Analysis

  • max time kernel
    1799s
  • max time network
    1685s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    27/05/2024, 18:28

General

  • Target

    https://inspector.pypi.io/project/discordreactive/0.7/packages/f7/f6/ff0ab33489843b6891125fe516296efae08328bedc2ec2e15c3ba2fe0987/discordreactive-0.7.tar.gz/discordreactive-0.7/discordreactive/utils.py

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://inspector.pypi.io/project/discordreactive/0.7/packages/f7/f6/ff0ab33489843b6891125fe516296efae08328bedc2ec2e15c3ba2fe0987/discordreactive-0.7.tar.gz/discordreactive-0.7/discordreactive/utils.py
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff1c899758,0x7fff1c899768,0x7fff1c899778
      2⤵
        PID:4400
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:2
        2⤵
          PID:2536
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:8
          2⤵
            PID:928
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:8
            2⤵
              PID:3604
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:1
              2⤵
                PID:2600
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:1
                2⤵
                  PID:5064
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:8
                  2⤵
                    PID:4364
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3820 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:8
                    2⤵
                      PID:4560
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2520 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:2
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4092
                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                    1⤵
                      PID:4148

                    Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                            Filesize

                            72B

                            MD5

                            0c3dcdc833fe5bf3590d4a5fe08a0976

                            SHA1

                            f369ea4b83b44333b3969fe7c033c8e2d13c4f4b

                            SHA256

                            1feec55e237c988bb8bb2cabdec5b5442b7ccb78cebb761830cfb77c08cad4f1

                            SHA512

                            c5b3eec2e8517178c6fc112ce13ac17da24ba81abab995e7d441d09a9f0dc8445b20d7766c0264e20cfd287e6e3cede7cf3954447a068830069a77c26879130f

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                            Filesize

                            766B

                            MD5

                            e5947ded718dc06ecdeb984bca332db5

                            SHA1

                            7b31e7c9b9a72ba92c4ea3bc1bfd4d8953dd867b

                            SHA256

                            399aa0959802b6e111ffad298968e63aa8be37e41175b20aab9041c2caf80590

                            SHA512

                            360b664aa1750a2645ed8b93787279fa3573382e8655c1c254e770069dd8c145a767037ef37e090bddb2845b259c1d8a50e7f573b155a467f5e550496b3b6f7a

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                            Filesize

                            536B

                            MD5

                            a86e28b8346a77a72a477b73ec64eb9d

                            SHA1

                            fbe46583bb269e47b77a802c19bd14446f9a081e

                            SHA256

                            1b11f98506975f26d2569cd2bfdcb1346ba4730809e3428e7d846c76f7184e06

                            SHA512

                            f606f7e35ad836f01be3fb4de67b73f70483674bde747cd76ee12dae46a661254067a913dd333c56f9d546b71468c1f3ffb466e4b14daf8d606e9be9781377fe

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            4a23d3c4dc94f53c9b74363db118b940

                            SHA1

                            062a4c49040b32f110e4bde0bcd7e31d699de456

                            SHA256

                            4ac2265261caa60ce4a87453c470f517d3e8420280546299cf3bccd4ee0e6efe

                            SHA512

                            fa52ce1b0a840b3360a10617332c0a6b4b36e373cdf976c05f47cc22f219f1c3fd358fa297d14a6b79b70e35eac53c359735919f7a99d068d46e56f4c28ca263

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            10fbcdffa8d8a6c376efbfe14403f0c2

                            SHA1

                            57ebff6ea810a819ef09711f4c2bbb4f67f85acd

                            SHA256

                            e35f821c2f18bf312cf005afdbe5f7474625a2e4686bbd98d2bb5ec88e262e9a

                            SHA512

                            04e7dcc598ae0b270619f684ddc256a0ff9a5808c2fa5f5da1737c9fc77f541c59bb2ad5fc755e9a0da6d13721d0fc8fa7407e27dd7c389ccda762e58cc11fbf

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            db096f6050c630268aaf38d0209c15ef

                            SHA1

                            478e25358a7902a7baf439bc091ddad829986c6a

                            SHA256

                            712b498c04a9e6741d02cb0371355aead362bf1eccc5f7c31163b0cc98a09598

                            SHA512

                            5ecadd6d19d21811ed4bbd694a603513d9d74bc9ad391e11b7008768ae0d91a162ba1017433d3b7b794a03d146e0a3881354fcf41b760037325f38186193c9d3

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                            Filesize

                            136KB

                            MD5

                            5668331129069c7500f1ec8d65ab542b

                            SHA1

                            9afb39698d34280b0eb80b1281874b36e809d801

                            SHA256

                            56b390a3923c54bd9c9042ed6802ac84a45b2b4bb56d60c377dba4d9e3406dc5

                            SHA512

                            5dab11ee408491ac2d7c769fdc1b241c9bfbe3fc9b064b697650838d56f0a630d1947206f203974729686c44151e77b9baffdf9af62e6906e24092a596e0bc45

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                            Filesize

                            2B

                            MD5

                            99914b932bd37a50b983c5e7c90ae93b

                            SHA1

                            bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                            SHA256

                            44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                            SHA512

                            27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd