Analysis
-
max time kernel
1799s -
max time network
1685s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
27/05/2024, 18:28
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://inspector.pypi.io/project/discordreactive/0.7/packages/f7/f6/ff0ab33489843b6891125fe516296efae08328bedc2ec2e15c3ba2fe0987/discordreactive-0.7.tar.gz/discordreactive-0.7/discordreactive/utils.py
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
https://inspector.pypi.io/project/discordreactive/0.7/packages/f7/f6/ff0ab33489843b6891125fe516296efae08328bedc2ec2e15c3ba2fe0987/discordreactive-0.7.tar.gz/discordreactive-0.7/discordreactive/utils.py
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
https://inspector.pypi.io/project/discordreactive/0.7/packages/f7/f6/ff0ab33489843b6891125fe516296efae08328bedc2ec2e15c3ba2fe0987/discordreactive-0.7.tar.gz/discordreactive-0.7/discordreactive/utils.py
Resource
win10v2004-20240426-en
General
-
Target
https://inspector.pypi.io/project/discordreactive/0.7/packages/f7/f6/ff0ab33489843b6891125fe516296efae08328bedc2ec2e15c3ba2fe0987/discordreactive-0.7.tar.gz/discordreactive-0.7/discordreactive/utils.py
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133613088448051219" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2856 chrome.exe 2856 chrome.exe 4092 chrome.exe 4092 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2856 chrome.exe 2856 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeCreatePagefilePrivilege 2856 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2856 wrote to memory of 4400 2856 chrome.exe 73 PID 2856 wrote to memory of 4400 2856 chrome.exe 73 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 2536 2856 chrome.exe 75 PID 2856 wrote to memory of 928 2856 chrome.exe 76 PID 2856 wrote to memory of 928 2856 chrome.exe 76 PID 2856 wrote to memory of 3604 2856 chrome.exe 77 PID 2856 wrote to memory of 3604 2856 chrome.exe 77 PID 2856 wrote to memory of 3604 2856 chrome.exe 77 PID 2856 wrote to memory of 3604 2856 chrome.exe 77 PID 2856 wrote to memory of 3604 2856 chrome.exe 77 PID 2856 wrote to memory of 3604 2856 chrome.exe 77 PID 2856 wrote to memory of 3604 2856 chrome.exe 77 PID 2856 wrote to memory of 3604 2856 chrome.exe 77 PID 2856 wrote to memory of 3604 2856 chrome.exe 77 PID 2856 wrote to memory of 3604 2856 chrome.exe 77 PID 2856 wrote to memory of 3604 2856 chrome.exe 77 PID 2856 wrote to memory of 3604 2856 chrome.exe 77 PID 2856 wrote to memory of 3604 2856 chrome.exe 77 PID 2856 wrote to memory of 3604 2856 chrome.exe 77 PID 2856 wrote to memory of 3604 2856 chrome.exe 77 PID 2856 wrote to memory of 3604 2856 chrome.exe 77 PID 2856 wrote to memory of 3604 2856 chrome.exe 77 PID 2856 wrote to memory of 3604 2856 chrome.exe 77 PID 2856 wrote to memory of 3604 2856 chrome.exe 77 PID 2856 wrote to memory of 3604 2856 chrome.exe 77 PID 2856 wrote to memory of 3604 2856 chrome.exe 77 PID 2856 wrote to memory of 3604 2856 chrome.exe 77
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://inspector.pypi.io/project/discordreactive/0.7/packages/f7/f6/ff0ab33489843b6891125fe516296efae08328bedc2ec2e15c3ba2fe0987/discordreactive-0.7.tar.gz/discordreactive-0.7/discordreactive/utils.py1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2856 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff1c899758,0x7fff1c899768,0x7fff1c8997782⤵PID:4400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:22⤵PID:2536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:82⤵PID:928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:82⤵PID:3604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:12⤵PID:2600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:12⤵PID:5064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:82⤵PID:4364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3820 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:82⤵PID:4560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2520 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4092
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4148
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72B
MD50c3dcdc833fe5bf3590d4a5fe08a0976
SHA1f369ea4b83b44333b3969fe7c033c8e2d13c4f4b
SHA2561feec55e237c988bb8bb2cabdec5b5442b7ccb78cebb761830cfb77c08cad4f1
SHA512c5b3eec2e8517178c6fc112ce13ac17da24ba81abab995e7d441d09a9f0dc8445b20d7766c0264e20cfd287e6e3cede7cf3954447a068830069a77c26879130f
-
Filesize
766B
MD5e5947ded718dc06ecdeb984bca332db5
SHA17b31e7c9b9a72ba92c4ea3bc1bfd4d8953dd867b
SHA256399aa0959802b6e111ffad298968e63aa8be37e41175b20aab9041c2caf80590
SHA512360b664aa1750a2645ed8b93787279fa3573382e8655c1c254e770069dd8c145a767037ef37e090bddb2845b259c1d8a50e7f573b155a467f5e550496b3b6f7a
-
Filesize
536B
MD5a86e28b8346a77a72a477b73ec64eb9d
SHA1fbe46583bb269e47b77a802c19bd14446f9a081e
SHA2561b11f98506975f26d2569cd2bfdcb1346ba4730809e3428e7d846c76f7184e06
SHA512f606f7e35ad836f01be3fb4de67b73f70483674bde747cd76ee12dae46a661254067a913dd333c56f9d546b71468c1f3ffb466e4b14daf8d606e9be9781377fe
-
Filesize
6KB
MD54a23d3c4dc94f53c9b74363db118b940
SHA1062a4c49040b32f110e4bde0bcd7e31d699de456
SHA2564ac2265261caa60ce4a87453c470f517d3e8420280546299cf3bccd4ee0e6efe
SHA512fa52ce1b0a840b3360a10617332c0a6b4b36e373cdf976c05f47cc22f219f1c3fd358fa297d14a6b79b70e35eac53c359735919f7a99d068d46e56f4c28ca263
-
Filesize
6KB
MD510fbcdffa8d8a6c376efbfe14403f0c2
SHA157ebff6ea810a819ef09711f4c2bbb4f67f85acd
SHA256e35f821c2f18bf312cf005afdbe5f7474625a2e4686bbd98d2bb5ec88e262e9a
SHA51204e7dcc598ae0b270619f684ddc256a0ff9a5808c2fa5f5da1737c9fc77f541c59bb2ad5fc755e9a0da6d13721d0fc8fa7407e27dd7c389ccda762e58cc11fbf
-
Filesize
6KB
MD5db096f6050c630268aaf38d0209c15ef
SHA1478e25358a7902a7baf439bc091ddad829986c6a
SHA256712b498c04a9e6741d02cb0371355aead362bf1eccc5f7c31163b0cc98a09598
SHA5125ecadd6d19d21811ed4bbd694a603513d9d74bc9ad391e11b7008768ae0d91a162ba1017433d3b7b794a03d146e0a3881354fcf41b760037325f38186193c9d3
-
Filesize
136KB
MD55668331129069c7500f1ec8d65ab542b
SHA19afb39698d34280b0eb80b1281874b36e809d801
SHA25656b390a3923c54bd9c9042ed6802ac84a45b2b4bb56d60c377dba4d9e3406dc5
SHA5125dab11ee408491ac2d7c769fdc1b241c9bfbe3fc9b064b697650838d56f0a630d1947206f203974729686c44151e77b9baffdf9af62e6906e24092a596e0bc45
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd