Analysis

  • max time kernel
    1799s
  • max time network
    1687s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/05/2024, 18:28

General

  • Target

    https://inspector.pypi.io/project/discordreactive/0.7/packages/f7/f6/ff0ab33489843b6891125fe516296efae08328bedc2ec2e15c3ba2fe0987/discordreactive-0.7.tar.gz/discordreactive-0.7/discordreactive/utils.py

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://inspector.pypi.io/project/discordreactive/0.7/packages/f7/f6/ff0ab33489843b6891125fe516296efae08328bedc2ec2e15c3ba2fe0987/discordreactive-0.7.tar.gz/discordreactive-0.7/discordreactive/utils.py
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2656
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffd3fa1ab58,0x7ffd3fa1ab68,0x7ffd3fa1ab78
      2⤵
        PID:4528
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1916,i,8169448656982653819,15341994197138664119,131072 /prefetch:2
        2⤵
          PID:720
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1916,i,8169448656982653819,15341994197138664119,131072 /prefetch:8
          2⤵
            PID:2308
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2184 --field-trial-handle=1916,i,8169448656982653819,15341994197138664119,131072 /prefetch:8
            2⤵
              PID:1920
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1916,i,8169448656982653819,15341994197138664119,131072 /prefetch:1
              2⤵
                PID:4704
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1916,i,8169448656982653819,15341994197138664119,131072 /prefetch:1
                2⤵
                  PID:2488
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1916,i,8169448656982653819,15341994197138664119,131072 /prefetch:8
                  2⤵
                    PID:3108
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3960 --field-trial-handle=1916,i,8169448656982653819,15341994197138664119,131072 /prefetch:8
                    2⤵
                      PID:5016
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1916,i,8169448656982653819,15341994197138664119,131072 /prefetch:8
                      2⤵
                        PID:3208
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3960 --field-trial-handle=1916,i,8169448656982653819,15341994197138664119,131072 /prefetch:8
                        2⤵
                          PID:4556
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1916,i,8169448656982653819,15341994197138664119,131072 /prefetch:8
                          2⤵
                            PID:392
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1916,i,8169448656982653819,15341994197138664119,131072 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:660
                        • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                          1⤵
                            PID:1112

                          Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5cdfb1a0-497a-47d2-bb3e-3f5353da4203.tmp

                                  Filesize

                                  132KB

                                  MD5

                                  43a70fb51d5fcc217a7d150f34d63252

                                  SHA1

                                  2a36137b6dc6e47d72ef1aca86e6b45cd1926c02

                                  SHA256

                                  c4a98be4ed0cf184e53fdeec38ec79f55fabbd088497414a581deff0145f6922

                                  SHA512

                                  b6116ce97e6d041e1e055aec53c55ae9efe2e617a372a555c60a938d31ac72c3ce1f21eeee87fb53a93e7f9593f646fe97909dad8c7e0d8a88cd79f871b1a84f

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  72B

                                  MD5

                                  829f1ed1df3c285a661d6371f2f867d2

                                  SHA1

                                  c5861e5028d42ad40d4a9f0a458b03d61d60b93d

                                  SHA256

                                  853504f7ed87af59ee78d31ac3a354cb2945e39b334c1aa037587edd4a99d80e

                                  SHA512

                                  a550cdfe25f13ba371c22c0a57a6fc9eba2fe7b1f547c0aa38486d9fcdc2a20fd3924903abaf54201536fb4090e5cdf937794343fba70ec34de090a5bd20b076

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  1KB

                                  MD5

                                  9f2ea251d3fe33677f58b7e0d8f4034e

                                  SHA1

                                  19b125dc9512b799dabcfd1cf7b60b8284bb7445

                                  SHA256

                                  2c8f55ce708674c7a56b8bcb90e569b6037600d443b5ef904faabfabe8163a7b

                                  SHA512

                                  9f78b92220b839121823d1c5c5fd51a067c61590603b08f388b091fb79fc3a400d49266113b35bab320bb2d6c4824e3f0198ed6575758c3f0e0467d456a7e79a

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                  Filesize

                                  2B

                                  MD5

                                  d751713988987e9331980363e24189ce

                                  SHA1

                                  97d170e1550eee4afc0af065b78cda302a97674c

                                  SHA256

                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                  SHA512

                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  523B

                                  MD5

                                  dc8df38283e7bd6f1e01fa877796eab1

                                  SHA1

                                  2657023d40db9c78a2eaa4f15ad2c733f4464cd3

                                  SHA256

                                  787307569c76bf668f8007116c9e6e7f71ca55300f8c654ac85569b8482be2d8

                                  SHA512

                                  407bac22e2d296a9b1a10afd5b0b500ae548999d42239cdff7a1ed107576f236bf1899f5de9e3960eea6bb3d5c8ec406f4c4b2ede564bbeb70cfbfb438d5daeb

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  6KB

                                  MD5

                                  45bd2988e967f7687a5285a6f20aeddd

                                  SHA1

                                  794362cc2b551d55257099409ac9a131b69b2504

                                  SHA256

                                  958274d933eb85d160c375500557582b26b643bb40d122caddab7b94b657f727

                                  SHA512

                                  120edb2807e36d3081ff44875859763bfa93f3c7561898fb54680d9c686ae4442db84859e7cb10f3ae3e1d2fdacb94495680ee2417b83ba0f08860c3add5bcd0

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  131KB

                                  MD5

                                  5d4d61c57536f2b20c5bdafd74c1155f

                                  SHA1

                                  a8c1e548904b10bc82a8883fd237f419a4fc3c75

                                  SHA256

                                  dab31708e4233e3831ea53c262f422e18f8c5575a04d84204b1e36b715d04a41

                                  SHA512

                                  dcdd9d730a003cffa9d7a12c340652462fa8ebb8c9eaecfaa914e946eca567d13c54237545202315a615b7815d069d62034c6f183ecd21a725adc0e44e108562

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  152KB

                                  MD5

                                  d8ba1584d8f6ba598393f6c2b2490652

                                  SHA1

                                  beb9a7efc828a555ddf3d27a0fdc174563764f41

                                  SHA256

                                  a40dc4fa44eb81f7f19b6d617ca01bbebfcaa4cef8a8b647cc98402693378862

                                  SHA512

                                  3a1ab57975f07e6b2b249d7ab9e86da5dc55bcd6343c393592989d6e9cabdb39b3b5fcaccb69a78a7329d1fd1fb53f2fddca34a0dd01e483657a8bbaca097f71

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  131KB

                                  MD5

                                  bf26557a7af49eacef75d1ebd1154e81

                                  SHA1

                                  44fffa3d25c3501aee02f481884e4403ead3297e

                                  SHA256

                                  1d427b0ef13b012d031b5ea19289495499058385f1d361d5c11432a52b8b1042

                                  SHA512

                                  12c977a85d607cc03e789fa8cf508835323847b6d9542468a53ac3051e88202d89434fe0dc7f1d83a24f903f0237f026acfe3243e9c1ea7cf649f002e388386a

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                  Filesize

                                  91KB

                                  MD5

                                  8d110a02ef8ab7f330dae140c3fe8edf

                                  SHA1

                                  d22f036607aa5557b184d04a092f4bea2ead4fd5

                                  SHA256

                                  b49760bfcadb0859ad36c98432da90cd0824b3251ab3bf611cbea5511cc21f46

                                  SHA512

                                  7c3fec15667efde17fc2ae3d01e0a7b0dc5e3e387e11f93f9e25a438d4bc07430bd99a8239848baacc0328ca26e6a616dd75ed6c16b0aca483d269dbc84574e6

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d580.TMP

                                  Filesize

                                  88KB

                                  MD5

                                  15e15430ed3dd0199a8cc8f8df7d28c7

                                  SHA1

                                  c5cc0a51b3d5b4b5eb090efdab39cb6d6f174a27

                                  SHA256

                                  9c7905e466aab201e2c9865a8ad8431c64daad7a64b3c9dc0808ba88f5b7d17d

                                  SHA512

                                  a7d25309d83120a7d6741e21379e66c823145bcb0ee5c31e0d996c442483f396f62f57bb5874cfa1a849b69e45ae0857da6d439afe6a9b307d411cf5bdc20e8c