Analysis
-
max time kernel
10s -
max time network
11s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 15:44
Behavioral task
behavioral1
Sample
fy.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
300 seconds
General
-
Target
fy.exe
-
Size
79KB
-
MD5
d13905e018eb965ded2e28ba0ab257b5
-
SHA1
6d7fe69566fddc69b33d698591c9a2c70d834858
-
SHA256
2bd631c6665656673a923c13359b0dc211debc05b2885127e26b0dce808e2dec
-
SHA512
b95bfdebef33ac72b6c21cdf0abb4961222b7efd17267cd7236e731dd0b6105ece28e784a95455f1ffc8a6dd1d580a467b07b3bd8cb2fb19e2111f1a864c97cb
-
SSDEEP
1536:YCH0jBD2BKkwbPNrfxCXhRoKV6+V+y9viwp:VUjBD2BPwbPNrmAE+MqU
Score
10/10
Malware Config
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3544 fy.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\fy.exe"C:\Users\Admin\AppData\Local\Temp\fy.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3544
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4196,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4028 /prefetch:81⤵PID:3764