7ca97bd72e8eac0fe804d655bc99453cc8c612c671ce0cfc6147e20262945b80

Resubmissions

10-05-2023 02:01

230510-cfqwbsfg4s 7

09-05-2023 23:53

230509-3xqj1add42 7

Analysis

max time kernel
144s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2023 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DiscordTC.exe
Size

5.7MB
MD5

d9c5692abdf8dfabed434534261b7d4f
SHA1

eded4f464442d03b70725037ebbc1f81d27f3fe3
SHA256

7ca97bd72e8eac0fe804d655bc99453cc8c612c671ce0cfc6147e20262945b80
SHA512

ffb802534f1a9454a3c454bfa52998431636ed7f2ef3d62fc41340af1cd734ef262b81d796587e6a601345d16493c8f7b875429a61ce4a8ab3e9ec08f9575bc9
SSDEEP

49152:XikcR48nCJ9g8QjQdphgh/+NHdRdkpfmSKTUgixB7/gMEgw918QlKx9ZkwHdKFr+:XX8n98QjOk9F3gi7IOwjCx4w9KF9T

Score

7^/10

agilenet

Malware Config

Signatures

Loads dropped DLL 5 IoCs

Processes:

DiscordTC.exe

pid process

1592 DiscordTC.exe
1592 DiscordTC.exe
1592 DiscordTC.exe
1592 DiscordTC.exe
1592 DiscordTC.exe

pid	process
1592	DiscordTC.exe
1592	DiscordTC.exe
1592	DiscordTC.exe
1592	DiscordTC.exe
1592	DiscordTC.exe

Obfuscated with Agile.Net obfuscator 3 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral2/memory/1592-133-0x0000000000400000-0x00000000007A4000-memory.dmp	agile_net
behavioral2/memory/1592-135-0x0000000000400000-0x00000000007A4000-memory.dmp	agile_net
behavioral2/memory/1592-138-0x0000000000400000-0x000000000075E000-memory.dmp	agile_net

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

DiscordTC.exe

description pid process

Token: SeDebugPrivilege 1592 DiscordTC.exe

description	pid	process
Token: SeDebugPrivilege	1592	DiscordTC.exe

C:\Users\Admin\AppData\Local\Temp\DiscordTC.exe
"C:\Users\Admin\AppData\Local\Temp\DiscordTC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\evb6FE1.tmp
Filesize
1KB

MD5
c204d2d440bbeb79f32e55316bf4abe2

SHA1
d6462c4157683db7008cad80447803c29046ab69

SHA256
48722d97cb07be0c9691adde82fb2c52a8947f79d381f987de0436bb2a06f6b2

SHA512
35bd1be2b50ab00331b60adb75a0fe846ae0929d08f373fd3532877b70c45b8b52caf1b7371c2d946f75aff3c3506f49680e9fb8fbe0c944a2af8b83f730d4c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\evb9EB3.tmp
Filesize
1KB

MD5
873e89965c183ad9c2bb55eed0622261

SHA1
57380dfdae3d91d49eb8988b3d0a0aad946584db

SHA256
4548fe128bc1ac730a805f7b57922a82b61999b9e3f6a6b0d5e0488015d2671f

SHA512
0ede0724fa3ccb965f769f3caf24f3a463bb444a55f0c04ad549225826436d1eee6112a313227941f50e4591924a904da51bf4461d2a12d62d7cfbe8325a1aa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbB4BC.tmp
Filesize
1KB

MD5
873e89965c183ad9c2bb55eed0622261

SHA1
57380dfdae3d91d49eb8988b3d0a0aad946584db

SHA256
4548fe128bc1ac730a805f7b57922a82b61999b9e3f6a6b0d5e0488015d2671f

SHA512
0ede0724fa3ccb965f769f3caf24f3a463bb444a55f0c04ad549225826436d1eee6112a313227941f50e4591924a904da51bf4461d2a12d62d7cfbe8325a1aa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbCAC6.tmp
Filesize
1KB

MD5
873e89965c183ad9c2bb55eed0622261

SHA1
57380dfdae3d91d49eb8988b3d0a0aad946584db

SHA256
4548fe128bc1ac730a805f7b57922a82b61999b9e3f6a6b0d5e0488015d2671f

SHA512
0ede0724fa3ccb965f769f3caf24f3a463bb444a55f0c04ad549225826436d1eee6112a313227941f50e4591924a904da51bf4461d2a12d62d7cfbe8325a1aa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbCAC6.tmp
Filesize
1KB

MD5
873e89965c183ad9c2bb55eed0622261

SHA1
57380dfdae3d91d49eb8988b3d0a0aad946584db

SHA256
4548fe128bc1ac730a805f7b57922a82b61999b9e3f6a6b0d5e0488015d2671f

SHA512
0ede0724fa3ccb965f769f3caf24f3a463bb444a55f0c04ad549225826436d1eee6112a313227941f50e4591924a904da51bf4461d2a12d62d7cfbe8325a1aa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbE525.tmp
Filesize
1KB

MD5
873e89965c183ad9c2bb55eed0622261

SHA1
57380dfdae3d91d49eb8988b3d0a0aad946584db

SHA256
4548fe128bc1ac730a805f7b57922a82b61999b9e3f6a6b0d5e0488015d2671f

SHA512
0ede0724fa3ccb965f769f3caf24f3a463bb444a55f0c04ad549225826436d1eee6112a313227941f50e4591924a904da51bf4461d2a12d62d7cfbe8325a1aa4

Download Submit
memory/1592-135-0x0000000000400000-0x00000000007A4000-memory.dmp

Filesize
3.6MB

Download
memory/1592-146-0x00000000733A0000-0x0000000073429000-memory.dmp

Filesize
548KB

Download
memory/1592-150-0x0000000010000000-0x00000000101C3000-memory.dmp

Filesize
1.8MB

Download
memory/1592-133-0x0000000000400000-0x00000000007A4000-memory.dmp

Filesize
3.6MB

Download
memory/1592-171-0x0000000000D60000-0x0000000000E10000-memory.dmp

Filesize
704KB

Download
memory/1592-158-0x0000000007100000-0x00000000071B0000-memory.dmp

Filesize
704KB

Download
memory/1592-142-0x0000000010000000-0x00000000101C3000-memory.dmp

Filesize
1.8MB

Download
memory/1592-163-0x0000000007100000-0x00000000071B0000-memory.dmp

Filesize
704KB

Download
memory/1592-165-0x0000000010000000-0x00000000101C3000-memory.dmp

Filesize
1.8MB

Download
memory/1592-138-0x0000000000400000-0x000000000075E000-memory.dmp

Filesize
3.4MB

Download
memory/1592-153-0x0000000010000000-0x00000000101C3000-memory.dmp

Filesize
1.8MB

Download
memory/1592-151-0x0000000005800000-0x0000000005810000-memory.dmp

Filesize
64KB

Download
memory/1592-155-0x0000000005800000-0x0000000005810000-memory.dmp

Filesize
64KB

Download
memory/1592-176-0x0000000007100000-0x00000000071B0000-memory.dmp

Filesize
704KB

Download
memory/1592-178-0x0000000010000000-0x00000000101C3000-memory.dmp

Filesize
1.8MB

Download
memory/1592-180-0x0000000000D60000-0x0000000000E10000-memory.dmp

Filesize
704KB

Download
memory/1592-181-0x00000000009B0000-0x00000000009D2000-memory.dmp

Filesize
136KB

Download
memory/1592-182-0x0000000000D60000-0x0000000000E10000-memory.dmp

Filesize
704KB

Download
memory/1592-184-0x0000000010000000-0x00000000101C3000-memory.dmp

Filesize
1.8MB

Download
memory/1592-186-0x0000000001150000-0x00000000011B6000-memory.dmp

Filesize
408KB

Download
memory/1592-188-0x0000000010000000-0x00000000101C3000-memory.dmp

Filesize
1.8MB

Download