Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

loader_2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    1726s
  • max time network
    1175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/03/2024, 20:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    loader_2.exe

  • Size

    78KB

  • MD5

    8a589f3e42210082df514a391dba2504

  • SHA1

    e19fce95fd5f290a662f56c27514e04c47f6d039

  • SHA256

    3d5c8b2b9be2c7ced64510496d5505d4559015e1447d3fc3104ba85585388f03

  • SHA512

    ab695a36504ae2abdd02037a013a4d071a9be67ab4888ff702bef28c6ce10f067ae3d8e25656040c1aaa77b2c8d47b047111107726d470630dbd9c3a0a3a328c

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+fPIC:5Zv5PDwbjNrmAE+nIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIxMDkyMzUxNDE4MjI0NjQ1MA.GiQMuI.85OPf3QTo_nYWna8A66n8603KqxVmAnpz5jufE

  • server_id

    1207774102274703391

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\loader_2.exe
    "C:\Users\Admin\AppData\Local\Temp\loader_2.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4960
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:4036
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3136

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
      Filesize

      16KB

      MD5

      6e889b1dccc1fa03dfef75f64770d737

      SHA1

      4af10a25809fee3fe761699a799deb0d17ef6a62

      SHA256

      09e8163be2527484183c592fd5f2859168de4e85876178bee13e6ac6e2b298d8

      SHA512

      39de1dbec9a195b32059df3007b1d2b505f5d4ba06e343e470a138d60ffcba1cd09111027f3608ed87320dca3cfd5b213a2491987d62082f90b27049d4da56ab

      Download Submit

    • memory/3136-45-0x000001F86E7F0000-0x000001F86E7F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3136-50-0x000001F86E420000-0x000001F86E421000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3136-75-0x000001F86E670000-0x000001F86E671000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3136-74-0x000001F86E560000-0x000001F86E561000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3136-73-0x000001F86E560000-0x000001F86E561000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3136-71-0x000001F86E550000-0x000001F86E551000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3136-7-0x000001F866140000-0x000001F866150000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3136-23-0x000001F866240000-0x000001F866250000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3136-39-0x000001F86E7D0000-0x000001F86E7D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3136-40-0x000001F86E7F0000-0x000001F86E7F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3136-41-0x000001F86E7F0000-0x000001F86E7F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3136-42-0x000001F86E7F0000-0x000001F86E7F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3136-46-0x000001F86E7F0000-0x000001F86E7F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3136-59-0x000001F86E350000-0x000001F86E351000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3136-56-0x000001F86E410000-0x000001F86E411000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3136-47-0x000001F86E7F0000-0x000001F86E7F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3136-44-0x000001F86E7F0000-0x000001F86E7F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3136-48-0x000001F86E7F0000-0x000001F86E7F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3136-49-0x000001F86E7F0000-0x000001F86E7F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3136-43-0x000001F86E7F0000-0x000001F86E7F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3136-51-0x000001F86E410000-0x000001F86E411000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3136-53-0x000001F86E420000-0x000001F86E421000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4960-2-0x00007FF9F7000000-0x00007FF9F7AC1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4960-0-0x000001AC1BAD0000-0x000001AC1BAE8000-memory.dmp

      Filesize

      96KB

      Download

    • memory/4960-1-0x000001AC36240000-0x000001AC36402000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/4960-6-0x000001AC365F0000-0x000001AC36600000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4960-5-0x00007FF9F7000000-0x00007FF9F7AC1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4960-4-0x000001AC36B30000-0x000001AC37058000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/4960-3-0x000001AC365F0000-0x000001AC36600000-memory.dmp

      Filesize

      64KB

      Download