e5b33a838a0963fac7d8f9c7174e64afce095cb4cc0f4425e53f81d723f3e938

Analysis

max time kernel
33s
max time network
40s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
08-12-2022 17:37

Target

Discord-Token-Logger/builder.py
Size

4KB
MD5

5cba7428b9d2e0dd5a53a5db71e72c51
SHA1

aa9ab9821ce08008b24480d4472b0b7e50a0b5d0
SHA256

bb2f1d6cfc68e9c00ed6b48b53a17b2bd6ce4b0c72098d8f1ad787dcf3514133
SHA512

766357235bef1bedb882fb8547a6df16040c6931f658d816c322b4768e47526c437501caff4ce2fd9ad0f1c347aeb0ba10595d0c62f64a5e359deacbc2818075
SSDEEP

48:3CAMOWXKO4m1WPkCvvguYSmiIIeB4i4fa4V4Y4lr4PgBU4PO4+4t4PDc4ph4+4lg:yAMOWgrvvt/hIIeMsCaUDfAIIE8V0

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

Processes:

cmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

4980 OpenWith.exe

pid	process
4980	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Discord-Token-Logger\builder.py
1⤵
- Modifies registry class
PID:4648

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact