Analysis
-
max time kernel
43s -
max time network
44s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system -
submitted
16-04-2024 23:31
Behavioral task
behavioral1
Sample
Adobe After Effects 2024 Loader.exe
Resource
win11-20240412-en
General
-
Target
Adobe After Effects 2024 Loader.exe
-
Size
78KB
-
MD5
808e8843edbdb751f81d0f8b3cbadc06
-
SHA1
8aad16da21c5baef2a4484f58a8a6e101949a097
-
SHA256
9f20ab32cfec115c1079563a1f3d447d75da4035820f9232b7d543eb8dfa7156
-
SHA512
535e26dce1c9e81319d24a8fb9c03808af79a9e403cb15a6dff0e87c188dc045d6386914841261ab378b21dd622a6fbd3993d88edeebb961f86d1dc1f7dfab1c
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+mPIC:5Zv5PDwbjNrmAE+CIC
Malware Config
Extracted
discordrat
-
discord_token
MTIyOTkzMzQ1Njc2NzU4NjMxNQ.GA8lvX.p2sO85UW28jqHfp9V6UnNZYpTZjcyonJ3PZ21I
-
server_id
1211176359427313724
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3636 Adobe After Effects 2024 Loader.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4516 MiniSearchHost.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Adobe After Effects 2024 Loader.exe"C:\Users\Admin\AppData\Local\Temp\Adobe After Effects 2024 Loader.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3636
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4516
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3572
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize11KB
MD5e3e15a868a60c5bc28058860580772ff
SHA131e64db52bcf6826fb18556214cc11cfca9ef116
SHA2564dfd6f56923734f981111a3fc4cf3e11b420522506dac49441312b2fe80c4db9
SHA5122b0db39c132bf6df3945c6acf0bc656650051c9483f0f454afd4640dc252c964049f4338889ed1289334fb536ad27997ff19746af420d11eaabf95db0e89f11c
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize11KB
MD5c0030affddfc4db4d0a06599ddadda16
SHA12e7a60a302ab2ba17317fdcead42cf4d3759eb08
SHA256e8479f26639eefedde0ef3fe76b3eb20d077d9d0394c026a8c6d6841c9dead09
SHA512018f14e2481294cefc16aac1693526c0aafc8469dffacad96ddf4bc93a965dceb11b2e4c3eed258938e9a7b5e646d455e499377a3334154a8cf749648b9f4fa2