Overview

overview

10

Static

static

URLScan

urlscan

1

https://cdn.discorda...

windows7-x64

8

https://cdn.discorda...

windows10-2004-x64

10

Analysis

  • max time kernel
    917s
  • max time network
    903s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    08-09-2022 03:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cdn.discordapp.com/attachments/920160935023362120/1016187578766073866/update.exe

Score
8/10
themida

Malware Config

Signatures

  • Downloads MZ/PE file
  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://cdn.discordapp.com/attachments/920160935023362120/1016187578766073866/update.exe
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1448
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1448 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1316

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7d84e0a8cfff1e905d81191bf95f0700

    SHA1

    25d87e6b3fa310f31f4bc50bbe4e4a6635aab885

    SHA256

    811ff2a8efa0fb56aed925c7ed7938c59a37fd70e6e215ec099a2dd5466d5ccb

    SHA512

    937ad4cc51c39a2ea48329eb245be2d94b0e1f922d3b5b2a66d189374bf936a8b80085cd734c508554eb020fad7f5a374c14155654f073581287611936da47d1

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\I257A5JO.txt
    Filesize

    603B

    MD5

    49e50bbbe91fe6e0d3f137e6ef3ca830

    SHA1

    215e43e0c9634ad46d9e2096c7ae92efc08ccf59

    SHA256

    76e5e5ffe8a91e15eaeec8f54063f912710393b55425ee6e4f59f21f5facb06c

    SHA512

    7033405635922db794ac3f559c134afab53d546ab98bce9007e9cbedcd13925ed92fd8279e768466fe9c8c9f9e981183251caf3b809f967967d7135baf9e3e8b

    Download Submit
  • C:\Users\Admin\Downloads\update.exe.eyjqazb.partial
    Filesize

    7.6MB

    MD5

    38d2e3ad694e5221b828441d82d6172d

    SHA1

    02e58b9fccb8fb01339c5f24aa26d656db389bcd

    SHA256

    3e8f5d33715f69f5297ca2750d9a9ed491749f009455217626b16f3b268dbcaf

    SHA512

    e96ca478921cb272f3b246e83b1b7a695638fb001dd05348ef4861b1842a2c49bccc4864867f99439e262fa983202056c196a2508597e2c83f4350683d5e6ea8

    Download Submit