0e580fa25b5acc6fd7b28bfa3221a6d6f4295a2026a82749efcf51e5a4630833

Analysis

max time kernel
147s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 09:45

Target

discord.exe
Size

959KB
MD5

6a0960974a94725cd6408c306fdc527c
SHA1

b59f80ff0ddbc8cfaba69ed37833b1823f92eacd
SHA256

f53eb744c6db7f79b7ec24664288e7d259f54bf8c60a5638d200b9eeb117b890
SHA512

8b4af2008ae8ddbd206eac0287801cc815453025b01239b42a0330d8209238f0316fbc23c993cd86123c4f858157b8a8ce1ed96cce37553c4eb82c87cb37eb50
SSDEEP

24576:VfmT1Po89lTBbGspygYLl8OaCj/nvLRec:VeFM6XgXzTn

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3856 wrote to memory of 2864	3856	discord.exe	83
PID 3856 wrote to memory of 2864	3856	discord.exe	83
PID 2864 wrote to memory of 1540	2864	cmd.exe	85
PID 2864 wrote to memory of 1540	2864	cmd.exe	85
PID 2864 wrote to memory of 1196	2864	cmd.exe	86
PID 2864 wrote to memory of 1196	2864	cmd.exe	86
PID 2864 wrote to memory of 4616	2864	cmd.exe	87
PID 2864 wrote to memory of 4616	2864	cmd.exe	87

C:\Users\Admin\AppData\Local\Temp\discord.exe
"C:\Users\Admin\AppData\Local\Temp\discord.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\discord.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2864
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\discord.exe" MD5
    3⤵
    PID:1540
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:1196
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:4616