hxxps://www[.]mediafire[.]com/file/earhsbezjv5bgnh/Ultimate_Discord_Nuke[.]rar/file

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/earhsbezjv5bgnh/Ultimate_Discord_Nuke.rar/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
1704	msedge.exe
1704	msedge.exe
1572	msedge.exe
1572	msedge.exe
3140	identity_helper.exe
3140	identity_helper.exe
4688	msedge.exe
4688	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

msedge.exe

pid	process
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

7zG.exe

description	pid	process
Token: SeRestorePrivilege	1248	7zG.exe
Token: 35	1248	7zG.exe
Token: SeSecurityPrivilege	1248	7zG.exe
Token: SeSecurityPrivilege	1248	7zG.exe

Suspicious use of FindShellTrayWindow 58 IoCs

Processes:

msedge.exe7zG.exe

pid	process
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1248	7zG.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

msedge.exe

pid	process
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1572 wrote to memory of 2380	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 2380	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4556	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 1704	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 1704	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 456	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 456	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 456	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 456	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 456	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 456	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 456	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 456	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 456	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 456	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 456	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 456	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 456	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 456	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 456	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 456	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 456	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 456	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 456	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 456	1572	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/earhsbezjv5bgnh/Ultimate_Discord_Nuke.rar/file
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb753f46f8,0x7ffb753f4708,0x7ffb753f4718
2⤵
PID:2380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
2⤵
PID:4556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
2⤵
PID:456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:1240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:2928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
2⤵
PID:4676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
2⤵
PID:1892

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
2⤵
PID:756

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
2⤵
PID:4888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
2⤵
PID:572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
2⤵
PID:2196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
2⤵
PID:4304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
2⤵
PID:3920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
2⤵
PID:756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
2⤵
PID:3532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6476 /prefetch:8
2⤵
PID:1952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7068 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
2⤵
PID:644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
2⤵
PID:3928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
2⤵
PID:4040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6204 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1268

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2228

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Ultimate Discord Nuke\" -ad -an -ai#7zMap32318:104:7zEvent20387
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1248

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Ultimate Discord Nuke\Ultimate Discord Nuke\bot_token.txt
1⤵
PID:5020

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Ultimate Discord Nuke\Ultimate Discord Nuke\bot_token.txt
1⤵
PID:2044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\104a7b7d-5100-401d-b827-f33c5e7b8774.tmp

Filesize
10KB

MD5
798729ed1c16b01c1534aefb32ad43bd

SHA1
6ef65d9351b006a40e3c0e8d83b758108a00226d

SHA256
12465af7d8a57f1c650586cef76a950338493becbb32fcc133ba4bf922e726a8

SHA512
e52637cfe9f4b55e262667c8219ea1a4aae9372fac419fd82670520a77ccf4bb0a1c5c2c18cea4ea3baa31d0ec9a72b64bcd5ce0764f4bff899aed28d0ad6ad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fa070c9c9ab8d902ee4f3342d217275f

SHA1
ac69818312a7eba53586295c5b04eefeb5c73903

SHA256
245b396ed1accfae337f770d3757c932bc30a8fc8dd133b5cefe82242760c2c7

SHA512
df92ca6d405d603ef5f07dbf9516d9e11e1fdc13610bb59e6d4712e55dd661f756c8515fc2c359c1db6b8b126e7f5a15886e643d93c012ef34a11041e02cc0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a967f2f507ec5787231472bdb4e1fcf3

SHA1
0735049f68d1ae1c8210c2785c1a2be22dbad997

SHA256
c239704dfa897599731e864218dd471c00c55c39082f57b40b9d54c7a70363bd

SHA512
99c19e6dfe220c0504405354f06a2e2b7252a732776e506221dd46782bbb0a19358d021135e921fb8ecf5eb4c8191b1251d7fa102145d1c79f1727fcbc0c2152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
f253cdd8321ae31385821af7ca5a943f

SHA1
db4ed5c8a3e8e367786e9eed75096f71f52f1fef

SHA256
b431623a64cafa28156f8a0801dd0ced3304dac0058f6caaa157b60927e72e69

SHA512
4de776a25abfbdb84deb798e4b91e660615cea50d9fbb9e6d9be5df9bd5d1c22246ba63233702121cc8a6fa66062a7972ea4b19289f9067574cdf75f72cf0c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
70b6e17e9b0e8fa8f56d1084ab16f577

