796cf93efd52fe870ec214efa6a9df0fa43d51f5a3cd7cc3bf89a194a45efbc2

Analysis

max time kernel
75s
max time network
125s
platform
windows10_x64
resource
win10-en-20211014
submitted
22-10-2021 00:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Discord IP Puller.exe
Size

10.1MB
MD5

b98d223c71d68edd727cd7e4a281e8a7
SHA1

ebb02b048ef8cce653425d02c8f7a195b0cd9500
SHA256

796cf93efd52fe870ec214efa6a9df0fa43d51f5a3cd7cc3bf89a194a45efbc2
SHA512

26b9fd80856e403d7a414e57671c48411c7898dd8b17449d056377e4af8545318fd67f0987ef94f9f9a6a4a49ccdafa202931db53d939edfa5cba305b5dd19a6

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

Discord IP Puller.exe

pid	process
3004	Discord IP Puller.exe
3004	Discord IP Puller.exe
3004	Discord IP Puller.exe
3004	Discord IP Puller.exe
3004	Discord IP Puller.exe
3004	Discord IP Puller.exe
3004	Discord IP Puller.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

Discord IP Puller.exeDiscord IP Puller.exe

description	pid	process	target process
PID 2720 wrote to memory of 3004	2720	Discord IP Puller.exe	Discord IP Puller.exe
PID 2720 wrote to memory of 3004	2720	Discord IP Puller.exe	Discord IP Puller.exe
PID 3004 wrote to memory of 2244	3004	Discord IP Puller.exe	cmd.exe
PID 3004 wrote to memory of 2244	3004	Discord IP Puller.exe	cmd.exe
PID 3004 wrote to memory of 3224	3004	Discord IP Puller.exe	cmd.exe
PID 3004 wrote to memory of 3224	3004	Discord IP Puller.exe	cmd.exe
PID 3004 wrote to memory of 4052	3004	Discord IP Puller.exe	cmd.exe
PID 3004 wrote to memory of 4052	3004	Discord IP Puller.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\Discord IP Puller.exe
"C:\Users\Admin\AppData\Local\Temp\Discord IP Puller.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2720

C:\Users\Admin\AppData\Local\Temp\Discord IP Puller.exe
"C:\Users\Admin\AppData\Local\Temp\Discord IP Puller.exe"
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3004

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title Discord IP Puller /// V1.1
3⤵
PID:2244

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:3224

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title Discord IP Puller /// V1.1
3⤵
PID:4052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI27202\VCRUNTIME140.dll
MD5
8697c106593e93c11adc34faa483c4a0

SHA1
cd080c51a97aa288ce6394d6c029c06ccb783790

SHA256
ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833

SHA512
724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\_ctypes.pyd
MD5
29da9b022c16da461392795951ce32d9

SHA1
0e514a8f88395b50e797d481cbbed2b4ae490c19

SHA256
3b4012343ef7a266db0b077bbb239833779192840d1e2c43dfcbc48ffd4c5372

SHA512
5c7d83823f1922734625cf69a481928a5c47b6a3bceb7f24c9197175665b2e06bd1cfd745c55d1c5fe1572f2d8da2a1dcc1c1f5de0903477bb927aca22ecb26a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\_socket.pyd
MD5
f5dd9c5922a362321978c197d3713046

SHA1
4fbc2d3e15f8bb21ecc1bf492f451475204426cd

SHA256
4494992665305fc9401ed327398ee40064fe26342fe44df11d89d2ac1cc6f626

SHA512
ce818113bb87c6e38fa85156548c6f207aaab01db311a6d8c63c6d900d607d7beff73e64d717f08388ece4b88bf8b95b71911109082cf4b0c0a9b0663b9a8e99

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\base_library.zip
MD5
e6ac394f0dc3ccf903cdad92d4011320

SHA1
b7c3567deb306771c6d98d88358b795e4f16e2a5

SHA256
eecfa03c9c648092ac7fee7a382c49fe2db9b4c3e067567b7d43845d67aa1f68

SHA512
3271acd28568f611854755614e70bc6cf002a35a9008fbf7869fe04edd88e2748dec86752cc5455df68792ace02d77bec7feacf7de5f43daaa4aeb33fc79436a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\libffi-7.dll
MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\python39.dll
MD5
11c051f93c922d6b6b4829772f27a5be

SHA1
42fbdf3403a4bc3d46d348ca37a9f835e073d440

SHA256
0eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c

SHA512
1cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\select.pyd
MD5
7a442bbcc4b7aa02c762321f39487ba9

SHA1
0fcb5bbdd0c3d3c5943e557cc2a5b43e20655b83

SHA256
1dd7bba480e65802657c31e6d20b1346d11bca2192575b45eb9760a4feb468ad

SHA512
3433c46c7603ae0a73aa9a863b2aecd810f8c0cc6c2cd96c71ef6bde64c275e0fceb4ea138e46a5c9bf72f66dcdea3e9551cf2103188a1e98a92d8140879b34c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27202\ucrtbase.dll
MD5
22f642b67871169cca2bfd9780b6e7d5

SHA1
1074145e16a6e97b628b73a31f09ea9af04aa0e8

SHA256
270998f0c2235b97d8c321b6f6c3172537f161780b7c2b34d296b6fdce0dd6ef

SHA512
d4a6332871dd752001e4a50f7994db79265234370154b4fc18eae76afffc1e267b6cd6b72261f4d405e70deb22edfed7671c038a3c4530892aaca65e7c9de426

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27202\VCRUNTIME140.dll
MD5
8697c106593e93c11adc34faa483c4a0

SHA1
cd080c51a97aa288ce6394d6c029c06ccb783790

SHA256
ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833

SHA512
724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27202\_ctypes.pyd
MD5
29da9b022c16da461392795951ce32d9

SHA1
0e514a8f88395b50e797d481cbbed2b4ae490c19

SHA256
3b4012343ef7a266db0b077bbb239833779192840d1e2c43dfcbc48ffd4c5372

SHA512
5c7d83823f1922734625cf69a481928a5c47b6a3bceb7f24c9197175665b2e06bd1cfd745c55d1c5fe1572f2d8da2a1dcc1c1f5de0903477bb927aca22ecb26a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27202\_socket.pyd
MD5
f5dd9c5922a362321978c197d3713046

SHA1
4fbc2d3e15f8bb21ecc1bf492f451475204426cd

SHA256
4494992665305fc9401ed327398ee40064fe26342fe44df11d89d2ac1cc6f626

SHA512
ce818113bb87c6e38fa85156548c6f207aaab01db311a6d8c63c6d900d607d7beff73e64d717f08388ece4b88bf8b95b71911109082cf4b0c0a9b0663b9a8e99

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27202\libffi-7.dll
MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27202\python39.dll
MD5
11c051f93c922d6b6b4829772f27a5be

SHA1
42fbdf3403a4bc3d46d348ca37a9f835e073d440

SHA256
0eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c

SHA512
1cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27202\select.pyd
MD5
7a442bbcc4b7aa02c762321f39487ba9

SHA1
0fcb5bbdd0c3d3c5943e557cc2a5b43e20655b83

SHA256
1dd7bba480e65802657c31e6d20b1346d11bca2192575b45eb9760a4feb468ad

SHA512
3433c46c7603ae0a73aa9a863b2aecd810f8c0cc6c2cd96c71ef6bde64c275e0fceb4ea138e46a5c9bf72f66dcdea3e9551cf2103188a1e98a92d8140879b34c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI27202\ucrtbase.dll
MD5
22f642b67871169cca2bfd9780b6e7d5

SHA1
1074145e16a6e97b628b73a31f09ea9af04aa0e8

SHA256
270998f0c2235b97d8c321b6f6c3172537f161780b7c2b34d296b6fdce0dd6ef

SHA512
d4a6332871dd752001e4a50f7994db79265234370154b4fc18eae76afffc1e267b6cd6b72261f4d405e70deb22edfed7671c038a3c4530892aaca65e7c9de426

Download Submit
memory/2244-131-0x0000000000000000-mapping.dmp

Download
memory/3004-115-0x0000000000000000-mapping.dmp

Download
memory/3224-132-0x0000000000000000-mapping.dmp

Download
memory/4052-133-0x0000000000000000-mapping.dmp

Download