4b14895a45058c34fb029d0b867412bba2ba76aceb444f28b3b312b98a5a73df

Resubmissions

14/03/2024, 10:26 UTC

240314-mgrjcsbh52 10

14/03/2024, 10:25 UTC

240314-mfxc8ahe7z 10

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 10:26 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Rino's Discord Account ToolKit/Rino's Discord Acount toolkit.exe
Size

12.2MB
MD5

cdc81da043cabb61816f918cc3ffc632
SHA1

c7c4371dacb34c40e5b918bf899f408b18fbe6ae
SHA256

3c8640d80b6fd56b31cd595276975c689e18b9184c27bfc92be319c014f2e05d
SHA512

187b4b4fdb40ac4a26a9a569557189a667187302b9a6eb2e7181d4c00d2051d94bd7958263f62792b7c01c828726760667e1fc7cd718fff40896821f80af8092
SSDEEP

196608:lrMQ8CGnMjYBptuSBeOdOVgVRO+AzLjv+bhqNVoBLD7fEXEoYbiIv9VSEXvvk9fs:1GaGtuSPzRgnL+9qz8LD7fEUbiI6NQca

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2400	Rino's Discord Acount toolkit.exe
2400	Rino's Discord Acount toolkit.exe
2400	Rino's Discord Acount toolkit.exe
2400	Rino's Discord Acount toolkit.exe
2400	Rino's Discord Acount toolkit.exe
2400	Rino's Discord Acount toolkit.exe
2400	Rino's Discord Acount toolkit.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0006000000016da9-73.dat	upx
behavioral1/files/0x0006000000016da9-74.dat	upx
behavioral1/memory/2400-114-0x000007FEF5B10000-0x000007FEF61E0000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2400	2932	Rino's Discord Acount toolkit.exe	29
PID 2932 wrote to memory of 2400	2932	Rino's Discord Acount toolkit.exe	29
PID 2932 wrote to memory of 2400	2932	Rino's Discord Acount toolkit.exe	29

C:\Users\Admin\AppData\Local\Temp\Rino's Discord Account ToolKit\Rino's Discord Acount toolkit.exe
"C:\Users\Admin\AppData\Local\Temp\Rino's Discord Account ToolKit\Rino's Discord Acount toolkit.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Users\Admin\AppData\Local\Temp\Rino's Discord Account ToolKit\Rino's Discord Acount toolkit.exe
  "C:\Users\Admin\AppData\Local\Temp\Rino's Discord Account ToolKit\Rino's Discord Acount toolkit.exe"
  2⤵
  - Loads dropped DLL
  PID:2400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
20ddf543a1abe7aee845de1ec1d3aa8e

SHA1
0eaf5de57369e1db7f275a2fffd2d2c9e5af65bf

SHA256
d045a72c3e4d21165e9372f76b44ff116446c1e0c221d9cea3ab0a1134a310e8

SHA512
96dd48df315a7eea280ca3da0965a937a649ee77a82a1049e3d09b234439f7d927d7fb749073d7af1b23dadb643978b70dcdadc6c503fe850b512b0c9c1c78dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
4380d56a3b83ca19ea269747c9b8302b

SHA1
0c4427f6f0f367d180d37fc10ecbe6534ef6469c

SHA256
a79c7f86462d8ab8a7b73a3f9e469514f57f9fe456326be3727352b092b6b14a

SHA512
1c29c335c55f5f896526c8ee0f7160211fd457c1f1b98915bcc141112f8a730e1a92391ab96688cbb7287e81e6814cc86e3b057e0a6129cbb02892108bfafaf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29322\python312.dll

Filesize
245KB

MD5
6a53931acf5f1f7cff187727a2946f98

SHA1
2bbcdab583594c8ea6f0d03c133201298f96fd7d

SHA256
88dfcea761fa817a9795cdef195273fb2aaf4e67df54effb7d4e89e7a4b58fcd

SHA512
61d62b05612fd9185fa5c6380e8ce7cae1ccf72b62052bbe1b6cf0d32c33331729888e4c12ed60b8329db94ac0ee8c4e70bdfa83b89c89bcdbe03abf707953d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29322\ucrtbase.dll

Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
bcb8b9f6606d4094270b6d9b2ed92139

SHA1
bd55e985db649eadcb444857beed397362a2ba7b

SHA256
fa18d63a117153e2ace5400ed89b0806e96f0627d9db935906be9294a3038118

SHA512
869b2b38fd528b033b3ec17a4144d818e42242b83d7be48e2e6da6992111758b302f48f52e0dd76becb526a90a2b040ce143c6d4f0e009a513017f06b9a8f2b9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
bfffa7117fd9b1622c66d949bac3f1d7

SHA1
402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

SHA256
1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

SHA512
b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
2554060f26e548a089cab427990aacdf

SHA1
8cc7a44a16d6b0a6b7ed444e68990ff296d712fe

SHA256
5ab003e899270b04abc7f67be953eaccf980d5bbe80904c47f9aaf5d401bb044

SHA512
fd4d5a7fe4da77b0222b040dc38e53f48f7a3379f69e2199639b9f330b2e55939d89ce8361d2135182b607ad75e58ee8e34b90225143927b15dcc116b994c506

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29322\python312.dll

Filesize
184KB

MD5
2f7608985a00fb3a9407f551c60260d1

SHA1
3789e8ab7da15e15dfde09aab9390c86a795e067

SHA256
782426de082ecb8ba8a60879d52c775b7285c5307cc7e52b621589e3f55d5d53

SHA512
26944b2f46c002d2c9233f475a0468878e6060f4db14c0b8127fbe86c1e9be5ffb98de7b4678f6e72160ec2362c58d3589e8e7012380e7a754de392422ad8cba

Download Submit
memory/2400-114-0x000007FEF5B10000-0x000007FEF61E0000-memory.dmp

Filesize
6.8MB

Download
memory/2400-130-0x000007FEF5B10000-0x000007FEF61E0000-memory.dmp

Filesize
6.8MB

Download