Overview

overview

8

Static

static

3

x64/Releas...PC.dll

windows10-1703-x64

1

x64/Releas...er.dll

windows10-1703-x64

1

x64/Releas...on.dll

windows10-1703-x64

1

x64/Releas...rd.dll

windows10-1703-x64

1

x64/Releas...pf.dll

windows10-1703-x64

1

x64/Releas...p1.exe

windows10-1703-x64

1

x64/Releas...p1.exe

windows10-1703-x64

8

x64/Releas...et.dll

windows10-1703-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    140s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    06-05-2024 15:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    x64/Release/net6.0-windows/DiscordRPC.dll

  • Size

    82KB

  • MD5

    c6115a08c8e50dac0194fb98d3edc9d2

  • SHA1

    903da7fb7ad47b7ad8eb5984ed54a865f6148744

  • SHA256

    4dd4d48e0681604e3a7a72b6eae42173421d0b806b1af8fa03b45d9999978499

  • SHA512

    3e43f721cf7b1ab28a4ff771b4186c70523eb2bd236063111593453c08dc8a7cf3fffd6a15af72502e8b800a35fbc7a7bd4ebb5b8f5f41796ee62a7a4a96c324

  • SSDEEP

    768:eZGfuhWbsoZkmJPTsERSrxWjOFB8ZZnwUMOpSJAT9wQtc3nIYH+nijpJRMnk56Ha:TWIbP3QxWjOQ5pYlPMkh+mTxtSNy

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\x64\Release\net6.0-windows\DiscordRPC.dll,#1
    1⤵
      PID:404
    • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\NewDismount.ods"
      1⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:1376
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2116
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:316
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="316.0.130930484\1781472188" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60125bb0-1913-4ae7-824a-674215184686} 316 "\\.\pipe\gecko-crash-server-pipe.316" 1780 265b4ed6158 gpu
          3⤵
            PID:1888
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="316.1.1479846337\626760944" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1113f1d8-a081-4b96-9250-e6ddb1a07821} 316 "\\.\pipe\gecko-crash-server-pipe.316" 2136 265a9c72858 socket
            3⤵
              PID:5104
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="316.2.267359308\1271523722" -childID 1 -isForBrowser -prefsHandle 3016 -prefMapHandle 3012 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc6552e5-8787-43e3-a3f2-b759f1ac1e9f} 316 "\\.\pipe\gecko-crash-server-pipe.316" 2808 265b4e5e158 tab
              3⤵
                PID:4488
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="316.3.155297810\840220739" -childID 2 -isForBrowser -prefsHandle 3480 -prefMapHandle 3476 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1080c2a8-02ff-4bcb-880c-4979113fe993} 316 "\\.\pipe\gecko-crash-server-pipe.316" 3484 265b7704858 tab
                3⤵
                  PID:4292
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="316.4.1392520771\764529310" -childID 3 -isForBrowser -prefsHandle 4164 -prefMapHandle 4160 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0dbf4905-14d7-4fce-85ff-c0ef31bec597} 316 "\\.\pipe\gecko-crash-server-pipe.316" 4168 265b9e78f58 tab
                  3⤵
                    PID:4236
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="316.5.588631132\1441924117" -childID 4 -isForBrowser -prefsHandle 4812 -prefMapHandle 4808 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bebe048a-b0bf-4235-861d-45d88d09cd3b} 316 "\\.\pipe\gecko-crash-server-pipe.316" 4820 265baffc358 tab
                    3⤵
                      PID:3140
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="316.6.1327768862\1777215431" -childID 5 -isForBrowser -prefsHandle 4956 -prefMapHandle 4960 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ae47b44-8072-4f54-94ee-7362eb4b087d} 316 "\\.\pipe\gecko-crash-server-pipe.316" 4948 265bbc0e958 tab
                      3⤵
                        PID:4764
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="316.7.1302749395\926096872" -childID 6 -isForBrowser -prefsHandle 5144 -prefMapHandle 5148 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b1b6493-d238-41ad-929f-8bf606ce00b7} 316 "\\.\pipe\gecko-crash-server-pipe.316" 5136 265bbc0d158 tab
                        3⤵
                          PID:404
                    • C:\Windows\System32\rundll32.exe
                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                      1⤵
                        PID:4332

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
                        Filesize

                        2KB

                        MD5

                        008dda6bc7a4f74e3fee8df3442cddb9

                        SHA1

                        12cee3e12030372e9ae14a010f569b60f367e4b9

                        SHA256

                        248af8c531ac835be9f55028b9508889e8e0be769a567b66fca04e94c5d3062d

                        SHA512

                        adb42a788128ea92d5076a3d15ef749a6a7738c0e830d922997a857c25da9716e5077088eb047be3d642db079f4445941a3ce3671acc929145a1ec0de5122bc5

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\4a7da7d0-d539-48d3-b96e-342453816e19
                        Filesize

                        12KB

                        MD5

                        a67e6bb4cd4dbde662433d28a23871ec

                        SHA1

                        d1e66ea98711aa73e856b294995fde1661bd27e0

                        SHA256

                        40c82070f16bce3e235cdfdc8ecfc2dc420dce1caf4040734236724d102efe8b

                        SHA512

                        942998f1fafca76a7a350707fe79e0315067a9c5c89f4e7ef11e6dc7d8b23d94dbeb7d84abe4a6e79b76110639a802c6b6dc2622a5116193b2c78efcb3e7a3b5

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\65eb2adf-0205-4759-962a-8d29b0c8810d
                        Filesize

                        746B

                        MD5

                        3b08c046005bc09b12f26783fdf477f8

                        SHA1

                        0b02a05307b4ad7fdaeea8ec250474291e7cbc35

                        SHA256

                        1168e96a79636e77e48f5b19cfe95ce24f8a8f3b22e6aab7c93fef7a52f02b01

                        SHA512

                        bfa97f1b9945ad8fffbfabf804b7a2fb2367683202b5ba97580dea22808be4e9393fe2762a14dafb82d245c0e995ccd7ac623754eb1dcb442c3b07e935edcd1a

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        4657faca09e8b954d76f19cd07f5fc9c

                        SHA1

                        a2f36547e2a61deee953c3c31a20b888e2d2c011

                        SHA256

                        0bf2f2cf1e34a04cf04dac11abcbfe20bacdf4ec161fa5931dc2a70738a03fbf

                        SHA512

                        8b57492c019287cb57fb1a5c961bc3dbdfe545ff906f3b1fd4d1b5b8264b37bb4bd5a414f98b369a64ff60d79f9fbf139221f4a9cb7ed6986613198aa1e5f69b

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        2ad6f65186c19fadb0010c3b422eec7b

                        SHA1

                        9f254ee3241a6a6d14ab478a86c067389212dbbb

                        SHA256

                        dec0f6c03548ab6ed78d49b2fde3234ff3bd099cdd53187400cf077cdad90191

                        SHA512

                        6047a4664df6b70fd9f868b1155f6f265de7ea5744a3ad7b8a41790eb2325942903efd48ed301a7469620ab25ff5fb71d4d66622477fe3303fec2c55e9898060

                        Download Submit

                      • memory/1376-17-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-26-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-9-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-5-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-4-0x00007FFE53D30000-0x00007FFE53D40000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/1376-12-0x00007FFE509E0000-0x00007FFE509F0000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/1376-13-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-14-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-15-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-16-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-18-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-20-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-21-0x00007FFE509E0000-0x00007FFE509F0000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/1376-19-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-22-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-0-0x00007FFE53D30000-0x00007FFE53D40000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/1376-24-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-11-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-29-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-30-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-28-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-27-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-25-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-23-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-182-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-196-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-222-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-221-0x00007FFE53D30000-0x00007FFE53D40000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/1376-220-0x00007FFE53D30000-0x00007FFE53D40000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/1376-219-0x00007FFE53D30000-0x00007FFE53D40000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/1376-218-0x00007FFE53D30000-0x00007FFE53D40000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/1376-10-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-8-0x00007FFE93CA0000-0x00007FFE93E7B000-memory.dmp

                        Filesize

                        1.9MB

                        Download

                      • memory/1376-3-0x00007FFE53D30000-0x00007FFE53D40000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/1376-2-0x00007FFE93D45000-0x00007FFE93D46000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/1376-1-0x00007FFE53D30000-0x00007FFE53D40000-memory.dmp

                        Filesize

                        64KB

                        Download