Analysis
-
max time kernel
147s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
03-05-2024 08:07
Behavioral task
behavioral1
Sample
DiscordNSR.exe
Resource
win7-20240215-en
5 signatures
150 seconds
General
-
Target
DiscordNSR.exe
-
Size
202KB
-
MD5
dce58e168f842bfbfbe6d26aa60b2781
-
SHA1
ee971a8adf441ed47dbcbe636fc2eed58e832145
-
SHA256
e3dd4a2c939abd57b170c6c60bca32b5c2676810111b97d0e7dcb94cf5fe05a1
-
SHA512
d54bb1653d72edc32201311fc4a3be2d0755e1961688325912fd402caeeac3ddd5072299e4131eb8176160a95b938ee7f3506817bb4fd8762108725010a9d410
-
SSDEEP
6144:gLV6Bta6dtJmakIM5p06EzFNGW6/263FOhe:gLV6BtpmkOae92u7
Malware Config
Signatures
-
Processes:
DiscordNSR.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA DiscordNSR.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
DiscordNSR.exepid process 3024 DiscordNSR.exe 3024 DiscordNSR.exe 3024 DiscordNSR.exe 3024 DiscordNSR.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
DiscordNSR.exepid process 3024 DiscordNSR.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
DiscordNSR.exedescription pid process Token: SeDebugPrivilege 3024 DiscordNSR.exe