Analysis

  • max time kernel
    1409s
  • max time network
    1424s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240611-en
  • resource tags

    arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18-06-2024 21:29

General

  • Target

    Discord Tools beta/Discord Tools/Tools/Discord Spam/assets/userAgents.txt

  • Size

    107KB

  • MD5

    069fa2316025e6fa3c251beb7321d021

  • SHA1

    c6b46a3ae08b2f552a52d7fa37a9fe4d1e606bfd

  • SHA256

    153b8c1c0665f28ae0a5b2157da0c0ea485fc59b01ebd31b88a05a03ba84f59a

  • SHA512

    4f08aeac3f8e2d63f44cc0e9194049be1b02c91c2bd05f48c2241af9314d3286dac6d985e956878821f635a5b6356ed91cd41ff93c4a51c6edeffa919d5eda86

  • SSDEEP

    384:gVyfd3K85+0RGDv8Vw9NF2OJb8d+45kyypFsxKA5tapSfVr+iPLTfrlbFHDD:plQ0mw75gpFIjfr9FjD

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Discord Tools beta\Discord Tools\Tools\Discord Spam\assets\userAgents.txt"
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4472
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Discord Tools beta\Discord Tools\Tools\Discord Spam\assets\userAgents.txt
      2⤵
        PID:5048

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads