7ca97bd72e8eac0fe804d655bc99453cc8c612c671ce0cfc6147e20262945b80

Resubmissions

10-05-2023 02:01

230510-cfqwbsfg4s 7

09-05-2023 23:53

230509-3xqj1add42 7

Analysis

max time kernel
142s
max time network
128s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
09-05-2023 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DiscordTC.exe
Size

5.7MB
MD5

d9c5692abdf8dfabed434534261b7d4f
SHA1

eded4f464442d03b70725037ebbc1f81d27f3fe3
SHA256

7ca97bd72e8eac0fe804d655bc99453cc8c612c671ce0cfc6147e20262945b80
SHA512

ffb802534f1a9454a3c454bfa52998431636ed7f2ef3d62fc41340af1cd734ef262b81d796587e6a601345d16493c8f7b875429a61ce4a8ab3e9ec08f9575bc9
SSDEEP

49152:XikcR48nCJ9g8QjQdphgh/+NHdRdkpfmSKTUgixB7/gMEgw918QlKx9ZkwHdKFr+:XX8n98QjOk9F3gi7IOwjCx4w9KF9T

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 4 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral1/memory/1544-54-0x0000000000400000-0x00000000007A4000-memory.dmp	agile_net
behavioral1/memory/1544-55-0x0000000000400000-0x000000000075E000-memory.dmp	agile_net
behavioral1/memory/1544-69-0x0000000000400000-0x00000000007A4000-memory.dmp	agile_net
behavioral1/memory/1544-91-0x00000000069D0000-0x0000000006A80000-memory.dmp	agile_net

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

DiscordTC.exe

description pid process

Token: SeDebugPrivilege 1544 DiscordTC.exe

description	pid	process
Token: SeDebugPrivilege	1544	DiscordTC.exe

C:\Users\Admin\AppData\Local\Temp\DiscordTC.exe
"C:\Users\Admin\AppData\Local\Temp\DiscordTC.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\evbAE3E.tmp
Filesize
1KB

MD5
873e89965c183ad9c2bb55eed0622261

SHA1
57380dfdae3d91d49eb8988b3d0a0aad946584db

SHA256
4548fe128bc1ac730a805f7b57922a82b61999b9e3f6a6b0d5e0488015d2671f

SHA512
0ede0724fa3ccb965f769f3caf24f3a463bb444a55f0c04ad549225826436d1eee6112a313227941f50e4591924a904da51bf4461d2a12d62d7cfbe8325a1aa4

Download Submit
memory/1544-72-0x00000000069D0000-0x0000000006A80000-memory.dmp

Filesize
704KB

Download
memory/1544-69-0x0000000000400000-0x00000000007A4000-memory.dmp

Filesize
3.6MB

Download
memory/1544-62-0x00000000741D0000-0x0000000074250000-memory.dmp

Filesize
512KB

Download
memory/1544-63-0x0000000010000000-0x00000000101C3000-memory.dmp

Filesize
1.8MB

Download
memory/1544-55-0x0000000000400000-0x000000000075E000-memory.dmp

Filesize
3.4MB

Download
memory/1544-68-0x0000000010000000-0x00000000101C3000-memory.dmp

Filesize
1.8MB

Download
memory/1544-58-0x0000000010000000-0x00000000101C3000-memory.dmp

Filesize
1.8MB

Download
memory/1544-54-0x0000000000400000-0x00000000007A4000-memory.dmp

Filesize
3.6MB

Download
memory/1544-66-0x0000000002810000-0x0000000002850000-memory.dmp

Filesize
256KB

Download
memory/1544-82-0x00000000069D0000-0x0000000006A80000-memory.dmp

Filesize
704KB

Download
memory/1544-83-0x00000000069D0000-0x0000000006A80000-memory.dmp

Filesize
704KB

Download
memory/1544-85-0x0000000010000000-0x00000000101C3000-memory.dmp

Filesize
1.8MB

Download
memory/1544-87-0x0000000002810000-0x0000000002850000-memory.dmp

Filesize
256KB

Download
memory/1544-91-0x00000000069D0000-0x0000000006A80000-memory.dmp

Filesize
704KB

Download
memory/1544-92-0x00000000069D0000-0x0000000006A80000-memory.dmp

Filesize
704KB

Download
memory/1544-93-0x00000000069D0000-0x0000000006A80000-memory.dmp

Filesize
704KB

Download