hxxps://github[.]com/moom825/Discord-RAT/archive/refs/heads/main[.]zip

Analysis

max time kernel
300s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 14:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/moom825/Discord-RAT/archive/refs/heads/main.zip

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133545558833244962"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3916	chrome.exe
3916	chrome.exe
3908	chrome.exe
3908	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4600	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe

Suspicious use of SetWindowsHookEx 31 IoCs

pid	Process
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe
4600	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3916 wrote to memory of 1056	3916	chrome.exe	89
PID 3916 wrote to memory of 1056	3916	chrome.exe	89
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4476	3916	chrome.exe	92
PID 3916 wrote to memory of 4204	3916	chrome.exe	93
PID 3916 wrote to memory of 4204	3916	chrome.exe	93
PID 3916 wrote to memory of 4624	3916	chrome.exe	94
PID 3916 wrote to memory of 4624	3916	chrome.exe	94
PID 3916 wrote to memory of 4624	3916	chrome.exe	94
PID 3916 wrote to memory of 4624	3916	chrome.exe	94
PID 3916 wrote to memory of 4624	3916	chrome.exe	94
PID 3916 wrote to memory of 4624	3916	chrome.exe	94
PID 3916 wrote to memory of 4624	3916	chrome.exe	94
PID 3916 wrote to memory of 4624	3916	chrome.exe	94
PID 3916 wrote to memory of 4624	3916	chrome.exe	94
PID 3916 wrote to memory of 4624	3916	chrome.exe	94
PID 3916 wrote to memory of 4624	3916	chrome.exe	94
PID 3916 wrote to memory of 4624	3916	chrome.exe	94
PID 3916 wrote to memory of 4624	3916	chrome.exe	94
PID 3916 wrote to memory of 4624	3916	chrome.exe	94
PID 3916 wrote to memory of 4624	3916	chrome.exe	94
PID 3916 wrote to memory of 4624	3916	chrome.exe	94
PID 3916 wrote to memory of 4624	3916	chrome.exe	94
PID 3916 wrote to memory of 4624	3916	chrome.exe	94
PID 3916 wrote to memory of 4624	3916	chrome.exe	94
PID 3916 wrote to memory of 4624	3916	chrome.exe	94
PID 3916 wrote to memory of 4624	3916	chrome.exe	94
PID 3916 wrote to memory of 4624	3916	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/moom825/Discord-RAT/archive/refs/heads/main.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff865049758,0x7ff865049768,0x7ff865049778
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1868,i,12886879949706569190,1460094618418628370,131072 /prefetch:2
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1868,i,12886879949706569190,1460094618418628370,131072 /prefetch:8
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1868,i,12886879949706569190,1460094618418628370,131072 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1868,i,12886879949706569190,1460094618418628370,131072 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1868,i,12886879949706569190,1460094618418628370,131072 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1868,i,12886879949706569190,1460094618418628370,131072 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1868,i,12886879949706569190,1460094618418628370,131072 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 --field-trial-handle=1868,i,12886879949706569190,1460094618418628370,131072 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5060 --field-trial-handle=1868,i,12886879949706569190,1460094618418628370,131072 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=820 --field-trial-handle=1868,i,12886879949706569190,1460094618418628370,131072 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1748 --field-trial-handle=1868,i,12886879949706569190,1460094618418628370,131072 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=936 --field-trial-handle=1868,i,12886879949706569190,1460094618418628370,131072 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4828 --field-trial-handle=1868,i,12886879949706569190,1460094618418628370,131072 /prefetch:1
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5628 --field-trial-handle=1868,i,12886879949706569190,1460094618418628370,131072 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1596 --field-trial-handle=1868,i,12886879949706569190,1460094618418628370,131072 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3220 --field-trial-handle=1868,i,12886879949706569190,1460094618418628370,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3472 --field-trial-handle=1868,i,12886879949706569190,1460094618418628370,131072 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3140 --field-trial-handle=1868,i,12886879949706569190,1460094618418628370,131072 /prefetch:1
  2⤵
  PID:5888

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3912

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4732

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4600
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Discord-RAT-main\Discord-RAT-main\README.md
  2⤵
  PID:5452

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Discord-RAT-main\Discord-RAT-main\requirements.txt
1⤵
PID:6048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
4a11063cc311199d30ffb607ea82ee03

SHA1
eb2dd8864b40ddd031b5e0e6927137aef23541d1

SHA256
b95aada0d7ecea8d8eb5344e097e9fd8df2c333e9585aa5dd468b726f5c334b2

SHA512
d35620d4fde2178828e8a9b520e22a199307ed653cb1c91a9efb2a834a1b68edb38be2139e37623bc41e7d45488e8aea0d98485e1a03cbabea5df6146cdf39c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
f35ecfee38255e41c876c708c2777082

SHA1
18627c0d4448285a9a806e0b9152b1cf3649346e

SHA256
637658bc7965d58e1cc798e5f2aa783b838e21e4e5e556243a719372d9174348

SHA512
464876ca0a5ca774ba42ee9a6af4f935ebd26090bc9afc08f5516038847e1d3e89913862697c24078d5998408afd3b657c001bce0afc916ffa7ecfa898235202

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0fea63581a769cb5677723f0c43dc7f6

SHA1
ec1a05c5eec22bb42c49c085a4eaa7d84d728394

SHA256
1538f270a36c90d77b743a017916aecca5551bb3d068db3d9e8e67c8791d65c9

SHA512
9a9827be7df1bea65e8a1543b9248c262df6c945a73e01197ed9f29874a3b0dd80d36101a3de8489cf047ad53b62256c40e0741e6716ffc615fe96de5e9dc075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
392326e0c363d5983159d78d6cca02d8

SHA1
ed2a9e30e0a3540477428849e99eacf84d7c7f8c

SHA256
01dc76514a93f411651c1bc8ac539d3b558027f50542f8dc283cbc6de8d5effe

SHA512
035bba2603a783ecdfe48a895ebd15b8d797422c52948fc8b5bb22cb61f332e141e10f8c4041df9832bb0f67a08ee385f8e1ffaca398f4bab16ced7b343574f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bdf9bbf95519b138906016e69553e0eb

SHA1
ce717082c438b128d3a507e144305017552855f6

SHA256
faa50770c74fe62ffd072544a78a40db626755f5c01663ab548bcd20a225a9ba

SHA512
505d1284a77819bdd4b88e9a5b42e60e5b32050a66353726cc20ff1de88e26030f1728f057feef7072aaa6818d16def1bfe4b90ba54d20e3f3e4138e231b8f58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
ee26e7e9704d10c1bc3b35bb4b3a125b

SHA1
befca1fc4682f52f1a95ced8a912fc5c4f5f4aa9

SHA256
1f0c0bb3e1fc6137c53c5af6eb8e32030ec92aaeeb98710a84bfa7dc936cdc47

SHA512
8923da04b7cb56f345822b56ff83f4f1760b114d199d7be12251db873472e5f42dacd038f6e8fde919ebd6e5a5a3e72c10cc27aa7a45f4d8f6c7fb5a0939b9bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
7bd8e93377f99632faca64f992c21f54

SHA1
5069bf5957cd7edbc8e6998eafcad5a9b3c82d58

SHA256
665ea9cd4ca104338b859c7181da66d571b66c80a6a889b14f46d86fbe830f4c

SHA512
3d8af26b82435552992a81e0327bf6638acb4f4e8a683f246410d086c37062371ff4ce106f47050bfc9ac146da2220f6d94824b64b140bc7ea6c51322c5ab8e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
710c674a2d215ed347cfa7bafda43094

SHA1
74c0ed1fd2bb744faea8995f88213d247b41cd39

SHA256
ef6b6d981b96c13baf384f811a92d49dd1dc60c73a73732dd529eb2367437a22

SHA512
52db8003403f803784aec56beb72256bc2e54362ee0d3c9f4ab3453a767d6265c06f9c5531479ebfb4a010d146775924bc8d072a55c6550806a4f388f71c4f9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6f89747f307e5cdc394f7be543988223

SHA1
1c234dde33ed9df02b71211343bca76f7fb33e01

SHA256
67cd4c234a9b1276811d381e92096de77aa6e40500bfbd34b4a4279e62f2c8b2

SHA512
65c5600bda2269c4b38693e78ed65d584273696fa4e3dda287f5bc1835e88a1f38f2f122ae5369692f47f874b3121d74140c9b3de69c8bd969a2d99e7ab85daf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
142aee8259942b8b8a567efc9ac76f30

SHA1
547eeef10e1eafdc835a6e57f18d0e450b53e5e4

SHA256
2eac83aff01fb4db6f9ca440df19b976e5b2b1c9d6838d150c20c124f53c62e5

SHA512
28b80896eeecd80748f1593468e19a550215e10ce5daa46236baab7e5812dca1dcaebe933a92b5256c4f03b119bf9b23c823789acba90d906c2cabf5a76fad3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1339e72abad2054587ef438e4255b768

SHA1
59b91e40696c3295ae94aa979fda670f6e5f3319

SHA256
393e07054c7410d37187159457092c2dccfac03fe97a8f0bc52cef8d24fa3806

SHA512
20ec191224b39a3a7fbc9a2cc33ac30a6b26a1229d78d36b7ab71914c70adce36f816eb6110e1056f007e036fb5faf9906c8b8ff84c8fcdd8982e8a019870aea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0c8e5b098701c7ce83c8c7ccef94598a

SHA1
75f3633462771216580cfd448a48a79c81230b5b

SHA256
8ccfa8cab90d459c190feab31a589320f1fe91c32b21399a0f2578a9e1b216a6

SHA512
481a4f6b900bcb3a710a05ab4598f11b25363060aa130f94e7fcb1ea4aa2bc4e1edba5d7b45fe80f3501c141ad019d64800ca7ef2954e354cc63f73b677ec3aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
809ecdd040e923d4b481b039b6e099ef

SHA1
56a8cdb3438bffbf851492da31aed1a77678c7e6

SHA256
4f5659af544fd3ee2acfe1ebca414c459b1300ee474b5b45cb8102775c88110a

SHA512
740219c1b94ad35682f235d01a0fc7eab30bcd7a06524bc6f2bf792fac8c690a32811fe582380169a418ab3c51be21a9ef217adfec7ef312996e39ac1f2968d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
fdbbfa54351070b822d00c7e7f4d445b

SHA1
98f008a721b0b52fb97fe5a57b0b6511b4968a38

SHA256
985e89171c603fe981c3b2e67c8df7befe9d6a33330ff2c6a5adbe7498b1877e

SHA512
441f793bddf8c61d6bee3613376f9cb72ac49bb97a223013d9eb0dcff7d918964f21815895889d0db39e366f6327ceb6962bf6e1f81dbfd5d59cd8ee81d52572

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Discord-RAT-main.zip.crdownload

Filesize
16KB

MD5
1136e26cf7cfb59e090cb9b2f002a2e5

SHA1
e8f046d776e6d0d7a16c32f8151aabc027ad4cf0

SHA256
55dcaab1b8397b60f36a3eaa40f5d53cb9dc21a718f1583cf6db3765cdde9fc9

SHA512
6636ad2292b69594aaa284a4916f21fb4c6f29204167e545a1a54ba701a09c20bba99bb7fe8fb8b32301bc81e7e811e81dee65505918f0e002b937869cd97af4

Download Submit