Analysis
-
max time kernel
441s -
max time network
444s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26-05-2024 14:55
Behavioral task
behavioral1
Sample
Discord.Raidkit.v2.4.5.zip
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Discord.Raidkit.v2.4.5.zip
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
Discord Raidkit v2.4.5.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Discord Raidkit v2.4.5.exe
Resource
win10v2004-20240508-en
General
-
Target
Discord Raidkit v2.4.5.exe
-
Size
5.4MB
-
MD5
fbdc975dd9bfab2b79401879e6dc66a2
-
SHA1
94aa43fe592706bf976fca1f0566fcaff7b6cd6c
-
SHA256
0b354d57f82dfc022caf17b14cdcb96d7dacccc712ec7ce9e32f3b5b4c77cb5b
-
SHA512
1b26d84890f3c12a4c96edabe828ac0cb355a99718314afa5c5f0d718daf66e48a626a00d5632f7d7877da9d4f634e687c3a8b2ae94c34199702dbec02dde87e
-
SSDEEP
98304:Jnm+hMM6m4p6WMslumrwaTqs/IkvYIxM+KCUtnQwgtuESzHAA5GBdMcH:Jnd2m4QoArlkAIuDCUJ3ES7dmdJH
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
Discord Raidkit v2.4.5.exedescription pid process target process PID 2408 wrote to memory of 332 2408 Discord Raidkit v2.4.5.exe cmd.exe PID 2408 wrote to memory of 332 2408 Discord Raidkit v2.4.5.exe cmd.exe PID 2408 wrote to memory of 1028 2408 Discord Raidkit v2.4.5.exe cmd.exe PID 2408 wrote to memory of 1028 2408 Discord Raidkit v2.4.5.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Discord Raidkit v2.4.5.exe"C:\Users\Admin\AppData\Local\Temp\Discord Raidkit v2.4.5.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2408 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:332
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:1028