5c32e90bb3d4f2a77deb7a2aad75e515aada16cdeb2114fe5af9e39548b6d51a

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 17:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ultimate Discord Nuke/ultimate_discord_nuke.exe
Size

11.5MB
MD5

a86bc9c2f2c363e6a86afb3078c33c68
SHA1

5d416d8945aeaac22c9b58e890114048d85f7f1b
SHA256

a1ea0d96d6ebb8587c2e9a3af50b9b95893229e66dc9038271c19c465e1e4432
SHA512

292650a56747cf252237894f7392d3fa108fc5637f1dbe53e062913e44fd2774c84da2387cfc6e71f479af3b410c1fe83f4694905036d89d41c2b7192a167aa2
SSDEEP

196608:pWIIJi5fmzONYXz5neX38DXDQ9xtbYPvbJQlHHO2SvWssYupK8CKwIwPuHxKTrbf:qJ3p0MDTQ9xkJQlnVMLPuHEz8Ati

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 19 IoCs

Processes:

ultimate_discord_nuke.exe

pid	process
2240	ultimate_discord_nuke.exe
2240	ultimate_discord_nuke.exe
2240	ultimate_discord_nuke.exe
2240	ultimate_discord_nuke.exe
2240	ultimate_discord_nuke.exe
2240	ultimate_discord_nuke.exe
2240	ultimate_discord_nuke.exe
2240	ultimate_discord_nuke.exe
2240	ultimate_discord_nuke.exe
2240	ultimate_discord_nuke.exe
2240	ultimate_discord_nuke.exe
2240	ultimate_discord_nuke.exe
2240	ultimate_discord_nuke.exe
2240	ultimate_discord_nuke.exe
2240	ultimate_discord_nuke.exe
2240	ultimate_discord_nuke.exe
2240	ultimate_discord_nuke.exe
2240	ultimate_discord_nuke.exe
2240	ultimate_discord_nuke.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

ultimate_discord_nuke.exe

description	pid	process	target process
PID 1320 wrote to memory of 2240	1320	ultimate_discord_nuke.exe	ultimate_discord_nuke.exe
PID 1320 wrote to memory of 2240	1320	ultimate_discord_nuke.exe	ultimate_discord_nuke.exe
PID 1320 wrote to memory of 2240	1320	ultimate_discord_nuke.exe	ultimate_discord_nuke.exe
PID 1320 wrote to memory of 2240	1320	ultimate_discord_nuke.exe	ultimate_discord_nuke.exe

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\Ultimate Discord Nuke\ultimate_discord_nuke.exe
"C:\Users\Admin\AppData\Local\Temp\Ultimate Discord Nuke\ultimate_discord_nuke.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1320

C:\Users\Admin\AppData\Local\Temp\Ultimate Discord Nuke\ultimate_discord_nuke.exe
"C:\Users\Admin\AppData\Local\Temp\Ultimate Discord Nuke\ultimate_discord_nuke.exe"
2⤵
- Loads dropped DLL
PID:2240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI13202\VCRUNTIME140.dll

Filesize
81KB

MD5
4c360f78de1f5baaa5f110e65fac94b4

SHA1
20a2e66fd577293b33ba1c9d01ef04582deaf3a5

SHA256
ad1b0992b890bfe88ef52d0a830873acc0aecc9bd6e4fc22397dbccf4d2b4e37

SHA512
c6bba093d2e83b178a783d1ddfd1530c3adcb623d299d56db1b94ed34c0447e88930200bf45e5fb961f8fd7ad691310b586a7d754d7a6d7d27d58b74986a4db8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13202\_lzma.pyd

Filesize
182KB

MD5
54f12e2385a77d825ae4d41a4ac515fe

SHA1
5ba526ac1c5f16fb7db225a4876996ab01ee979f

SHA256
08de18fba635822f3bb89c9429f175e3680b7261546430ba9e2ed09bb31f5218

SHA512
ea88774fd63a3d806f96e99255705ac68f615508c5887ae18b8d488bdf87268a634c12eb167c13199f4a0fb31795531b1f7d48bdacbd46cf8affa694a630d259

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13202\_queue.pyd

Filesize
24KB

MD5
bc5fce7b8de6ca765cbf79f9d0587164

SHA1
d4d56e53ddc6bb5d21697a3460f310e9655525c0

SHA256
a5db4d041f40fb01761b5baa907099db89cf891b0df0251d92da2fbf9dc3897b

SHA512
23b616ce997eddaafd4c61da7c6d5da1210d0a0373b3df75750843951008234eb2cbe4c6c9a33a4f1cdfe2d115e6c7569d0a97a83ed9c5e85205dba43c5d4363

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13202\_ssl.pyd

Filesize
139KB

MD5
b9ecf769fc63a542a113ca1552dc7a7b

SHA1
04bd2c2f6f3ae7d8d996c0166d98e0d6aae7b514

SHA256
e0bdb16cffc7b5a19c5af22d8a33d3c999d55a3117f2da07ed3171ca9487927e

SHA512
593075258548d3ab125ea2f71822662d5ab19c8e036edaf2b92eb63fe721af09fbeae27fdb36e033f654fb55e78a5922a18d5a527fd1c815f691950ba6adcb85

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13202\base_library.zip

Filesize
768KB

MD5
2f6f14ba70d0e0b222af71c3b7b051a6

SHA1
196cc7cabac34242b8fe2c6ac654ef5bd53368c2

SHA256
5e831304ea917e4aee85e34ff95f2eb7a96a7404a37eb6f44b7bdac3a1e66fee

SHA512
edea800225e3a8cebe296036931334af1dcd8c6742b8fe7f0b0e2d6be731177297b4e8c4201686c50034d7fef9d84688345993dde4cca17df6290bb1890e0aa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13202\certifi\cacert.pem

Filesize
277KB

MD5
edd513e1d62ca2b059821b8380c19d19

SHA1
7e785afc6a7174f008b8b6e775c91c018d72aee3

SHA256
870068ef78059c5d012a23f715029f1b7db19060e1c65e12c024221f6ac32abd

SHA512
31450f875b46bbbb8e8d2f2e075f82ab4cfe175dadd966be22c66206d5dc2517a870a8cfc46f2f094b6810c09b447bd46354b67c128843b997957522d3cf4f5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13202\libcrypto-1_1.dll

Filesize
1.4MB

MD5
beaf876acef67a5001a0baa9a2231875

SHA1
968d9408abd6a7fe925116083b47d5507116b97f

SHA256
b76de7b25c97a4a4c9038322d3957345e40b23e4c6aa81eb94e420ad0744dab3

SHA512
f4d61123061112f78c6b3e90f0d1fb2b38a6c242ef837948ec9b02f4b402d0acbf4937128c2e4feae99fe1184773566d0c63843a9af2678f2dcd81db9d8c3632

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13202\python38.dll

Filesize
3.1MB

MD5
115e77a295d3f56481e0196693dbbe89

SHA1
2c390eab7d0e3f85a85b539a8fe25f864fcff673

SHA256
1fa34bd57e886d5870ba2087879924ed7b771fd21b47a00d9e2572a67e2797e6

SHA512
b5179520447e358aee0daca5fa654108a4457171333fb098ba9094badec8424a822c7ad3ac13a26aa561ecf3b2fc76dc088892380b482185955003914ea30a9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13202\unicodedata.pyd

Filesize
1.0MB

MD5
816918104568e9729cf744af5b8488e3

SHA1
89d9bfe570896dde2ed1d4608d299fad04f9eaa0

SHA256
30014df7a3bacec8e7cda7a702b3902910f07e1e0992c7520b8496deac6cc27a

SHA512
f8ac23358b8dc0fbba05f88b6c71bbda43034e526dd00a5643472f03ebda1858adc19d0606d8885f1da418f312a378b2cce08c6ec2520e38104778360457fade

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13202\websockets\speedups.cp38-win32.pyd

Filesize
9KB

MD5
fed2ea02efe4d9230a50ae32081c601b

SHA1
2b5f6fc352dec8621ab85635646565464d8456e2

SHA256
b50e22c742432e58ec9d81c3935415c8fc283de8480c504c138fd3eed7aeae3f

SHA512
b34d50c8465049af6a9b4754d18f5a30100a4920c240a5944ebcbfc6e37fa258b85a4fb73752b370c31eccea283c522929f67f9045f6972dacff3051604245aa

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13202\_asyncio.pyd

Filesize
55KB

MD5
5435ce08f40fbe43230cae8d3dff232c

SHA1
273472cac7263056762d0c08e8676b902700efb1

SHA256
79fda30cbfc95db2ba60646ff53dff45b5add57c12241c4a82fa798cb3b543df

SHA512
f34718ceb0668f94eeee2016d20fa29b70a3c84f76bcb7dd8eac4f4a44e88a8895297b6e7eeed01da2e2c9de809f3ea291f94eb7e8b9c2a227fb14e2b324ee46

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13202\_bz2.pyd

Filesize
76KB

MD5
0f75c236c4ccfea1b16f132f6c139236

SHA1
710bb157b01cafe8607400773b3940674506013b

SHA256
5dc26dcbf58cc7f5bfdec0badd5240d6724db3e34010aaf35a31876fe4057158

SHA512
5849ea147ada06c8b7a9fd523917009c173ace07ba1dbd320d7dda7f6d910b75ba4b7372f22bb56101c9dd836ce1a590b7715a7f34a67a489d70439b88998dd9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13202\_ctypes.pyd

Filesize
113KB

MD5
3a2e78784b929003a6baceebdb0efa4d

SHA1
abb48b6a96e22b9bd6d2a8443f5811088c540922

SHA256
f205948b01b29cb244ae09c5b57fd4b6c8f356dfcd2f8cb49e7cfd177a748cf9

SHA512
ad5a9a5143b7e452d92cc7ea5db12967b2073b626be3437d17041d7ae6d82ee24b15d161d2f708639d3bbf8c657202cd845009a219657557203497ea355876ce

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13202\_hashlib.pyd

Filesize
37KB

MD5
05362add80824b06014645a7951337d8

SHA1
76699e6dae7df93626906e488ef6218f9afcf8b5

SHA256
20b3a3d3350b3d4d57911ecfdb15f77512a6e73c3bf72b410724f81c79a5b1af

SHA512
061562b46e38c9bb83d49a9983d9848669ce2a20970451157b6474ef5dcc4ff38cc2a837b03cff89eacb4eae2063d2c1f43fccd6bd481dbbcabc5527f8489f0f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13202\_overlapped.pyd

Filesize
37KB

MD5
aa428e44a78a280ec8152c43d8284f6f

SHA1
4cf4631b86036e44f55cf8990f076f2a3aaab0e3

SHA256
f8fda2a6e3ff0069e634feec4854ee7a8c24134c747de3211ac2ba26e0188c79

SHA512
94485bab2531cdcddf23db51b7a40a53eaf47bc5b690f5ed4592adf7879a94369df642cede0d280a02acb0368f3a234593f95d09d841fa727dcf1255d5bef40a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13202\_socket.pyd

Filesize
67KB

MD5
cea329ce0935e99a8bc01070f07fefaf

SHA1
9d81307e9559d0661633530e5756957b05d84268

SHA256
d1a4d66c557c2fe7dc441614ca62e67f37ec44bef5a762bac41bac15d491a930

SHA512
b6aea9c2221bf35b0895c35942cf3c9613ec7919540b4c24a3b97d7a0846256e9ba654e8f233fadca1b15ff0b7d30d73adfaec85bcadb6100fd73e62d3a068ab

