54bb1a394197df666003cd83a607b364b373c32df999c51f3c14bb830fc776ee

Analysis

max time kernel
71s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
04-05-2023 16:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Discord.AIO.exe
Size

6.5MB
MD5

7adc6022bb09db5e263fb294aaab2566
SHA1

77746a413c35573521c14eba036a2da5da68526a
SHA256

54bb1a394197df666003cd83a607b364b373c32df999c51f3c14bb830fc776ee
SHA512

21922589a3dc6fd2ccf4545dceb15249ca8882d946d9a29a90248dec55ed41b719d9d835381e0115a10d58957dbbc7ac3a277c2e1e88f398c672bed8e249a11a
SSDEEP

98304:27w0WYwOYA4vWVU4fgcmnH3EPIL6yFs9u/FpboNe7mZD7JOu9mq2Jo2N/03FIgcG:ts4vkmXas+6cOGR2JFNmWZCZ

Score

10^/10

Malware Config

Signatures

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
behavioral1/memory/924-54-0x0000000001170000-0x00000000017EA000-memory.dmp	disable_win_def

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	924	Discord.AIO.exe

C:\Users\Admin\AppData\Local\Temp\Discord.AIO.exe
"C:\Users\Admin\AppData\Local\Temp\Discord.AIO.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:924

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/924-54-0x0000000001170000-0x00000000017EA000-memory.dmp

Filesize
6.5MB

Download
memory/924-55-0x0000000001130000-0x0000000001170000-memory.dmp

Filesize
256KB

Download
memory/924-56-0x0000000001130000-0x0000000001170000-memory.dmp

Filesize
256KB

Download
memory/924-57-0x0000000001130000-0x0000000001170000-memory.dmp

Filesize
256KB

Download