c6bd3da755f382466610ed96d363e701cf044819b925684896af26b797abaa6d

Target

DiscordSetup.exe
Size

79.1MB
MD5

3d99554cc8bdd96ab58483a21d821740
SHA1

85389db7e48c563d77cbef27e2f5724cbef4a151
SHA256

c6bd3da755f382466610ed96d363e701cf044819b925684896af26b797abaa6d
SHA512

be063484581b219ae27f6f515901bde14d03fa76adfe1bd33b9174a5551c719e09946548cd5acae0b5204dd21e6e349707cb06225a6d640a542eb15ec8aae183

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Update.exe

pid process

432 Update.exe
Loads dropped DLL 1 IoCs

Processes:

DiscordSetup.exe

pid process

696 DiscordSetup.exe

pid	process
432	Update.exe

pid	process
696	DiscordSetup.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

DiscordSetup.exe

description	pid	process	target process
PID 696 wrote to memory of 432	696	DiscordSetup.exe	Update.exe
PID 696 wrote to memory of 432	696	DiscordSetup.exe	Update.exe
PID 696 wrote to memory of 432	696	DiscordSetup.exe	Update.exe
PID 696 wrote to memory of 432	696	DiscordSetup.exe	Update.exe
PID 696 wrote to memory of 432	696	DiscordSetup.exe	Update.exe
PID 696 wrote to memory of 432	696	DiscordSetup.exe	Update.exe
PID 696 wrote to memory of 432	696	DiscordSetup.exe	Update.exe

C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe
"C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:696

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
2⤵
- Executes dropped EXE
PID:432

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\SquirrelTemp\Discord-1.0.9003-full.nupkg
MD5
ea7556045779bbe4eb823c0cafd68ef5

SHA1
47653a0371424ab25bfdef1a96977cb6ff19441b

SHA256
6f103856115d8f5d5e79d0951d17e6126000d89e46849d99d7ccf41867f9ad61

SHA512
349de8c7952b9ee5133208c70c4010524ef27e801fcbee5b2ff55cd6d812ef35f983e6d99a28f8bd402e408fe46ab360b1c05d67e75ff66c17221163c080ce86

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES
MD5
867e283b0f115cf51f1e3f917820a060

SHA1
bef3948d11f745dbbff3881636178a95cda9c65a

SHA256
fb83cde18197b12c25b69334903ec4b9ba5a2b64ad5a74f33fb6abe61bd7c58b

SHA512
75a0a64ce15f26b7d2ca61a00c885f3c54168525b6c5be4f4a4369a367f8d93f61aebc7d14f64aa65edd26b73b424e7c6f483ed85e4cbc7f5fe588a07aca71b9

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
MD5
e039f56dc6315942bc3e3d9ad4d586e7

SHA1
5158b6bf1f2b278e9524d48fab8d9bfdcdf0ed50

SHA256
e510ae1a59dd629d0c03425bcc4457e68926fe7b204154d9eebce9d2985925a1

SHA512
2b20a423f7d54c1c3009a30f47ee7774e0b6170c03c3fbb63804551e43751d31bfa16762fb63dae0349a7e93e8009c98e9cec56bf6acc6151e283f7774619a60

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
MD5
e039f56dc6315942bc3e3d9ad4d586e7

SHA1
5158b6bf1f2b278e9524d48fab8d9bfdcdf0ed50

SHA256
e510ae1a59dd629d0c03425bcc4457e68926fe7b204154d9eebce9d2985925a1

SHA512
2b20a423f7d54c1c3009a30f47ee7774e0b6170c03c3fbb63804551e43751d31bfa16762fb63dae0349a7e93e8009c98e9cec56bf6acc6151e283f7774619a60

Download Submit
\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
MD5
e039f56dc6315942bc3e3d9ad4d586e7

SHA1
5158b6bf1f2b278e9524d48fab8d9bfdcdf0ed50

SHA256
e510ae1a59dd629d0c03425bcc4457e68926fe7b204154d9eebce9d2985925a1

SHA512
2b20a423f7d54c1c3009a30f47ee7774e0b6170c03c3fbb63804551e43751d31bfa16762fb63dae0349a7e93e8009c98e9cec56bf6acc6151e283f7774619a60

Download Submit
memory/432-57-0x0000000000000000-mapping.dmp

Download
memory/432-60-0x00000000010E0000-0x00000000010E1000-memory.dmp

Filesize
4KB

Download
memory/432-62-0x0000000004DC0000-0x0000000004DC1000-memory.dmp

Filesize
4KB

Download
memory/696-55-0x0000000074F01000-0x0000000074F03000-memory.dmp

Filesize
8KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads