Analysis Overview
SHA256
d44023ff21143bdb829f1098fba8371d2b41098b7a0277f7103e4f77540f9c34
Threat Level: Shows suspicious behavior
The file DiscordGiftCodeBruteForcer.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Unsigned PE
Detects Pyinstaller
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-04 09:55
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 09:55
Reported
2024-06-04 09:56
Platform
win11-20240426-en
Max time kernel
14s
Command Line
Signatures
Loads dropped DLL
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 35 | N/A | C:\Users\Admin\AppData\Local\Temp\DiscordGiftCodeBruteForcer.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3124 wrote to memory of 4836 | N/A | C:\Users\Admin\AppData\Local\Temp\DiscordGiftCodeBruteForcer.exe | C:\Users\Admin\AppData\Local\Temp\DiscordGiftCodeBruteForcer.exe |
| PID 3124 wrote to memory of 4836 | N/A | C:\Users\Admin\AppData\Local\Temp\DiscordGiftCodeBruteForcer.exe | C:\Users\Admin\AppData\Local\Temp\DiscordGiftCodeBruteForcer.exe |
| PID 4836 wrote to memory of 3524 | N/A | C:\Users\Admin\AppData\Local\Temp\DiscordGiftCodeBruteForcer.exe | C:\Windows\system32\cmd.exe |
| PID 4836 wrote to memory of 3524 | N/A | C:\Users\Admin\AppData\Local\Temp\DiscordGiftCodeBruteForcer.exe | C:\Windows\system32\cmd.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\DiscordGiftCodeBruteForcer.exe
"C:\Users\Admin\AppData\Local\Temp\DiscordGiftCodeBruteForcer.exe"
C:\Users\Admin\AppData\Local\Temp\DiscordGiftCodeBruteForcer.exe
"C:\Users\Admin\AppData\Local\Temp\DiscordGiftCodeBruteForcer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c pause
Network
Files
C:\Users\Admin\AppData\Local\Temp\_MEI31242\DiscordGiftCodeBruteForcer.exe.manifest
| MD5 | b4f99cb5db04feee991937c3d0561de2 |
| SHA1 | 55e5e7982a4f3a4596a132001bee409e5f42a4b2 |
| SHA256 | 0ce2b4dec822694d469c40d331829083ab1f9203e09db329cda2de7c01a68469 |
| SHA512 | b80e5b317ff54269d61eb43dd45e645f1271f49f58b9347e32edc5f0905f5eba84818fdb3648127b5e650f46e5b97fd287cc11337a2b0d7dde5feeab4fc0748c |
C:\Users\Admin\AppData\Local\Temp\_MEI31242\python36.dll
| MD5 | 5ad92cd8ea4f899ad63d2cb442099737 |
| SHA1 | 7889e4ff08389053e3d434742df023ebd2767cf1 |
| SHA256 | 5d76cd4d993b02c8cb8bba34d03ad9be1698e26b3cdb51a4c13a637558b4a68c |
| SHA512 | aa90b57c066a6b15276b7a1842a168d7ce471b08c71756a1a9fafba3e1c2ecfd007d8ce996ac611e2822ee614029a975ff5ad3126b9fad2ce321fbced563dbbb |
C:\Users\Admin\AppData\Local\Temp\_MEI31242\VCRUNTIME140.dll
| MD5 | edf9d5c18111d82cf10ec99f6afa6b47 |
| SHA1 | d247f5b9d4d3061e3d421e0e623595aa40d9493c |
| SHA256 | d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb |
| SHA512 | bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf |
C:\Users\Admin\AppData\Local\Temp\_MEI31242\base_library.zip
| MD5 | 45c2980781a10d22d5212d9a942311a0 |
| SHA1 | 7d4121369cf859ea4394ebefea4a888fc8264b27 |
| SHA256 | bf61051bb15c99f8bedb99b107a870e7caf0848452868a633e8b3812dc1ad390 |
| SHA512 | 808e35766f605439eaa1944dbbafddcbe707b93cc824b480c2719b3aff52bb2abd445b10f944a79641cc847bc6182a3d9188d2c18c9feb898979924b60375fe4 |
C:\Users\Admin\AppData\Local\Temp\_MEI31242\_ctypes.pyd
| MD5 | f5d2650f9226d17671ca10c453b0fb9b |
| SHA1 | e47e33a740e65ac29e7f779128967fe25be19869 |
| SHA256 | 9e79b96f69cd2fb0da753359699431e922d6f3d68a073b7e86b7d57dce221617 |
| SHA512 | d90c6ff9cda0a9e25c8512ac62db044e63730591de334f14422b7ec543882675bcc51092992f44304c55fd5a7433d75426fb21845ee061b7053f7bfc3317a073 |
C:\Users\Admin\AppData\Local\Temp\_MEI31242\_socket.pyd
| MD5 | 066722e8118f2b864b92826eea77d6c9 |
| SHA1 | f9da490850ff04882863ca20f745e7f1f8e3ba39 |
| SHA256 | 573854cd21c2514c138a167aec4d4334c6e1658c37ca779d8b907f596f127c24 |
| SHA512 | 3719644b243cdfd4fe568e1d1f6494a2db8de963da2075e47d86102e4ecc180256e030bc39abe5ba120990d6b04151655200d7d21cb42ccf891e7f72a2f8d9c0 |
C:\Users\Admin\AppData\Local\Temp\_MEI31242\select.pyd
| MD5 | b35525165a7d2d4340a583de73719571 |
| SHA1 | b5ae07d461e91ccbc2ecbd3ce74c90f6d3757f3c |
| SHA256 | f407806704d6fac51554d581e078344b089013e7c2fa3dbf4440246a498a82c3 |
| SHA512 | 40af07025de6f3569c2466c3d146e14443e3f00f1c21ac302e8f685b6b73abdaad0d1178a8d867230e3635337136e0f7b2bdb04fa50224b21aceccb5e1bb0a2f |
C:\Users\Admin\AppData\Local\Temp\_MEI31242\_ssl.pyd
| MD5 | 1f20676f86cafd39263fb36e77175833 |
| SHA1 | 757dad47b44b270d51f32f619f0362a7e5fe3b51 |
| SHA256 | 7f7b7f4ed7eefd2cd2db15a5c36042bcb95f76af8c29d834d49d36b12a4beb60 |
| SHA512 | e30373c5924e9c8ec8f418bf871251fbdc34cabcf7a33aa0b5f721f7923f4144e0febf9a9b3c83684f2899dd7fe7dae077bfc44bf96db53d083845d2ca20d970 |
C:\Users\Admin\AppData\Local\Temp\_MEI31242\_hashlib.pyd
| MD5 | 571f6da010e273428c3b20cd98e4f3f2 |
| SHA1 | 8b7df1c7f150c44a32c38c9497d9b0d86576d17d |
| SHA256 | b3937480942b42b591453826fe5600e4af08a60c56e5c960ee91c05e3c10a770 |
| SHA512 | c4b30709a4ada16df89f4b4e6504b38f7d8de1da6bd64f4728bdc4627f447eca311e82c1fe826c39001fe799259975ac2e41b05847681cc37a2346d78080e88e |
C:\Users\Admin\AppData\Local\Temp\_MEI31242\unicodedata.pyd
| MD5 | 3a6da8ace7fe6c708b58fffce1d4e93c |
| SHA1 | 7ddb16a5988485d5e8eca20f1890827895937a83 |
| SHA256 | 1c421c15e69508d1036ce5a670360b988cea16abc4f2a8e069ba877fa917aef7 |
| SHA512 | da163f5daf9e0faea1ca0c428a8f902afde341ce5793c83cc0a10086170b21b3385fc570c0fabf2c0dec7cb929b7b465872c9db33f149a75cf4ab80bde69dba3 |
C:\Users\Admin\AppData\Local\Temp\_MEI31242\_lzma.pyd
| MD5 | 083b382d8f5b11ba384965349787a661 |
| SHA1 | b1f16395d9eadb0921530edee7dcf279ff6db3a2 |
| SHA256 | 792c63be95ffa45d699403399ff0bbae87fbf1699103978cf7f2e93e9f91784a |
| SHA512 | 2df67d680fa529c85636d164b0a401fb3ae0afbec8a263c6db71f68050aea033d2a4ca1cb1f3eb003b06497a9b4d6de8f9400c4cd3bec6308718b4db8e5a1fad |
C:\Users\Admin\AppData\Local\Temp\_MEI31242\_cffi_backend.cp36-win_amd64.pyd
| MD5 | 67906bd5a2a22579d94e60d671b978ac |
| SHA1 | 03d8833f41d5d6ab5c7846ce04cbf93eff17e751 |
| SHA256 | 7c6c476147e5c48645aab10afd4474a153b37d9ca243f456f84e9ef215b490c0 |
| SHA512 | 47242101219573a0470bac9fa35765be89ffedfe4ba0fc3cbe13ee6fcc231e6a92c7ab7204ec82fe9ac25e9325b361bbe4df9a0f58ce6d0b2641ffe3684f774e |
C:\Users\Admin\AppData\Local\Temp\_MEI31242\cryptography\hazmat\bindings\_constant_time.cp36-win_amd64.pyd
| MD5 | eaaebf3d22e1dd483d6e8b7009f0fb13 |
| SHA1 | b4c1ed0bdd683e03849312822c626489ca0d3ccc |
| SHA256 | 97f9f16a2b799288c51a698620ebd39a5a4d65509bc3a12784f80763623c822b |
| SHA512 | 247dd56112cc5789a5a391d037b81c128adec27618d53902a040efdc68869fccf31440ba0b7e69b0c305e82880fd630aae2c895dc0afe5425e48ac51972bea46 |
C:\Users\Admin\AppData\Local\Temp\_MEI31242\cryptography\hazmat\bindings\_openssl.cp36-win_amd64.pyd
| MD5 | 6ed5a5101b7e4c0ec64786f1506915c7 |
| SHA1 | c9df61f2d46d8cb4be237c5092fc6cdfe950853d |
| SHA256 | 1e89f6a6925e97a91cf3c1b3e4721cc1289fe145824ade042acfce94e5f3f1ec |
| SHA512 | 6f9deeb2639da24272a9218ba6b4ced6f8dd8234b5fa68c1eec34225e7f3138239fa1406af3bc97dd5b8470aa0d45b569fcf1a352a4ffa291254d5b0b1213a75 |
C:\Users\Admin\AppData\Local\Temp\_MEI31242\_bz2.pyd
| MD5 | 6e22d22c5edb0327d58a62a16d2633e8 |
| SHA1 | 8564b7bed2e1b4f256dd96d26e7415d778285c54 |
| SHA256 | 319b0a8417f2d95a96b23ef6746ac02865059072214a1b3b9e3ef8c4096e38b7 |
| SHA512 | 1efbf211c3af3e6a2eab9e1799f82138d1dc6518044a49fbf9e296bab92c4c4b69948d8834e7c68422bf4982abcda8fddb2de9cdc50bb66b90e0a58a1bc2519e |