Analysis

  • max time kernel
    29s
  • max time network
    33s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    24-04-2022 16:56

General

  • Target

    Discord token grabber/TokenPuller V.3.1 (setup) - by hokyz.exe

  • Size

    30.1MB

  • MD5

    ba32786e2bcde7e3d648e3fb7eb9e29c

  • SHA1

    298561178fea0eda9cdbf59f93928b74b475dea9

  • SHA256

    0d8833793a712d4af7c832fbbb70dd171d15de09e5f472fa351294eba746baa1

  • SHA512

    e8ec4f2ce32cc583ec2365702ffd0998e57d5212263196e96bb2e3f5b13353f483fc347671dc7c13fa8d9b3f195beec1956ed0fc1b45b87acd7efa103956f54f

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Enumerates processes with tasklist 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Discord token grabber\TokenPuller V.3.1 (setup) - by hokyz.exe
    "C:\Users\Admin\AppData\Local\Temp\Discord token grabber\TokenPuller V.3.1 (setup) - by hokyz.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:968
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1344
      • C:\Windows\system32\tasklist.exe
        tasklist
        3⤵
        • Enumerates processes with tasklist
        • Suspicious use of AdjustPrivilegeToken
        PID:3192

Network

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Process Discovery

1
T1057

Command and Control

Web Service

1
T1102

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/968-130-0x0000036BD8480000-0x0000036BD8481000-memory.dmp
    Filesize

    4KB

  • memory/1344-131-0x0000000000000000-mapping.dmp
  • memory/3192-132-0x0000000000000000-mapping.dmp