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13202\libcrypto-1_1.dll

Filesize
1.5MB

MD5
f86f5871447acf63ee7aea43f55a7762

SHA1
8eab81b24cebd44dcf04ab7c4d3e5069f28f3860

SHA256
2975856618032cb9c61348af69ecd3e8bf321227c09b6f24470e2244e33e088f

SHA512
73e6f0d1b24b18db6190c86f2b63b0a1e9aca97c3391c1d68f34022f84e239632d9fcb29514a05adb24029d7f7c1505ad7a0f5b50f7e96ceeac52f7c6e078237

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13202\libffi-7.dll

Filesize
28KB

MD5
bc20614744ebf4c2b8acd28d1fe54174

SHA1
665c0acc404e13a69800fae94efd69a41bdda901

SHA256
0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57

SHA512
0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13202\libssl-1_1.dll

Filesize
528KB

MD5
ad77250dbaa7faf0c2c9e13d717faec7

SHA1
d6450be5a28caac59d47ac620cd128febfbf95ab

SHA256
ccba760e6607fb6b08215452a8c0b6f84b2cb13937e86514995e9e86352f487a

SHA512
ae89207cd3831b8d0be8b336a9336b69541d1d86e9b9b331d0a64a5bb97c2c9481e735b72bc958bfdb0458f49311b2bd4fcf6d4ca255b7ef510d02de1573c096

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13202\multidict\_multidict.cp38-win32.pyd

Filesize
33KB

MD5
ced7f69af68bd4a7a33fce0a2678f896

SHA1
cb1144d554c587e038d4ce9d92d06df838b32ba6

SHA256
d70d297510e753a76219da700394db288a3769e1dfd452797e39f1ad60732fb9

SHA512
548fa967bbce99e271e588347c8895c0e42104fc3a8c152de3cec69362dcb10406d9c6c727961125077cafde6e5fe3dc6cc448b8a8b6589b61fb421ad7f978ae

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13202\python38.dll

Filesize
1.7MB

MD5
92e87c5eccd3c798159925dfaad6a4f4

SHA1
15c2a2ea1c23349930bb3b8cb3fa37118cb5b63f

SHA256
c8a5fd8833f4aa15785138a5ee3abdb242dfaa0e18202ab37ec43e201657c3d6

SHA512
611d78b859c933ce84a6b51c839e809c5db5f9d052238c9c3155541ade83227a5b3a9c1df99cc777ebaf2f508c461aa76cec4709f5306e543eb9e8fed1cdae13

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13202\select.pyd

Filesize
23KB

MD5
26bc7e9826bc13a4d0cf681b0e5cf3c8

SHA1
effff42e88cdd66bc4397de1a6d3b5ae540f820b

SHA256
8e7366cf6e128f977f8977a8db45a714ba72e643b31bd26b7676f33d3d8df612

SHA512
16d92785a234e60301aa6c4c5d508bdaff805689d4f160ab3c0c4d0c2376dd3616f676ad2fa81c08ea80e4fb862c3a15e1b59212508dddb388c8a768726b018a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13202\unicodedata.pyd

Filesize
987KB

MD5
c2266867e360bee33a088df4ceca3a7d

SHA1
c5a263adf56e5b015c2b78208e6c5c4e330b0b54

SHA256
5cb8a3623c4852487dae86b02defe997036431497a4fce4d88aab9589d2513fc

SHA512
e74c760d7cdd2a352b28591e9ae2814be73d966ae4ce7ae103f3f45f92a55230107013737d126c5b85ca8c9cd1fcfcec6c72c4e4656eea11e97f8ea57c052856

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13202\yarl\_quoting.cp38-win32.pyd

Filesize
71KB

MD5
24be1f90974b72fbdac2fe0c06ab100b

SHA1
ad890eaa8095580a22abf4eea5dfbc59ecd3dc1f

SHA256
4163134ee8c1103e81ac7a619d9354f776d56017d06d085203e79ac4b40a2cbc

SHA512
7a5fb58ff3cd603fa8ad826b65dc69866f62b23c5f44c3c869253a772491b65767a17c2d1d282134c7562f1a56755990feb37b407737a9c131b198bf4b08bb37

Download Submit