a414e57671c48411c7898dd8b17449d056377e4af8545318fd67f0987ef94f9f9a6a4a49ccdafa202931db53d939edfa5cba305b5dd19a6

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

Discord IP Puller.exe

pid	process
1256	Discord IP Puller.exe
1256	Discord IP Puller.exe
1256	Discord IP Puller.exe
1256	Discord IP Puller.exe
1256	Discord IP Puller.exe
1256	Discord IP Puller.exe
1256	Discord IP Puller.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Discord IP Puller.exe

description	pid	process	target process
PID 1376 wrote to memory of 1256	1376	Discord IP Puller.exe	Discord IP Puller.exe
PID 1376 wrote to memory of 1256	1376	Discord IP Puller.exe	Discord IP Puller.exe
PID 1376 wrote to memory of 1256	1376	Discord IP Puller.exe	Discord IP Puller.exe

C:\Users\Admin\AppData\Local\Temp\Discord IP Puller.exe
"C:\Users\Admin\AppData\Local\Temp\Discord IP Puller.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1376

C:\Users\Admin\AppData\Local\Temp\Discord IP Puller.exe
"C:\Users\Admin\AppData\Local\Temp\Discord IP Puller.exe"
2⤵
- Loads dropped DLL
PID:1256

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI13762\api-ms-win-core-file-l1-2-0.dll
MD5
0e235ef6790ee1ae1da5b722258fbbf6

SHA1
b6107a341c76640725fd1df9d999534fca6d22ed

SHA256
2a9c404de63a1921c0d6f1123bbcb02979929c04e12786838aa1e189c5efebb7

SHA512
e3a70d2297d290a826b660ce9c27a239dc775af0ac2eb19a9777c427d0de4c606bfc5e8f95b034e2e72bb5ccc1d85b63a6ca0c0f5a86f560990c5cc952e5fae7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13762\api-ms-win-core-file-l2-1-0.dll
MD5
c37f6835a05f5747ea6ef2bcbf84c27f

SHA1
e66e5380871fb6c56ecd0b47d88792aa8d774238

SHA256
bfe3210a0055c8726da1b5ef1b9e111c17c55c4c50e852828a36b9e838e9a6d7

SHA512
4e26daa261333c31faace1d1210a7e6c1c483e2a7ff920b2cbdd2bfd06527911e0553f7b62781490b78e4efec28bf357ac60088e73d12c3409cb1da4f87538c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13762\api-ms-win-core-localization-l1-2-0.dll
MD5
481eb246789e25c4c2eb5f93ea81aed7

SHA1
0409db7c778549b428094a91af0c684cde29114a

SHA256
6426eefcf7059a1acb7e4086644cad42a4824d2ef5c3e64e5b9c5e3c6ba8d892

SHA512
a1b0aa945697e78efc0286536f8eeb0cf0b6fd349fef6d6b517cf402d96cfb136f00af79ff5635c0d3972a37ad30aaf37922a5a86fbe75c6e33dea3c8c0aa76b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13762\api-ms-win-core-processthreads-l1-1-1.dll
MD5
06a274b7766b1492ac91508293913a5f

SHA1
e4f83348e42856187edced14a853d9a1c50b1cdd

SHA256
c79c107ee0de08992610aa2f75e8302c03cf719d40c873b5026c3bb9a24b3cdb

SHA512
bbcff569ac0dd84ca8ad80f810b6a6e88b4a7b53a2240fedcc39383c90603d8443761ec5d319c370a963ab5362ce2b36e4fe650a76c99aab05ab76eeb5fa5fa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13762\api-ms-win-core-timezone-l1-1-0.dll
MD5
d0778a01d7422a4b6f18aba8896d91a7

SHA1
c4d8e96b38ad1a3cdab88a136dbb161a60834174

SHA256
3b6bda39dff3daee25bccd67aa859de87562d6de92e2975048bcba5584d7d262

SHA512
be352b7a632d4d45cd88c852cd0622511459aca7ba42252cece2c29da7d3de9e3af6f94669e4c907b188d7d61550195a1c67a39d7d24dbbcf978fab7b19d80e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13762\python39.dll
MD5
11c051f93c922d6b6b4829772f27a5be

SHA1
42fbdf3403a4bc3d46d348ca37a9f835e073d440

SHA256
0eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c

SHA512
1cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13762\ucrtbase.dll
MD5
22f642b67871169cca2bfd9780b6e7d5

SHA1
1074145e16a6e97b628b73a31f09ea9af04aa0e8

SHA256
270998f0c2235b97d8c321b6f6c3172537f161780b7c2b34d296b6fdce0dd6ef

SHA512
d4a6332871dd752001e4a50f7994db79265234370154b4fc18eae76afffc1e267b6cd6b72261f4d405e70deb22edfed7671c038a3c4530892aaca65e7c9de426

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13762\api-ms-win-core-file-l1-2-0.dll
MD5
0e235ef6790ee1ae1da5b722258fbbf6

SHA1
b6107a341c76640725fd1df9d999534fca6d22ed

SHA256
2a9c404de63a1921c0d6f1123bbcb02979929c04e12786838aa1e189c5efebb7

SHA512
e3a70d2297d290a826b660ce9c27a239dc775af0ac2eb19a9777c427d0de4c606bfc5e8f95b034e2e72bb5ccc1d85b63a6ca0c0f5a86f560990c5cc952e5fae7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13762\api-ms-win-core-file-l2-1-0.dll
MD5
c37f6835a05f5747ea6ef2bcbf84c27f

SHA1
e66e5380871fb6c56ecd0b47d88792aa8d774238

SHA256
bfe3210a0055c8726da1b5ef1b9e111c17c55c4c50e852828a36b9e838e9a6d7

SHA512
4e26daa261333c31faace1d1210a7e6c1c483e2a7ff920b2cbdd2bfd06527911e0553f7b62781490b78e4efec28bf357ac60088e73d12c3409cb1da4f87538c9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13762\api-ms-win-core-localization-l1-2-0.dll
MD5
481eb246789e25c4c2eb5f93ea81aed7

SHA1
0409db7c778549b428094a91af0c684cde29114a

SHA256
6426eefcf7059a1acb7e4086644cad42a4824d2ef5c3e64e5b9c5e3c6ba8d892

SHA512
a1b0aa945697e78efc0286536f8eeb0cf0b6fd349fef6d6b517cf402d96cfb136f00af79ff5635c0d3972a37ad30aaf37922a5a86fbe75c6e33dea3c8c0aa76b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13762\api-ms-win-core-processthreads-l1-1-1.dll
MD5
06a274b7766b1492ac91508293913a5f

SHA1
e4f83348e42856187edced14a853d9a1c50b1cdd

SHA256
c79c107ee0de08992610aa2f75e8302c03cf719d40c873b5026c3bb9a24b3cdb

SHA512
bbcff569ac0dd84ca8ad80f810b6a6e88b4a7b53a2240fedcc39383c90603d8443761ec5d319c370a963ab5362ce2b36e4fe650a76c99aab05ab76eeb5fa5fa0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13762\api-ms-win-core-timezone-l1-1-0.dll
MD5
d0778a01d7422a4b6f18aba8896d91a7

SHA1
c4d8e96b38ad1a3cdab88a136dbb161a60834174

SHA256
3b6bda39dff3daee25bccd67aa859de87562d6de92e2975048bcba5584d7d262

SHA512
be352b7a632d4d45cd88c852cd0622511459aca7ba42252cece2c29da7d3de9e3af6f94669e4c907b188d7d61550195a1c67a39d7d24dbbcf978fab7b19d80e3

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13762\python39.dll
MD5
11c051f93c922d6b6b4829772f27a5be

SHA1
42fbdf3403a4bc3d46d348ca37a9f835e073d440

SHA256
0eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c

SHA512
1cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13762\ucrtbase.dll
MD5
22f642b67871169cca2bfd9780b6e7d5

SHA1
1074145e16a6e97b628b73a31f09ea9af04aa0e8

SHA256
270998f0c2235b97d8c321b6f6c3172537f161780b7c2b34d296b6fdce0dd6ef

SHA512
d4a6332871dd752001e4a50f7994db79265234370154b4fc18eae76afffc1e267b6cd6b72261f4d405e70deb22edfed7671c038a3c4530892aaca65e7c9de426

Download Submit
memory/1256-54-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads