hxxps://github[.]com/madboiY/discord-boost-bot-py/blob/main/README[.]md

Analysis

max time kernel
26s
max time network
9s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
19/04/2024, 11:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/madboiY/discord-boost-bot-py/blob/main/README.md

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133579993188410576"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3912	chrome.exe
3912	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3912	chrome.exe
3912	chrome.exe

Suspicious use of AdjustPrivilegeToken 52 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3912 wrote to memory of 624	3912	chrome.exe	77
PID 3912 wrote to memory of 624	3912	chrome.exe	77
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4544	3912	chrome.exe	78
PID 3912 wrote to memory of 4652	3912	chrome.exe	79
PID 3912 wrote to memory of 4652	3912	chrome.exe	79
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80
PID 3912 wrote to memory of 4060	3912	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/madboiY/discord-boost-bot-py/blob/main/README.md
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd4661ab58,0x7ffd4661ab68,0x7ffd4661ab78
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1812,i,15027132340676843931,11493624788341659983,131072 /prefetch:2
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1812,i,15027132340676843931,11493624788341659983,131072 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2152 --field-trial-handle=1812,i,15027132340676843931,11493624788341659983,131072 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1812,i,15027132340676843931,11493624788341659983,131072 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1812,i,15027132340676843931,11493624788341659983,131072 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1812,i,15027132340676843931,11493624788341659983,131072 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4228 --field-trial-handle=1812,i,15027132340676843931,11493624788341659983,131072 /prefetch:8
  2⤵
  PID:3992

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
29422f2b80e6055af1d9afc6f6cb0327

SHA1
aedb3fd6fe1572887b80d5c915f0c196d8f2557a

SHA256
3696dc9b814d438c01631c3f6a5a4b6d2cf584d604bd1edf7dfbd268c07cff34

SHA512
84137c722a0cb516a9c9cb8939dc130a1e97946fac90c194a5f801e00aa794c73156c00c9c8e7980aae04e374e44822815c7e8e153d37f304bae9c3c6e2b4ce7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1ef96d1ca460771831470c6c6b1d3797

SHA1
d1041a5bd2c28a975947f4f35749ca688e5545a8

SHA256
6b6c9c3f8fa41051cd14e7a02709d6369cf98c0e77cbabe7c9073ec41435947e

SHA512
fed5e37338ff0febe547790d59b88dd097e6e1166ec49998e2e860ec582b0cdc7bddddb6dad9ac3f71d289c163427e8299b0e6c3532e4bb885be5000be7e3d40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b46af1c4-db6d-4880-b9b7-162072ab093b.tmp

Filesize
7KB

MD5
738f5192be0495fe5b7f5696da3a20b9

SHA1
ffd3fa388c0c1354024b7eac749fbd94e4c56345

SHA256
9eb7a59b3e8779f3f88c00d586f56fabb631651dd2e646b4012f8b0a10d596b5

SHA512
abaf4546e7d5dfaa800c477e348df8684eca2c48e052bd06e5616c43798d20071ba1ee7645aeba7932c05c3f57dba89d9cee5932f52577a2e510c9c171441364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
4a9dc51c0cf77a8d2671ce8344c929ec

SHA1
7bfc59603b0a5152de213a693cb67babb0c411ba

SHA256
35b69d1da3bd5db8ccf950eb5ff69f4b2700702e0d359ed4e52520878cace982

SHA512
ea6c01dc063eba4d040612a81ad5dac46d419c8e1bd36fb3cccec5593214f80d0a88a28dcc70d6bc5000dbb905b09c1633b711faa792f5bc43ad62e0e99a4276

Download Submit