a1ea0d96d6ebb8587c2e9a3af50b9b95893229e66dc9038271c19c465e1e4432

Analysis

max time kernel
140s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
22-01-2024 17:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ultimate_discord_nuke.exe
Size

11.5MB
MD5

a86bc9c2f2c363e6a86afb3078c33c68
SHA1

5d416d8945aeaac22c9b58e890114048d85f7f1b
SHA256

a1ea0d96d6ebb8587c2e9a3af50b9b95893229e66dc9038271c19c465e1e4432
SHA512

292650a56747cf252237894f7392d3fa108fc5637f1dbe53e062913e44fd2774c84da2387cfc6e71f479af3b410c1fe83f4694905036d89d41c2b7192a167aa2
SSDEEP

196608:pWIIJi5fmzONYXz5neX38DXDQ9xtbYPvbJQlHHO2SvWssYupK8CKwIwPuHxKTrbf:qJ3p0MDTQ9xkJQlnVMLPuHEz8Ati

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 19 IoCs

pid	Process
1868	ultimate_discord_nuke.exe
1868	ultimate_discord_nuke.exe
1868	ultimate_discord_nuke.exe
1868	ultimate_discord_nuke.exe
1868	ultimate_discord_nuke.exe
1868	ultimate_discord_nuke.exe
1868	ultimate_discord_nuke.exe
1868	ultimate_discord_nuke.exe
1868	ultimate_discord_nuke.exe
1868	ultimate_discord_nuke.exe
1868	ultimate_discord_nuke.exe
1868	ultimate_discord_nuke.exe
1868	ultimate_discord_nuke.exe
1868	ultimate_discord_nuke.exe
1868	ultimate_discord_nuke.exe
1868	ultimate_discord_nuke.exe
1868	ultimate_discord_nuke.exe
1868	ultimate_discord_nuke.exe
1868	ultimate_discord_nuke.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 1868	1340	ultimate_discord_nuke.exe	90
PID 1340 wrote to memory of 1868	1340	ultimate_discord_nuke.exe	90
PID 1340 wrote to memory of 1868	1340	ultimate_discord_nuke.exe	90

C:\Users\Admin\AppData\Local\Temp\ultimate_discord_nuke.exe
"C:\Users\Admin\AppData\Local\Temp\ultimate_discord_nuke.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Users\Admin\AppData\Local\Temp\ultimate_discord_nuke.exe
  "C:\Users\Admin\AppData\Local\Temp\ultimate_discord_nuke.exe"
  2⤵
  - Loads dropped DLL
  PID:1868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI13402\VCRUNTIME140.dll

Filesize
81KB

MD5
4c360f78de1f5baaa5f110e65fac94b4

SHA1
20a2e66fd577293b33ba1c9d01ef04582deaf3a5

SHA256
ad1b0992b890bfe88ef52d0a830873acc0aecc9bd6e4fc22397dbccf4d2b4e37

SHA512
c6bba093d2e83b178a783d1ddfd1530c3adcb623d299d56db1b94ed34c0447e88930200bf45e5fb961f8fd7ad691310b586a7d754d7a6d7d27d58b74986a4db8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13402\_asyncio.pyd

Filesize
55KB

MD5
5435ce08f40fbe43230cae8d3dff232c

SHA1
273472cac7263056762d0c08e8676b902700efb1

SHA256
79fda30cbfc95db2ba60646ff53dff45b5add57c12241c4a82fa798cb3b543df

SHA512
f34718ceb0668f94eeee2016d20fa29b70a3c84f76bcb7dd8eac4f4a44e88a8895297b6e7eeed01da2e2c9de809f3ea291f94eb7e8b9c2a227fb14e2b324ee46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13402\_bz2.pyd

Filesize
76KB

MD5
0f75c236c4ccfea1b16f132f6c139236

SHA1
710bb157b01cafe8607400773b3940674506013b

SHA256
5dc26dcbf58cc7f5bfdec0badd5240d6724db3e34010aaf35a31876fe4057158

SHA512
5849ea147ada06c8b7a9fd523917009c173ace07ba1dbd320d7dda7f6d910b75ba4b7372f22bb56101c9dd836ce1a590b7715a7f34a67a489d70439b88998dd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13402\_ctypes.pyd

Filesize
113KB

MD5
3a2e78784b929003a6baceebdb0efa4d

SHA1
abb48b6a96e22b9bd6d2a8443f5811088c540922

SHA256
f205948b01b29cb244ae09c5b57fd4b6c8f356dfcd2f8cb49e7cfd177a748cf9

SHA512
ad5a9a5143b7e452d92cc7ea5db12967b2073b626be3437d17041d7ae6d82ee24b15d161d2f708639d3bbf8c657202cd845009a219657557203497ea355876ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13402\_hashlib.pyd

Filesize
37KB

MD5
05362add80824b06014645a7951337d8

SHA1
76699e6dae7df93626906e488ef6218f9afcf8b5

SHA256
20b3a3d3350b3d4d57911ecfdb15f77512a6e73c3bf72b410724f81c79a5b1af

SHA512
061562b46e38c9bb83d49a9983d9848669ce2a20970451157b6474ef5dcc4ff38cc2a837b03cff89eacb4eae2063d2c1f43fccd6bd481dbbcabc5527f8489f0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13402\_lzma.pyd

Filesize
182KB

MD5
54f12e2385a77d825ae4d41a4ac515fe

SHA1
5ba526ac1c5f16fb7db225a4876996ab01ee979f

SHA256
08de18fba635822f3bb89c9429f175e3680b7261546430ba9e2ed09bb31f5218

SHA512
ea88774fd63a3d806f96e99255705ac68f615508c5887ae18b8d488bdf87268a634c12eb167c13199f4a0fb31795531b1f7d48bdacbd46cf8affa694a630d259

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13402\_overlapped.pyd

Filesize
37KB

MD5
aa428e44a78a280ec8152c43d8284f6f

SHA1
4cf4631b86036e44f55cf8990f076f2a3aaab0e3

SHA256
f8fda2a6e3ff0069e634feec4854ee7a8c24134c747de3211ac2ba26e0188c79

SHA512
94485bab2531cdcddf23db51b7a40a53eaf47bc5b690f5ed4592adf7879a94369df642cede0d280a02acb0368f3a234593f95d09d841fa727dcf1255d5bef40a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13402\_socket.pyd

Filesize
67KB

MD5
cea329ce0935e99a8bc01070f07fefaf

SHA1
9d81307e9559d0661633530e5756957b05d84268

SHA256
d1a4d66c557c2fe7dc441614ca62e67f37ec44bef5a762bac41bac15d491a930

SHA512
b6aea9c2221bf35b0895c35942cf3c9613ec7919540b4c24a3b97d7a0846256e9ba654e8f233fadca1b15ff0b7d30d73adfaec85bcadb6100fd73e62d3a068ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13402\_ssl.pyd

Filesize
139KB

MD5
b9ecf769fc63a542a113ca1552dc7a7b

SHA1
04bd2c2f6f3ae7d8d996c0166d98e0d6aae7b514

SHA256
e0bdb16cffc7b5a19c5af22d8a33d3c999d55a3117f2da07ed3171ca9487927e

SHA512
593075258548d3ab125ea2f71822662d5ab19c8e036edaf2b92eb63fe721af09fbeae27fdb36e033f654fb55e78a5922a18d5a527fd1c815f691950ba6adcb85

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13402\base_library.zip

Filesize
768KB

MD5
2f6f14ba70d0e0b222af71c3b7b051a6

SHA1
196cc7cabac34242b8fe2c6ac654ef5bd53368c2

SHA256
5e831304ea917e4aee85e34ff95f2eb7a96a7404a37eb6f44b7bdac3a1e66fee

SHA512
edea800225e3a8cebe296036931334af1dcd8c6742b8fe7f0b0e2d6be731177297b4e8c4201686c50034d7fef9d84688345993dde4cca17df6290bb1890e0aa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13402\libcrypto-1_1.dll

Filesize
2.1MB

MD5
73def838c090acd4be070c649cbd3bf1

SHA1
3dd16cf7740119e7a1d4f56b4c4934a724682e84

SHA256
52d89fac9e42d87300e1427cb41c331f78a7e488d0cbbed8db4adf9d930c89d1

SHA512
1a1e799cce4986059b53856761810f63829cbc5ead197032ce02e9d3905804d34c8d4d8fcf8a0fe5ac9e5f2f30883f7d4181d0551d4195c2356baf3ff5bd0da8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13402\libcrypto-1_1.dll

Filesize
1.7MB

MD5
c9ca464024b6966fa74ee55e83e679f2

SHA1
44ca86ece9f2fb3e949db88e33633c0d97abd155

SHA256
8c1cd9c16a1c4a938ec99044949e72eb9996d195d0332d333ae03af22b27bfa8

SHA512
a1ed822fec1ed4e9a99fab02943fa519613666045f3042856af711aee32458eea2f4f7db2b612d105a81c983a980bd355b85ae79ece6e953449734c34a11c3fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13402\libcrypto-1_1.dll

Filesize
1.4MB

MD5
b7bc16d230f13f9cfd4bb1bedeb35ecc

SHA1
478146705a64dbad514572517c720a597cfdd57a

SHA256
aa8dc2a4fd880286b85666f43933e26f805df249d01990206734be6935d05c24

SHA512
4e24272f5238f9a83d2df830507097f4bee7c1d8ef689cba57af2e74962ada7597e6447443a6b2eda99d886834596b44991d1a11e7fbfe77605f1c3770512463

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13402\libffi-7.dll

Filesize
28KB

MD5
bc20614744ebf4c2b8acd28d1fe54174

SHA1
665c0acc404e13a69800fae94efd69a41bdda901

SHA256
0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57

SHA512
0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13402\libssl-1_1.dll

Filesize
528KB

MD5
ad77250dbaa7faf0c2c9e13d717faec7

SHA1
d6450be5a28caac59d47ac620cd128febfbf95ab

SHA256
ccba760e6607fb6b08215452a8c0b6f84b2cb13937e86514995e9e86352f487a

SHA512
ae89207cd3831b8d0be8b336a9336b69541d1d86e9b9b331d0a64a5bb97c2c9481e735b72bc958bfdb0458f49311b2bd4fcf6d4ca255b7ef510d02de1573c096

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13402\multidict\_multidict.cp38-win32.pyd

Filesize
33KB

MD5
ced7f69af68bd4a7a33fce0a2678f896

SHA1
cb1144d554c587e038d4ce9d92d06df838b32ba6

SHA256
d70d297510e753a76219da700394db288a3769e1dfd452797e39f1ad60732fb9

SHA512
548fa967bbce99e271e588347c8895c0e42104fc3a8c152de3cec69362dcb10406d9c6c727961125077cafde6e5fe3dc6cc448b8a8b6589b61fb421ad7f978ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13402\python38.dll

Filesize
1.7MB

MD5
b0e0779ee676bcc4d95f55713da79e81

SHA1
f2622beb008573fd840f15712f457d43e516cebb

SHA256
a4acfe08c97797d4e06efc0bf82b87ac828f26675697d094b5116603229e5437

SHA512
04986f5039e533a4ccc96242223d2d2717ef7d5bb39493e9015f6641e8110c2771c91a282fdd842a58bb1d15bda8e520b7dea838f778bac9031f2ab65037de5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13402\python38.dll

Filesize
1.3MB

MD5
b7f84e14272738aa23c1181d2b927e29

SHA1
5051ee34ce9fbc76191684830cdad47d159a2b69

SHA256
cde643a6b411ca1fe5d491842e225da3b127efca615d7e8b8bcfb614965fd441

SHA512
a178adefe4d714f47c9711f5bcbdd7c1ff209c7756a1f22b96310cbdd1fc9b66efc6d1cee6f564c82aa4b7945df2223977a718da099636943a4fe9b7ec2aa763

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13402\select.pyd

Filesize
23KB

MD5
26bc7e9826bc13a4d0cf681b0e5cf3c8

SHA1
effff42e88cdd66bc4397de1a6d3b5ae540f820b

SHA256
8e7366cf6e128f977f8977a8db45a714ba72e643b31bd26b7676f33d3d8df612

SHA512
16d92785a234e60301aa6c4c5d508bdaff805689d4f160ab3c0c4d0c2376dd3616f676ad2fa81c08ea80e4fb862c3a15e1b59212508dddb388c8a768726b018a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13402\unicodedata.pyd

Filesize
1.0MB

MD5
7d24a6d7f45ee7190d867cc92a818ba8

SHA1
5ff89024f541670d7846cf8cab3747b6a3a9dc1c

SHA256
b3df52727dddd333076299f2f8148d1a13bbd39e4481a0ad9a8d88f638d7385b

SHA512
28a4af7c30caa116db00790f1f0584b0a0b42dde07f410dddda9caee123bd7082a62c8779bb7aab4931ee0b44343b8e26d5559e63eebe9c581347bb17809da5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13402\websockets\speedups.cp38-win32.pyd

Filesize
9KB

MD5
fed2ea02efe4d9230a50ae32081c601b

SHA1
2b5f6fc352dec8621ab85635646565464d8456e2

SHA256
b50e22c742432e58ec9d81c3935415c8fc283de8480c504c138fd3eed7aeae3f

SHA512
b34d50c8465049af6a9b4754d18f5a30100a4920c240a5944ebcbfc6e37fa258b85a4fb73752b370c31eccea283c522929f67f9045f6972dacff3051604245aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13402\yarl\_quoting.cp38-win32.pyd

Filesize
71KB

MD5
24be1f90974b72fbdac2fe0c06ab100b

SHA1
ad890eaa8095580a22abf4eea5dfbc59ecd3dc1f

SHA256
4163134ee8c1103e81ac7a619d9354f776d56017d06d085203e79ac4b40a2cbc

SHA512
7a5fb58ff3cd603fa8ad826b65dc69866f62b23c5f44c3c869253a772491b65767a17c2d1d282134c7562f1a56755990feb37b407737a9c131b198bf4b08bb37

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads