Overview

overview

10

Static

static

10

Discord To...rd.exe

windows7-x64

7

Discord To...rd.exe

windows10-2004-x64

8

Discord To...ain.py

windows7-x64

3

Discord To...ain.py

windows10-2004-x64

3

Discord To...OR.dll

windows7-x64

1

Discord To...OR.dll

windows10-2004-x64

1

Discord To...hy.dll

windows7-x64

1

Discord To...hy.dll

windows10-2004-x64

1

Discord To...to.dll

windows7-x64

1

Discord To...to.dll

windows10-2004-x64

1

Discord To...on.dll

windows7-x64

1

Discord To...on.dll

windows10-2004-x64

1

Discord To...le.exe

windows7-x64

3

Discord To...le.exe

windows10-2004-x64

3

Discord To...pp.xml

windows7-x64

1

Discord To...pp.xml

windows10-2004-x64

1

Discord To...rv.exe

windows7-x64

9

Discord To...rv.exe

windows10-2004-x64

9

Discord To...ram.js

windows7-x64

1

Discord To...ram.js

windows10-2004-x64

1

Discord To...er.vbs

windows7-x64

1

Discord To...er.vbs

windows10-2004-x64

1

Discord To...es.vbs

windows7-x64

1

Discord To...es.vbs

windows10-2004-x64

1

Discord To...csproj

windows7-x64

3

Discord To...csproj

windows10-2004-x64

3

Discord To...LI.exe

windows7-x64

1

Discord To...LI.exe

windows10-2004-x64

1

Discord To...re.dll

windows7-x64

1

Discord To...re.dll

windows10-2004-x64

1

Discord To...er.dll

windows7-x64

1

Discord To...er.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    133s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-09-2022 21:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Discord Toolz/Utils/API's/bin/App.xml

  • Size

    184B

  • MD5

    13ff21470b63470978e08e4933eb8e56

  • SHA1

    3fa7077272c55e85141236d90d302975e3d14b2e

  • SHA256

    16286566d54d81c3721f7ecf7f426d965de364e9be2f9e628d7363b684b6fe6a

  • SHA512

    56d0e52874744df091ba8421eeda9c37854ece32a826bd251f74b88b6334df69736b8cd97104e6e7b2279ef01d2144fee100392744cc1afb7025ebbad5c307a8

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Discord Toolz\Utils\API's\bin\App.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3576
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Discord Toolz\Utils\API's\bin\App.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2060
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2060 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4856

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    b471dd02d20e38a6695cf3cdb539ce96

    SHA1

    d5006f272254f2639c3b7cd53a4a623aee592ac5

    SHA256

    b6f5d3c2883398ddf4f651161f90a7c85469e1f9d764de6f8481845951d1d149

    SHA512

    a8f8e19635caacf0ba160c9f502514542c9e785070aea3976be688dba8e1bb8a8b0483c286484d619451d47e3f3236bc9f44177d0f8ccd0c5a064f7aa890cf58

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    344c534962aafc1f4edb22720705259a

    SHA1

    3a3974732c8546b0fd1799fb0285899e7dcf930d

    SHA256

    40738bab08e30310c71122347e2114ecaaa901bc7d3960f64acd101f4b708c4e

    SHA512

    1d7cbb07e1b2651d4a252cfa3483c5bbc5778c0f54e87b9077f43f12b8b4a55f54551b672e3df6684e8395a9b6ffc7142f9ffc40cd53ff112f675476360f10fe

    Download Submit
  • memory/3576-132-0x00007FF8AE4F0000-0x00007FF8AE500000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3576-134-0x00007FF8AE4F0000-0x00007FF8AE500000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3576-133-0x00007FF8AE4F0000-0x00007FF8AE500000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3576-135-0x00007FF8AE4F0000-0x00007FF8AE500000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3576-136-0x00007FF8AE4F0000-0x00007FF8AE500000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3576-137-0x00007FF8AE4F0000-0x00007FF8AE500000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3576-138-0x00007FF8AE4F0000-0x00007FF8AE500000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3576-139-0x00007FF8AE4F0000-0x00007FF8AE500000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3576-140-0x00007FF8AE4F0000-0x00007FF8AE500000-memory.dmp
    Filesize

    64KB

    Download