SHA1
cc8984bb8d92194788e6ce07916feec76b8c9acf

SHA256
1921a115d7702f2108da87fc4b1ece2334eab75df5fc4aa6f5ddfb762dddb6f3

SHA512
8b674a18a6ac16d54c50adad7a173e5fb25ba53a9e031a08a9cf32cad1f13c134cd2f962b8df642ad43ea01aa29972d7be9429566ce573306a4076b178162666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f020d38959241e62ed2c02e7280cffc1

SHA1
85e97555dfb44fa106e4a9048a021e0b30343a14

SHA256
0d80cf0f769226f486c2fa4e004d31302d6145535d33d6d1a08634478dfb679e

SHA512
7bc26e5309bd90903ce0c420286da168764e04070471ca0abab65aeab3a1897aa48bcfa743a441405eccc3b1588820c51c058cd7fc7da58900225684654b28b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fbd391f9348ba47ee958bcf87b7b44eb

SHA1
332af99a33e1bb81506e14c12472ab77892b82ac

SHA256
7bc9f6a99d2ab401541795b639a17f3d64771a4ee83449fcb37edc55a0cde966

SHA512
57fb08806eba7e81560ad73585961e683253612055676caf51b25a40a5dce585f39955d63326489883f5662faa522b2a195dd42f2f44964d8dadd08cefb82498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d6d0eb687473f8a0365a3ea61df3cb4c

SHA1
c32e89d08dde2d1deb5818dfe3d09bfa014a9456

SHA256
59b3b6d0e4a7ca8d39874cd5de4588e37356ad5841921b0e34aedec693e89716

SHA512
ab3876501424b9c61db9c2a17a3a229c80d96510092051110510ce6272f15d291b4bd68ccff01630344900aaf7eda07cbdd445c00cad5dbfdab998b9f82c1f3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fc632c9799d3eea648b1de3ebe72dbcb

SHA1
58d21d5e8615cc45e9cf59c05effb517ff517e4b

SHA256
03f2212539d258c10b3a78dbdc02213fc9cf6e556effee01fbcf4d532d2d2cc6

SHA512
b670feffbe6a844bb417cadaf20f0dad387efbc61bbb95c0a8cd556deedbdec203e7761c82f7f2a8d0a266cfe77fadf558c757d3a00a71220da08a61050c93a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
917dedf44ae3675e549e7b7ffc2c8ccd

SHA1
b7604eb16f0366e698943afbcf0c070d197271c0

SHA256
9692162e8a88be0977395cc0704fe882b9a39b78bdfc9d579a8c961e15347a37

SHA512
9628f7857eb88f8dceac00ffdcba2ed822fb9ebdada95e54224a0afc50bccd3e3d20c5abadbd20f61eba51dbf71c5c745b29309122d88b5cc6752a1dfc3be053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cc1247d556a97cfe5d27666fb29fb815

SHA1
18a064da05ac10d65bd0f7f749dec08c9fa28b85

SHA256
40b60658e7695d6c2193bf0a2287942508c5e92d09233dfbc50b970ec41ce467

SHA512
a1afc5dfb79000d07481dc76a2fac78aad5c9eea2b67eb43327d3e73179aa2abd84302e623edd85e8e0aa1721d015fbc19b6eda3996fb1f7c555330e21e14193

Download Submit
C:\Users\Admin\Downloads\Ultimate Discord Nuke.rar

Filesize
3.4MB

MD5
9fe7ae9a01378f4795830979c5c23663

SHA1
0762db3e2c2c579ba32e110d0f9677e3e130a61c

SHA256
55ba32fc038f06fb92a14eecd45ebf946635e80be3103a65dcd6e39b542aa76b

SHA512
61ce8eb74abbb67622a85465314ef85fb38300b59b5edee9a3ade80c02eeb2cc13dc896027177eb6649de067e1013257c46fe055ddc34d7467c10e09279d14db

Download Submit
\??\pipe\LOCAL\crashpad_1572_VCJOWGGVNMALJXHQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit