Overview
overview
7Static
static
3BetterDisc...ws.exe
windows7-x64
4BetterDisc...ws.exe
windows10-2004-x64
5$PLUGINSDI...ge.dll
windows7-x64
1$PLUGINSDI...ge.dll
windows10-2004-x64
1$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3BetterDiscord.exe
windows7-x64
5BetterDiscord.exe
windows10-2004-x64
7LICENSES.c...m.html
windows7-x64
1LICENSES.c...m.html
windows10-2004-x64
1d3dcompiler_47.dll
windows10-2004-x64
3ffmpeg.dll
windows7-x64
1ffmpeg.dll
windows10-2004-x64
1libEGL.dll
windows7-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows7-x64
3libGLESv2.dll
windows10-2004-x64
3resources/app.js
windows7-x64
1resources/app.js
windows10-2004-x64
1swiftshade...GL.dll
windows7-x64
1swiftshade...GL.dll
windows10-2004-x64
1swiftshade...v2.dll
windows7-x64
1swiftshade...v2.dll
windows10-2004-x64
1vk_swiftshader.dll
windows7-x64
1vk_swiftshader.dll
windows10-2004-x64
1vulkan-1.dll
windows7-x64
3vulkan-1.dll
windows10-2004-x64
3Analysis
-
max time kernel
222s -
max time network
247s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
07-04-2024 19:00
Static task
static1
Behavioral task
behavioral1
Sample
BetterDiscord-Windows.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
BetterDiscord-Windows.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/BgImage.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/BgImage.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240319-en
Behavioral task
behavioral9
Sample
BetterDiscord.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
BetterDiscord.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
LICENSES.chromium.html
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
LICENSES.chromium.html
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
d3dcompiler_47.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral14
Sample
ffmpeg.dll
Resource
win7-20240221-en
Behavioral task
behavioral15
Sample
ffmpeg.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral16
Sample
libEGL.dll
Resource
win7-20240221-en
Behavioral task
behavioral17
Sample
libEGL.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral18
Sample
libGLESv2.dll
Resource
win7-20240220-en
Behavioral task
behavioral19
Sample
libGLESv2.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral20
Sample
resources/app.js
Resource
win7-20240221-en
Behavioral task
behavioral21
Sample
resources/app.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral22
Sample
swiftshader/libEGL.dll
Resource
win7-20231129-en
Behavioral task
behavioral23
Sample
swiftshader/libEGL.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral24
Sample
swiftshader/libGLESv2.dll
Resource
win7-20240221-en
Behavioral task
behavioral25
Sample
swiftshader/libGLESv2.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral26
Sample
vk_swiftshader.dll
Resource
win7-20240221-en
Behavioral task
behavioral27
Sample
vk_swiftshader.dll
Resource
win10v2004-20240319-en
Behavioral task
behavioral28
Sample
vulkan-1.dll
Resource
win7-20240221-en
Behavioral task
behavioral29
Sample
vulkan-1.dll
Resource
win10v2004-20240226-en
General
-
Target
BetterDiscord-Windows.exe
-
Size
75.1MB
-
MD5
43327119366e52928b9aed0c1e734389
-
SHA1
3777d8387fba8528b6e433a8e763df5dcd542a48
-
SHA256
249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697
-
SHA512
bda75994e6dcf5bc9e5b45d025894d62d0138a9d39c47255cd3b6b6e32f60de973da54bf85de57e8f0ca8a253bf414697c4b06e887d45dded90485ce6832e7f4
-
SSDEEP
1572864:DMKQ/QO4cQ0dPUnqZUPsziv5IANK+4ZYPDHdH/I1z/dHazC:DzXr50lUnqEneWlWYj21zaC
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
BetterDiscord.exepid process 2332 BetterDiscord.exe -
Loads dropped DLL 6 IoCs
Processes:
BetterDiscord-Windows.exeBetterDiscord.exepid process 2452 BetterDiscord-Windows.exe 2452 BetterDiscord-Windows.exe 2452 BetterDiscord-Windows.exe 2452 BetterDiscord-Windows.exe 2332 BetterDiscord.exe 2332 BetterDiscord.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
BetterDiscord-Windows.exeBetterDiscord.exedescription pid process target process PID 2452 wrote to memory of 2332 2452 BetterDiscord-Windows.exe BetterDiscord.exe PID 2452 wrote to memory of 2332 2452 BetterDiscord-Windows.exe BetterDiscord.exe PID 2452 wrote to memory of 2332 2452 BetterDiscord-Windows.exe BetterDiscord.exe PID 2452 wrote to memory of 2332 2452 BetterDiscord-Windows.exe BetterDiscord.exe PID 2332 wrote to memory of 1532 2332 BetterDiscord.exe BetterDiscord.exe PID 2332 wrote to memory of 1532 2332 BetterDiscord.exe BetterDiscord.exe PID 2332 wrote to memory of 1532 2332 BetterDiscord.exe BetterDiscord.exe PID 2332 wrote to memory of 1532 2332 BetterDiscord.exe BetterDiscord.exe PID 2332 wrote to memory of 1532 2332 BetterDiscord.exe BetterDiscord.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\BetterDiscord-Windows.exe"C:\Users\Admin\AppData\Local\Temp\BetterDiscord-Windows.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2452 -
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exeC:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2332 -
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=gpu-process --field-trial-handle=1056,2871016269967293641,5568062800071509830,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1064 /prefetch:23⤵PID:1532
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92.0MB
MD59c240a422e817eb7104bdb3c05f7fbfe
SHA1452e543a51767aca4ec2c77caaa181b625882a01
SHA256d4c25ec52163e9723ce45c9ac1886469d537c0bcdf55d5198d0c3be6abccc5ee
SHA512c3586e4928796ac9455820b8e3375015a67755a348e408cc4dd6a943f7bce0f142229ef8d2fb01b4de116fb95e065d9d0f1696fdd6a438e2d511ca877ef4fd78
-
Filesize
138KB
MD503aaa4f8525ba4b3e30d2a02cb40ab7a
SHA1dd9ae5f8b56d317c71d0a0a738f5d4a320a02085
SHA256c3f131faeefab4f506bf61c4b7752a6481f320429731d758ef5413a2f71441f7
SHA512c89a1b89b669602ba7c8bf2c004755cac7320189603fecb4f4c5cf7a36db72da651c7b613607146f0c6da9eec5df412c7fba75475352192351c02aebdaa7d9a9
-
Filesize
202KB
MD57d4f330a5443eadf32e041c63e7e70ad
SHA126ce6fb98c0f28f508d7b88cf94a442b81e80c88
SHA256b8704be578e7396ee3f2188d0c87d0ede5c5702e9bb8c841b5f8d458abf1356d
SHA512f1b9b0dd7396863aa0feca06175b7f9ea0be4122351ecf0a0549ee4c34f85ac8c63cc927d7409a40b6e19fa91d2cb00a145616ba19f47045b2345bfbc2d4802d
-
Filesize
9.9MB
MD580a7528515595d8b0bf99a477a7eff0d
SHA1fde9a195fc5a6a23ec82b8594f958cfcf3159437
SHA2566e0b6b0d9e14c905f2278dbf25b7bb58cc0622b7680e3b6ff617a1d42348736b
SHA512c8df47a00f7b2472d272a26b3600b7e82be7ca22526d6453901ff06370b3abb66328655868db9d4e0a11dcba02e3788cc4883261fd9a7d3e521577dde1b88459
-
Filesize
88KB
MD5af5c77e1d94dc4f772cb641bd310bc87
SHA10ceeb456e2601e22d873250bcc713bab573f2247
SHA256781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4
SHA5128c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c
-
Filesize
4.9MB
MD591f8a4b158df6967163ccbbe765e095a
SHA195db67f0a2352fd898f4a4cfdfc860f6a9c58c87
SHA256a30b8269e588c6cc2cea5fd4685da3012fd10451edb59a283005116f8e033182
SHA5126450d75d53f24d11e1c1e7e3cacfc57ee9dd09c00ca0dc2ff30f580b59a6b17e7ad7d96682195bd7d806b49068653538c77ca4200491560cecff128a0b012d92
-
Filesize
1.1MB
MD5f64750a616dcdafc38fa3fdaa966fbc5
SHA1358b77012f4a1a9c96f6370d4f7b96ab55e302fa
SHA256eaddb78f5f24d73c75e3f016457e79f0c1685d5add4ec5647efdcb3e5841b7b5
SHA51246221e0b9c11674847b9de39a23effa339ece2fb15ca6036e1bc4444f0dbe1ad6ded144ed2ae511525034210842614d295f001dab64b360c97fb9e2cf3f9e984
-
Filesize
161KB
MD5d88d23551a4d7230f98fe0cbd363695b
SHA18e28eb4153e00aa5345bdb539b925a777588a26b
SHA25672c3c123f10eb6e24c83ee40727a3a632cf7a8b062a3b7c7b41db4bfeda52ce4
SHA512ea757e91c7cfc766b35da226263e82646f5b1153b8800c5cd69321d98b6d424413dcd7a02413a6a0e2f34905daf84bd21302b7ad58f2ebd814a7ac0a92b9d284
-
Filesize
95.5MB
MD55ae459f7d906a466876c97bcec3ffb71
SHA1f10b10fe41eced22490e03c81caac85cf6072b94
SHA2567e7cf46c56cbcafd5f4b4cc05206afca5fa72abeec7fd4191400358b36c08a0b
SHA512ee3b71e1db24e93149549ed74754c4ec3d050fd58b66c28ba8caae66b4b7173d75ab0720a9a9c36d6ca80b42cb2a65d1c9f5f4042dd19b19a724800f7c9a4198
-
Filesize
112.3MB
MD5673c5e8265f3f9c40e2fc8a4b56744e4
SHA15d0b271b850f0cd8e01229b1a72a2c1215bc7956
SHA25643894debcd60fed8d64c1a724e60eb860a9d5453b3fc0529ecf9efdbc10a8128
SHA512920c25220fe7d0b6b0079f9856d3931c3dcf93c8c6cf74f1ca1b3946a327093b24c03eb726b4344445b4d386847fc67e9dcf8550c20617a79df75b5d9c3e7483
-
Filesize
2.5MB
MD5d2cc6fc3a7b6c5bcca5fae428fe799e0
SHA189cba6e9195cf95a7aa993d7aaadb331392b3bda
SHA2560d4ebdd32f016c6eb203aef4c70ad2f93fa68e5b9e92087a862b21f8133c7319
SHA51234f7e6c49ff2a230abc7c5aeeebc5ec628f07170c4638b3bfc5897a645fa5f167c54230373a39021548e0aceba50c35ef730e4ecb454bb4d882df2d699c86736
-
Filesize
7KB
MD5487368e6fce9ab9c5ea053af0990c5ef
SHA1b538e37c87d4b9a7645dcbbd9e93025a31849702
SHA256e27efa5dfde875bd6b826fafb4c7698db6b6e30e68715a1c03eb018e3170fc04
SHA512bb3ed4c0d17a11365b72653112b48c8c63ab10590dda3dfd90aa453f0d64203000e4571c73998063352240e1671d14da5ee394439899aaa31054fa2e9b722ea7
-
Filesize
100KB
MD5c6a6e03f77c313b267498515488c5740
SHA13d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA5129870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
Filesize
12KB
MD50d7ad4f45dc6f5aa87f606d0331c6901
SHA148df0911f0484cbe2a8cdd5362140b63c41ee457
SHA2563eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9