Analysis
-
max time kernel
65s -
max time network
68s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
06-06-2024 17:50
Behavioral task
behavioral1
Sample
main.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
main.exe
Resource
win10v2004-20240426-en
General
-
Target
main.exe
-
Size
11.4MB
-
MD5
7923b0cfccfb2aed2f8891f70b4d653b
-
SHA1
ccbf5199ef6fcab7cdcb76aa6b0f8407890e569b
-
SHA256
af6d3d5d4869037547a06e1e8fd89146df1f53d48ebb68090df2a9e17f656a0e
-
SHA512
7fe0dbc9086a7d9091d48d1e9616855d2e3169d038308aac98765cbd97a930ea16bda43925070a9cc4f2e85b7f5ffe70654290fce447eeb5eea5f3dcf6ed8714
-
SSDEEP
196608:YlPghaPs9cAolvW0bF7FoRE2nOL2Vmd6+DsnNgwQ+dtLZ7k/f8WmoG0LRIbebsY:HISG1FeREWOL2Vmd6mcNjd7IUJIEe4
Malware Config
Signatures
-
Loads dropped DLL 27 IoCs
Processes:
main.exepid process 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe 2972 main.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
main.exedescription pid process Token: SeDebugPrivilege 2972 main.exe -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
main.exemain.exedescription pid process target process PID 1532 wrote to memory of 2972 1532 main.exe main.exe PID 1532 wrote to memory of 2972 1532 main.exe main.exe PID 2972 wrote to memory of 1708 2972 main.exe cmd.exe PID 2972 wrote to memory of 1708 2972 main.exe cmd.exe PID 2972 wrote to memory of 2656 2972 main.exe cmd.exe PID 2972 wrote to memory of 2656 2972 main.exe cmd.exe PID 2972 wrote to memory of 4728 2972 main.exe cmd.exe PID 2972 wrote to memory of 4728 2972 main.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\main.exe"C:\Users\Admin\AppData\Local\Temp\main.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1532 -
C:\Users\Admin\AppData\Local\Temp\main.exe"C:\Users\Admin\AppData\Local\Temp\main.exe"2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2972 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c title Discord Cloner - Developed by Timq#44443⤵PID:1708
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"3⤵PID:2656
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls3⤵PID:4728
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
553KB
MD56da7f4530edb350cf9d967d969ccecf8
SHA13e2681ea91f60a7a9ef2407399d13c1ca6aa71e9
SHA2569fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da
SHA5121f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab
-
Filesize
94KB
MD5a87575e7cf8967e481241f13940ee4f7
SHA1879098b8a353a39e16c79e6479195d43ce98629e
SHA256ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e
SHA512e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0
-
Filesize
36KB
MD537c372da4b1adb96dc995ecb7e68e465
SHA16c1b6cb92ff76c40c77f86ea9a917a5f854397e2
SHA2561554b5802968fdb2705a67cbb61585e9560b9e429d043a5aa742ef3c9bbfb6bf
SHA512926f081b1678c15dc649d7e53bfbe98e4983c9ad6ccdf11c9383ca1d85f2a7353d5c52bebf867d6e155ff897f4702fc4da36a8f4cf76b00cb842152935e319a6
-
Filesize
59KB
MD5483bfc095eb82f33f46aefbb21d97012
SHA1def348a201c9d1434514ca9f5fc7385ca0bd2184
SHA2565e25e2823ed0571cfdbae0b1d1347ae035293f2b0ac454fb8b0388f3600fd4b6
SHA512fe38b3585fbfaf7465b31fbc124420cfbd1b719ea72a9ae9f24103d056c8fa9ae21c2a7dd3073810222405457beff89bbb688daeced3219351a30992a6721705
-
Filesize
861KB
MD56d44fd95c62c6415999ebc01af40574b
SHA1a5aee5e107d883d1490257c9702913c12b49b22a
SHA25658bacb135729a70102356c2d110651f1735bf40a602858941e13bdeabfacab4a
SHA51259b6c07079f979ad4a27ec394eab3fdd2d2d15d106544246fe38f4eb1c9e12672f11d4a8efb5a2a508690ce2677edfac85eb793e2f6a5f8781b258c421119ff3
-
Filesize
77KB
MD5a1fbcfbd82de566a6c99d1a7ab2d8a69
SHA13e8ba4c925c07f17c7dffab8fbb7b8b8863cad76
SHA2560897e209676f5835f62e5985d7793c884fd91b0cfdfaff893fc05176f2f82095
SHA51255679427c041b2311cff4e97672102962f9d831e84f06f05600ecdc3826f6be5046aa541955f57f06e82ee72a4ee36f086da1f664f493fbe4cc0806e925afa04
-
Filesize
179KB
MD5282b92ef9ed04c419564fbaee2c5cdbe
SHA1e19b54d6ab67050c80b36a016b539cbe935568d5
SHA2565763c1d29903567cde4d46355d3a7380d10143543986ca4eebfca4d22d991e3e
SHA5123ddebdc28d0add9063ee6d41f14331898f92452a13762b6c4c9aa5a83dde89510176425c11a48591fa05c949cb35218bf421f1974e33eb8133a1b95ea74e4941
-
Filesize
116KB
MD592276f41ff9c856f4dbfa6508614e96c
SHA15bc8c3555e3407a3c78385ff2657de3dec55988e
SHA2569ab1f8cbb50db3d9a00f74447a2275a89ec52d1139fc0a93010e59c412c2c850
SHA5129df63ef04ea890dd0d38a26ac64a92392cf0a8d0ad77929727238e9e456450518404c1b6bb40844522fca27761c4e864550aacb96e825c4e4b367a59892a09e7
-
Filesize
59KB
MD5ad6e31dba413be7e082fab3dbafb3ecc
SHA1f26886c841d1c61fb0da14e20e57e7202eefbacc
SHA2562e30544d07f1c55d741b03992ea57d1aa519edaaa121e889f301a5b8b6557fe4
SHA5126401664e5c942d98c6fa955cc2424dfa0c973bd0ac1e515f7640c975bba366af1b3e403ea50e753f837dcd82a04af2ce043e22b15fa9976af7cbb30b3ac80452
-
Filesize
150KB
MD5a6bee109071bbcf24e4d82498d376f82
SHA11babacdfaa60e39e21602908047219d111ed8657
SHA256ce72d59a0e96077c9ea3f1fd7b011287248dc8d80fd3c16916a1d9040a9a941f
SHA5128cb2dafd19f212e71fa32cb74dad303af68eaa77a63ccf6d3a6ae82e09ac988f71fe82f8f2858a9c616b06dc42023203fa9f7511fac32023be0bc8392272c336
-
Filesize
44KB
MD5bf3e86152b52d3f0e73d0767cde63f9f
SHA13863c480a2d9a24288d63f83fa2586664ec813a2
SHA25620c94846417ee3ca43daa5fae61595ad7e52645657fda5effe64800fe335ff0d
SHA5128643f94ece38246769ff9ba87a249b8afde137cf193ff4d452937197ce576816c1ce044c4ad2951bc5535cc3acf1b27e9f2be043b8175c5a2ca2190b05dc0235
-
Filesize
73KB
MD5c5378bac8c03d7ef46305ee8394560f5
SHA12aa7bc90c0ec4d21113b8aa6709569d59fadd329
SHA256130de3506471878031aecc4c9d38355a4719edd3786f27262a724efc287a47b9
SHA5121ecb88c62a9daad93ec85f137440e782dcc40d7f1598b5809ab41bf86a5c97224e2361c0e738c1387c6376f2f24d284583fd001c4e1324d72d6989d0b84bf856
-
Filesize
152KB
MD59d810454bc451ff440ec95de36088909
SHA18c890b934a2d84c548a09461ca1e783810f075be
SHA2565a4c78adedf0bcb5fc422faac619b4c7b57e3d7ba4f2d47a98c1fb81a503b6b7
SHA5120800666f848faec976366dbfd2c65e7b7e1d8375d5d9e7d019bf364a1f480216c271c3bcf994dbab19290d336cf691cd8235e636f3dbc4d2a77f4760871c19ed
-
Filesize
20KB
MD56cfc03bc247a7b8c3c38f1841319f348
SHA1c28cf20c3e1839cff5dce35a9ffd20aa4ac2a2cf
SHA256b7fd172339478adaa5f4060eb760f905a2af55ce7e017b57de61ee09dcb09750
SHA512bd123566a104568e2ec407b35446cb07c660035a77a1e11a8d8d90518c1a83b6815bf694676fa003b074126dcd0594457195f835df7bc828df1195db6584d23b
-
Filesize
812KB
MD573d81c2115e53003f3dad7fd0a109c70
SHA113261a53023854ad0ca8a4c0e66f9003da541525
SHA256fd113fa1f7379ac2193bac8475121b53edf35d2aea559fb5ee514e46622ea5a7
SHA5120d9b47cbb3c6b638c9f58e86f1c4243647f129425b36818e2f39d7cd88ef4e5720535cb6034829822b96a126a2ed40a4ea116ce748ae77c8527a6ead15476a0b
-
Filesize
3.3MB
MD5ab01c808bed8164133e5279595437d3d
SHA10f512756a8db22576ec2e20cf0cafec7786fb12b
SHA2569c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55
SHA5124043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2
-
Filesize
32KB
MD5eef7981412be8ea459064d3090f4b3aa
SHA1c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016
-
Filesize
682KB
MD5de72697933d7673279fb85fd48d1a4dd
SHA1085fd4c6fb6d89ffcc9b2741947b74f0766fc383
SHA256ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f
SHA5120fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c
-
Filesize
45KB
MD51b59c87f0871fed4ff2be93c5d9234ab
SHA17e5c8827a5b2dec5417800ab0a2001af46ab8924
SHA256b7151a6ffa3dc7436d09b1e35343801e11f423c6b391f1177254236ec47a3ad7
SHA5126092628a4c73ca2d29b6f6a0d1ed34627795363c89b2a45bfc75951f8148a288707231575183ef73d4fb24c022883ab3ab30da61c92664295fffd8a36e9200df
-
Filesize
340KB
MD59d1b8bad0e17e63b9d8e441cdc15baee
SHA10c5a62135b072d1951a9d6806b9eff7aa9c897a3
SHA256d733c23c6a4b21625a4ff07f6562ba882bcbdb0f50826269419d8de0574f88cd
SHA51249e7f6ab825d5047421641ed4618ff6cb2a8d22a8a4ae1bd8f2deefe7987d80c8e0acc72b950d02214f7b41dc4a42df73a7f5742ebc96670d1c5a28c47b97355
-
Filesize
67KB
MD56e04a1d41b0897878583702d398bdc88
SHA133f396728c57505b0b897b547c692a9cf8959a36
SHA256be9701a1c3e48599d8c22c2c371d5493e9a97fa5063022c110842ecb886214e3
SHA512f9fc5d2c480fb7edcad9490925b75007523adecdd0400adaaab888d12f1e67abfd614a142e38a93ba3b42de2e466f1aa0f48625e76bbe3868b9c308b0bdf4d66
-
Filesize
60KB
MD50812ee5d8abc0072957e9415ba6e62f2
SHA1ea05c427e46c5d9470ba81d6b7cbca6838ee0dd5
SHA25684a29c369560c5175d22ee764fe8ada882ab6b37b6b10c005404153518a344ec
SHA51218ca5631f2ae957b9ec8eaa7aa87094d3a296548790ced970752625a0f271511e0ce0042a0ea5469a9c362a0d811c530ef6fe41b84c61b25c838466acc37f22b
-
Filesize
4.2MB
MD5a1185bef38fdba5e3fe6a71f93a9d142
SHA1e2b40f5e518ad000002b239a84c153fdc35df4eb
SHA2568d0bec69554317ccf1796c505d749d5c9f3be74ccbfce1d9e4d5fe64a536ae9e
SHA512cb9baea9b483b9153efe2f453d6ac0f0846b140e465d07244f651c946900bfcd768a6b4c0c335ecebb45810bf08b7324501ea22b40cc7061b2f2bb98ed7897f4
-
Filesize
25KB
MD563ede3c60ee921074647ec0278e6aa45
SHA1a02c42d3849ad8c03ce60f2fd1797b1901441f26
SHA256cb643556c2dcdb957137b25c8a33855067e0d07547e547587c9886238253bfe5
SHA512d0babc48b0e470abdafad6205cc0824eec66dbb5bff771cee6d99a0577373a2de2ffab93e86c42c7642e49999a03546f94e7630d3c58db2cff8f26debc67fcad
-
Filesize
1.1MB
MD5d67ac58da9e60e5b7ef3745fdda74f7d
SHA1092faa0a13f99fd05c63395ee8ee9aa2bb1ca478
SHA25609e1d1e9190160959696aeddb0324667fef39f338edc28f49b5f518b92f27f5f
SHA5129d510135e4106fef0640565e73d438b4398f7aa65a36e3ea21d8241f07fec7a23e721e8696b3605147e5ce5365684e84e8145001201a19d7537e8f61b20cf32c
-
Filesize
78KB
MD57e620bd4ba53daae5df632f2774b9788
SHA128ec3b998f376b59483ad4391a0c2df2c634f308
SHA25684c696ed1b5ba6a3819d73b6f27aee93bca72286b32307fe259e23dfc1cfacec
SHA512e2d012dd9a7959c0e06340de3728d6e800b56cc0bc8d525c38dd49d9874095d2edc3ae06862d1a21e873c0da0678e8ab3bc95a57777d746f0d6d8b0c6c08c202