Overview

overview

3

Static

static

1

discord_to...ng.rar

windows7-x64

3

discord_to...ng.rar

windows10-2004-x64

3

Discord-To...ICENSE

windows7-x64

1

Discord-To...ICENSE

windows10-2004-x64

1

Discord-To...DME.md

windows7-x64

3

Discord-To...DME.md

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240419-de
  • resource tags

    arch:x64arch:x86image:win7-20240419-delocale:de-deos:windows7-x64systemwindows
  • submitted
    17-05-2024 15:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Discord-Token-Checker-master/README.md

  • Size

    2KB

  • MD5

    cceeec3819b8ac65c4058c2f107fa72f

  • SHA1

    7bb85ddc5eb38c1fb76907452b0a235d4febd7cb

  • SHA256

    c60531907f391658c45549c989150fe2cc24476fcf79fac98a2a7836dbee98ca

  • SHA512

    4f6ae7b74d2f2c79bbd8f9ab0fe2ae90ba0286dfeb4f070a9e66d7025aafcc7ffafd2306e46c4f47e8772506934188aabc3518bbcf85fd974b98e3c672c2f45f

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Discord-Token-Checker-master\README.md
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2464
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Discord-Token-Checker-master\README.md
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2764
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Discord-Token-Checker-master\README.md"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2812

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    024e6f2379e402ebaebec8bd488aa741

    SHA1

    673ec279a26d288757eca6f87ca61574209ccb8f

    SHA256

    6a6d5265bfd0d14f28ad14ff2daf8213a81c5d02c437f2b188c4caba36ae2fad

    SHA512

    5454fdfc0836ca7f6632cbe9f241c1b8d3d60e91de63894dafe907271aa8f0e3dc1ba7cb14832a2d0d8e9c4697782ce3528a4dfa26e006d0f8291a4d6356f178

    Download Submit