Overview

overview

3

Static

static

3

Discord-Ge...en.zip

windows10-1703-x64

1

Resubmissions

03/08/2023, 20:57

230803-zrwx2sgb33 3

03/08/2023, 20:55

230803-zqt23ahc7v 3

Analysis

  • max time kernel
    88s
  • max time network
    93s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03/08/2023, 20:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Discord-Gen-main/Discord Gen.zip

  • Size

    981KB

  • MD5

    e1fed71d0499f1db98833fc68bae03ba

  • SHA1

    2bbb0c6666c486d33731680beec627679ed1c21c

  • SHA256

    ee018f14fa010c52ec402ed73c77db623b377dfb66762e3ce7a05465ef7875d7

  • SHA512

    5fb81e361036a9d276e8668ad365cccf3439ba34dba414c1e798a672541eb6d4cb685ec32e8fd42f12c4f4e91c034a3141cbcbf7301de4914185eb9077523597

  • SSDEEP

    24576:mKPPbH7I73yd0MJExgsqpoE+DhS4HruMW84JOmc:bbEDdgn2E+FjHaMW84U

Score
1/10

Malware Config

Signatures

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Discord-Gen-main\Discord Gen.zip"
    1⤵
      PID:4800
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4040
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:4188
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          2⤵
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:528
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.0.1615047908\911188462" -parentBuildID 20221007134813 -prefsHandle 1692 -prefMapHandle 1680 -prefsLen 20936 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {356d685d-27c4-40e8-99d6-9166d8c91899} 528 "\\.\pipe\gecko-crash-server-pipe.528" 1784 17f57ae0558 gpu
            3⤵
              PID:4132
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.1.814768292\2074818922" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 21017 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {169d2328-d192-4488-964c-2b7b17b3f084} 528 "\\.\pipe\gecko-crash-server-pipe.528" 2136 17f4c972b58 socket
              3⤵
                PID:4904
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.2.1267385735\1348088601" -childID 1 -isForBrowser -prefsHandle 2940 -prefMapHandle 2956 -prefsLen 21055 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {51b44a65-3d1d-48da-900f-eda5b53580ac} 528 "\\.\pipe\gecko-crash-server-pipe.528" 2932 17f5bda0b58 tab
                3⤵
                  PID:788
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.3.261727254\368256448" -childID 2 -isForBrowser -prefsHandle 3444 -prefMapHandle 3432 -prefsLen 26480 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {afcfb789-3f1d-4e26-8f4c-47975880aae2} 528 "\\.\pipe\gecko-crash-server-pipe.528" 3448 17f5cb2c658 tab
                  3⤵
                    PID:2796
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.4.796141039\1068251698" -childID 3 -isForBrowser -prefsHandle 3872 -prefMapHandle 3868 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a9407a4-318f-4158-953b-42c1c97db1c3} 528 "\\.\pipe\gecko-crash-server-pipe.528" 3876 17f5d388858 tab
                    3⤵
                      PID:4148
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.5.1598502373\2107997405" -childID 4 -isForBrowser -prefsHandle 4676 -prefMapHandle 4660 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3d25e86-d004-4a0d-9125-798de6354992} 528 "\\.\pipe\gecko-crash-server-pipe.528" 4728 17f5de2f758 tab
                      3⤵
                        PID:2932
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.7.624981892\1309438477" -childID 6 -isForBrowser -prefsHandle 5032 -prefMapHandle 5036 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf78898f-c5f2-4767-a01f-554c3149a2ad} 528 "\\.\pipe\gecko-crash-server-pipe.528" 5024 17f5e293558 tab
                        3⤵
                          PID:1048
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.6.12813719\1484669254" -childID 5 -isForBrowser -prefsHandle 4848 -prefMapHandle 4852 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8df7038-1550-423d-8fbd-ac655e9bd084} 528 "\\.\pipe\gecko-crash-server-pipe.528" 4840 17f5e290b58 tab
                          3⤵
                            PID:800
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.8.91285227\980288040" -childID 7 -isForBrowser -prefsHandle 5616 -prefMapHandle 5628 -prefsLen 26699 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a4f6da2-4b85-45c9-a98f-2040d630dbeb} 528 "\\.\pipe\gecko-crash-server-pipe.528" 5648 17f5f8b5758 tab
                            3⤵
                              PID:2748
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.10.1004015189\13807190" -childID 9 -isForBrowser -prefsHandle 9352 -prefMapHandle 9348 -prefsLen 26874 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {70e48046-d5df-4646-96b7-2b998bdb958f} 528 "\\.\pipe\gecko-crash-server-pipe.528" 9364 17f604a3c58 tab
                              3⤵
                                PID:2268
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.9.490707997\2088177267" -childID 8 -isForBrowser -prefsHandle 1568 -prefMapHandle 3904 -prefsLen 26874 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0420118b-59f3-43cd-943b-10036aab6f72} 528 "\\.\pipe\gecko-crash-server-pipe.528" 2852 17f604a2158 tab
                                3⤵
                                  PID:4912
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.11.1465722474\115861505" -childID 10 -isForBrowser -prefsHandle 9180 -prefMapHandle 9892 -prefsLen 26874 -prefMapSize 232675 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86b365a8-9581-4457-82c5-2f9b5d69cf17} 528 "\\.\pipe\gecko-crash-server-pipe.528" 9904 17f6060de58 tab
                                  3⤵
                                    PID:368

                              Network

                              MITRE ATT&CK Matrix

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bbvefu0b.default-release\activity-stream.discovery_stream.json.tmp
                                Filesize

                                150KB

                                MD5

                                98bae6e5f64edc4fb3610a765577ad0c

                                SHA1

                                6a9f8e3b2b4ff03bbfd612e99797916fc98934a4

                                SHA256

                                bc5cc6c2e33748bd84c755d7d5df7b517f46469038337c07f6a0c24727e16908

                                SHA512

                                2d0fb761fec9ff89af758d3fedf761d4567a42247c5fc968cc02cfa1d191a2a43b3cb16a655c5c01fdab2a89c631d447c3e476efd8fede3b5bf39c1c3f88b918

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bbvefu0b.default-release\cache2\doomed\21033
                                Filesize

                                8KB

                                MD5

                                4532c208e0c6dcf9e98ff38ebbf97bcb

                                SHA1

                                e280a8d27f92b2f50ff0b45f88fd23641e00b300

                                SHA256

                                a1d9ef5d47a58dc4d1db1ca08b2ea3626e82ed437884bdabc2493301c97b48d2

                                SHA512

                                3b4b25626a3ec7fa74d6284e8ff115f479bc39452df4acd79c7baca1c72e95ced9b6437984842742ce44aa424d4f87a3a4b54378638b37cbbb3ab657fadd7ad2

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bbvefu0b.default-release\cache2\entries\677B80A25A006EDCC273545819E7C8B9A97E5201
                                Filesize

                                42KB

                                MD5

                                a27eee9d9a9e5d9b5f16deb6df07b96b

                                SHA1

                                815dc89bcd9391c375cb58d4278a3a8bafa8629a

                                SHA256

                                e89b468674badbfeb3ac2df245d507577271b845e3630636aece89a2fed15d24

                                SHA512

                                a1acf96cc113629f5407ba411cce0899424e1f27e16e81e742a084905eea425589228a3fd7c8399bb3edc2b974d87e9ac82675dcf84adee3a6ecfc592f05a041

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bbvefu0b.default-release\prefs-1.js
                                Filesize

                                6KB

                                MD5

                                fac7b330fcbcb3b38cac999296dd605f

                                SHA1

                                270aa33704feeb7f18beba4fe2de4bec92f67960

                                SHA256

                                bb02c67d8072dd31bba042fcd571f4b34d4f8e6893a6a14bfca34f6955a64be4

                                SHA512

                                e4a33d628ffe03cfbe05f061175ab3a08c30b43dd27118465cbd9e35d7cbf77112ae01d93bf6d4f32f0cd5cc3704288f7e3ca4e24b594e9438ad400b272ba962

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bbvefu0b.default-release\prefs-1.js
                                Filesize

                                7KB

                                MD5

                                415a48fa227f328a2ee1aedefe9a435e

                                SHA1

                                a61e53478399e962e2121062187ed467c94200ab

                                SHA256

                                5cac509491903c72547d742853e41825e7594c75da3fe8493bf731e257381516

                                SHA512

                                f36284150aa385d25483827c7522020203e3836701b3e332bb2fae35e22b4f2af1e271632994609bc2cf97f7d9550dee8e3fac21936e5da7dc35efcd0c179343

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bbvefu0b.default-release\sessionstore-backups\recovery.jsonlz4
                                Filesize

                                2KB

                                MD5

                                c1eaa46d51b8547b30fe5ec21df69b0b

                                SHA1

                                c66b29147419be2c4e935efbd1375ff9d18fc7b8

                                SHA256

                                8febb071f7aa258bad133d8671852844c58d9a57bd1505417752e2ea7cf1ebc2

                                SHA512

                                30c56fd106c4c4bd4d29c1f08651899178cfb93238507b055fa482f905038c6e3bfd78f81f31527202351967eee56637a7646a0270e775a5279c1abb272ca092

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bbvefu0b.default-release\sessionstore-backups\recovery.jsonlz4
                                Filesize

                                3KB

                                MD5

                                17c666df16ac700519523da0243a7fbf

                                SHA1

                                e3cc7436624f6f1ee770b16270773c443fdd527a

                                SHA256

                                7c7804e5e14c338307a368f43920023be1086edf1a67e70d4654196b96884aa1

                                SHA512

                                158aefb16620152548ae3b8cbd747b039965b11f37cf6f71fbb744b59994179bfee2e55e50214c469da35fc599af2aa1d6d8ba319c247fb147bc6e9177a66715

                                Download Submit