Overview

overview

8

Static

static

URLScan

urlscan

https://github.com/B...

windows7-x64

8

https://github.com/B...

windows10-2004-x64

1

Analysis

  • max time kernel
    209s
  • max time network
    233s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    25-11-2022 12:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/Banana135/Discord-Token-Generator/blob/a78bbe7e91989224677cabf0fe978662c3f85a08/DiscordTokenGen.EXE

Score
8/10
persistence

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/Banana135/Discord-Token-Generator/blob/a78bbe7e91989224677cabf0fe978662c3f85a08/DiscordTokenGen.EXE
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1780
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1780 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1680
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96W2ZDRZ\DiscordTokenGen.EXE
      "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96W2ZDRZ\DiscordTokenGen.EXE"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:1876
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\I7rWXBO.exe
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\I7rWXBO.exe
        3⤵
        • Executes dropped EXE
        PID:1684

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1033e8b370b34570ab29faabdce8e4d8

    SHA1

    6905f2afee900cb6c4dbdbb34618e8a62121b421

    SHA256

    64a3e811bb85116946160b4d525ec31d848b8201675fd261afdf69b6829e3e05

    SHA512

    d2b87f4aaa5be6a7bb633d18ed337bd2a90099dfba1b01591753f12a07fe5ac01829bab13a832f17b5c4b0dca98a6e49680edd4f0d00ea3efa2b171aa4635e3e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\try74lz\imagestore.dat
    Filesize

    1KB

    MD5

    46053a963cb71e4d87b772fcd1020e40

    SHA1

    f8f05d8907b45ef199c2d3d73657e8e541e5aefc

    SHA256

    5d64fa75e0c5e60a55c4d025381a52e5d41acc8b975abed263fbd7815e929544

    SHA512

    f703058834b7bfde456d08c6eca1189bf07adfb3108f2da38b94640489d307bc97b6f2aa6489bc312e801f29f60b82c195714edfcd90d2e5f516abe345639a32

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96W2ZDRZ\DiscordTokenGen.EXE
    Filesize

    19.0MB

    MD5

    8ee0fa9869165fce2bd29cb3b3d0a608

    SHA1

    0cf146fe687bde007868d3adc8dde827e146f7b0

    SHA256

    a8a2f861149bcf1fd2bc9891fdc44b41f837e05f5e31384a6fc9c1e7ec44d4ec

    SHA512

    c0ea93cd78138bfdcc1eba8c522af2ba3ff90abb4435b29d21ae3fa456c78f12bc21e4914e2006368add2ae00e3b8b094a537a323fe75504ea9442bd21d4b9a8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96W2ZDRZ\DiscordTokenGen.EXE.ioo1xnu.partial
    Filesize

    19.0MB

    MD5

    8ee0fa9869165fce2bd29cb3b3d0a608

    SHA1

    0cf146fe687bde007868d3adc8dde827e146f7b0

    SHA256

    a8a2f861149bcf1fd2bc9891fdc44b41f837e05f5e31384a6fc9c1e7ec44d4ec

    SHA512

    c0ea93cd78138bfdcc1eba8c522af2ba3ff90abb4435b29d21ae3fa456c78f12bc21e4914e2006368add2ae00e3b8b094a537a323fe75504ea9442bd21d4b9a8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\I7rWXBO.exe
    Filesize

    40.5MB

    MD5

    bcb9c4e63bf92b525260759c46116c9b

    SHA1

    e6e7ed88a810d560843d627d64d7c4ea057b6fc2

    SHA256

    2a13f2d9bf02b16e90c73e971de8ecf365067942f0761a18a92d5ecba3710b02

    SHA512

    de1febb9690bb99ec2505d7187fba4a62b2ae49b746253d68bf243b295acf6dcf90b454fca30b8cea6b9cf9110a9d5f6941653d8b111c899f4f69471ec0b34b7

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DH5FA6ZQ.txt
    Filesize

    601B

    MD5

    61324aa8ac4e15e3e53fb2e977b1f37a

    SHA1

    ad6e7f5b94816cb160b71c4078b2371f67f324ce

    SHA256

    032997e22179c501ad6fccb6b87f2a033a9d4fcb05d6a673df0ffccf5b3f07de

    SHA512

    c0b2a488688e47eb782928b0fa9647297af97ed89d7a8cfb7a51b8ba14fbf184785982c9989d4794af580229c8c4a1aa30c1ea69b7407cdc25978478110fd6e2

    Download Submit

  • \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96W2ZDRZ\DiscordTokenGen.EXE
    Filesize

    19.0MB

    MD5

    8ee0fa9869165fce2bd29cb3b3d0a608

    SHA1

    0cf146fe687bde007868d3adc8dde827e146f7b0

    SHA256

    a8a2f861149bcf1fd2bc9891fdc44b41f837e05f5e31384a6fc9c1e7ec44d4ec

    SHA512

    c0ea93cd78138bfdcc1eba8c522af2ba3ff90abb4435b29d21ae3fa456c78f12bc21e4914e2006368add2ae00e3b8b094a537a323fe75504ea9442bd21d4b9a8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\I7rWXBO.exe
    Filesize

    40.5MB

    MD5

    bcb9c4e63bf92b525260759c46116c9b

    SHA1

    e6e7ed88a810d560843d627d64d7c4ea057b6fc2

    SHA256

    2a13f2d9bf02b16e90c73e971de8ecf365067942f0761a18a92d5ecba3710b02

    SHA512

    de1febb9690bb99ec2505d7187fba4a62b2ae49b746253d68bf243b295acf6dcf90b454fca30b8cea6b9cf9110a9d5f6941653d8b111c899f4f69471ec0b34b7

    Download Submit

  • memory/1684-63-0x0000000000000000-mapping.dmp

    Download

  • memory/1876-59-0x0000000000000000-mapping.dmp

    Download

  • memory/1876-61-0x000007FEFB5D1000-0x000007FEFB5D3000-memory.dmp

    Filesize

    8KB

    Download