Overview

overview

1

Static

static

1

URLScan

urlscan

https://github.com/i...

windows10-2004-x64

1

Analysis

  • max time kernel
    49s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/05/2023, 15:56

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/imvast/Discord-Unlocked-Gen/archive/refs/heads/main.zip

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 22 IoCs
    adwarespyware
  • Modifies registry class 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 52 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/imvast/Discord-Unlocked-Gen/archive/refs/heads/main.zip
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1824
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1824 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2488
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3604
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4736
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Temp1_Discord-Unlocked-Gen-main.zip\Discord-Unlocked-Gen-main\main.py"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:3104
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\Temp1_Discord-Unlocked-Gen-main.zip\Discord-Unlocked-Gen-main\main.py
          3⤵
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2504
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2504.0.593002227\1723444899" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fa44fb0-8a9a-410a-9d9a-51b22a0f1adf} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" 1916 24c922ec858 gpu
            4⤵
              PID:1756
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2504.1.1583423336\1985922742" -parentBuildID 20221007134813 -prefsHandle 2328 -prefMapHandle 2324 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86fc8be1-6e7e-40ca-8200-c14e506face4} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" 2340 24c85276b58 socket
              4⤵
                PID:3904
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2504.2.18879633\631471840" -childID 1 -isForBrowser -prefsHandle 3192 -prefMapHandle 3188 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1500 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90a23b7c-d883-4e4a-bd23-9822463ddc3a} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" 3200 24c92269058 tab
                4⤵
                  PID:1468
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2504.3.1389199583\51247898" -childID 2 -isForBrowser -prefsHandle 3744 -prefMapHandle 3740 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1500 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d28f9b8-6d87-42c3-a82d-21ca2d47ce7c} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" 3756 24c85272258 tab
                  4⤵
                    PID:348
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2504.4.827696760\1571086188" -childID 3 -isForBrowser -prefsHandle 4660 -prefMapHandle 4692 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1500 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afd09743-b2ba-4d5d-946b-d142d795b3a6} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" 4720 24c965cc258 tab
                    4⤵
                      PID:1656
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2504.5.582636679\1491429183" -childID 4 -isForBrowser -prefsHandle 4852 -prefMapHandle 4856 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1500 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86334a5b-eada-4943-a6a2-bf824efa1f1f} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" 4936 24c98a9b558 tab
                      4⤵
                        PID:3788
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2504.6.1651573952\1513309593" -childID 5 -isForBrowser -prefsHandle 4856 -prefMapHandle 5072 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1500 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34e40ffd-d087-45f1-97a1-a5683c00212b} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" 4920 24c98a99a58 tab
                        4⤵
                          PID:4512

                  Network

                        MITRE ATT&CK Enterprise v6

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\Discord-Unlocked-Gen-main[1].zip
                          Filesize

                          26KB

                          MD5

                          ab85c415efbc7d38b40c1e55a589d4b7

                          SHA1

                          a246d66d2660ed9db8a31534191fa8e3e1bf3bf8

                          SHA256

                          7e46a1af532551b6f24c3bee96783f7e93a70433fb8f7df5d5f28105ae9fd0e2

                          SHA512

                          ac7d302d59b9c1f80e702ca0bdb9b53a771eb718ae3ba6e5aea8a1ef935b86db441bac28a67b772ee5fa1821282b3230d1b1f002ba936c641edc819d9244aa7c

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\suggestions[1].en-US
                          Filesize

                          17KB

                          MD5

                          5a34cb996293fde2cb7a4ac89587393a

                          SHA1

                          3c96c993500690d1a77873cd62bc639b3a10653f

                          SHA256

                          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                          SHA512

                          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          153KB

                          MD5

                          7ec1ab02b6d4b50c98cb3a333134c3c4

                          SHA1

                          27825bf4557d27d23a9c2273883d27e9fc5e7677

                          SHA256

                          37238cabca9fdb2ecc1e0bf31fd08080484759c0eeb27fb572ee6e8e5ecc684f

                          SHA512

                          2eaf86cc57361e519082a0c4dda26b103e96a94df38b14f831e6e5f3822c9d0ebfed25c1ea35995c6275e5ddf08c0e695c8bd48f7f2824f04e6f4a63779f958d

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          ff51728d23a3125892dfcf8816023e18

                          SHA1

                          74e584371c83dfc72c3c1d6bd6bfdf5173700bd6

                          SHA256

                          b6115ab3ad90619361c6446ac0390d8b7a6ef2490513d013fa31cd3eb386a23d

                          SHA512

                          ec723520c30135ceeff8aaa66d53431967c9ccf18bfd8bdd9a74782d948be31e13352c92419c4bf5a53cd975093e29afb000cdd26db28f75b370b47b4966439f

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          f3119dd82605e08bae5ad81443d912f8

                          SHA1

                          bec2286a7a1b50c839ab74b5b7cbe7751a20a08d

                          SHA256

                          85e598d7e1a90788039d0aef5950922be6dec9c97bbbc045c7def6974bb23ba5

                          SHA512

                          aa57cedf7c69a5c61a14c0b4860805132c06a7a2c4f3defebcbc216634dadceec5add1d92d42b1ecdfeed92691a75a3c54be1fa78662b5a1606a5a93af811a66

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
                          Filesize

                          7KB

                          MD5

                          b1864ddf4da1d9008021da7aed1ba063

                          SHA1

                          411fc00bb8ab8ee4000bb93df6cb5ebd8335535d

                          SHA256

                          362964b9aeea3ecbdde43ecec0c2d93f4a295efd1294b76f2ba9c8ed731bb8dc

                          SHA512

                          de72f6917a084fbf83a952f0de2b3d96d621743d260d430b586758972757ec9f61fadc2ebf18ab6203147f874a234a3de6ab43bed1e68121e40de0dd68242ab7

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          889c5f9d4e61d2c8219876f320d3084c

                          SHA1

                          c32d35e57a3c25b5955c5c2e22b559629fdcbaca

                          SHA256

                          1bc5df1c73312ba180b2021a0433fdd7e7a77477c322611e108ad2be5fc4af79

                          SHA512

                          128853769eb322f8b54a6b8c0bcdba05cf28733eba3db1118c03e954c98cd5e580740b0bc149a4d4494172f48d4d2eef1f0f420f7b851efc6d4adb7990f4d8bd

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          f73e52d124620d05267ba934f3b312d3

                          SHA1

                          34121aa291d9f88b3e8e3a2fa37cb1c06cac2d30

                          SHA256

                          fc898a91ae8ce9d241c586f5dee2e60450dcdc5a31f1a7015d6dc2f4fefe4ac7

                          SHA512

                          4ef67626a2ba584817d707c71ddf7e7ce75a780921c3fcdfa8a03de0de9303c4b548ce3c3b493f1c4876d511271978bcd3cdbc2d1003b23c2459847180045d46

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          963fd00f121ca627cab831fb6e3f2cd2

                          SHA1

                          d5afb7a13b5ff720c021cba4a586682bbbcc0a4b

                          SHA256

                          302fb1fd942aeb6316a7a2cb2ea09f669d7eee73f59ef25758cbe76c81a3af17

                          SHA512

                          dfca0c1fcd2031d24675dc6724a0eba437f71673063d667f919b117c7e2a7afec0540deb41ccb904653823474af8a10bd7d30b508926812368a1b26247f6192c

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          83ba6ef1b71b5adecf79e3012fa70399

                          SHA1

                          696938021c42d0c1a1611eea20e49c909de7eeb4

                          SHA256

                          100795c496d1a1f17335fd3131d0e5e505e830d7f15663b46e576911b3f8b43b

                          SHA512

                          45a2d2aa3277991196b3e9aa577cfcef62e8335a6d46cfeb30f47c37d185396479b7206155815c498e3c3ee8ecd760afa00ca9cbe2e78c6bef0353b314d11f3f

                          Download Submit

                        • C:\Users\Admin\Downloads\Discord-Unlocked-Gen-main.zip.58obvrt.partial
                          Filesize

                          26KB

                          MD5

                          ab85c415efbc7d38b40c1e55a589d4b7

                          SHA1

                          a246d66d2660ed9db8a31534191fa8e3e1bf3bf8

                          SHA256

                          7e46a1af532551b6f24c3bee96783f7e93a70433fb8f7df5d5f28105ae9fd0e2

                          SHA512

                          ac7d302d59b9c1f80e702ca0bdb9b53a771eb718ae3ba6e5aea8a1ef935b86db441bac28a67b772ee5fa1821282b3230d1b1f002ba936c641edc819d9244aa7c

                          Download Submit