Analysis

  • max time kernel
    1485s
  • max time network
    1503s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240611-en
  • resource tags

    arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18-06-2024 21:29

General

  • Target

    Discord Tools beta/Discord Tools/Tools/Discord Spam/spammers/__pycache__/__init__.cpython-310.pyc

  • Size

    337B

  • MD5

    ca8b328277eb9b27f70ff2d12fdf098f

  • SHA1

    3a6f12f952cd1f260d3392252b282f2a59012f2b

  • SHA256

    ce864e92e73188274b7f5dfe82029aed87e5563c8a6fad2c1c3345ef940bde00

  • SHA512

    90adf7b210b997f3090adcaca42e830e4f7f97ba21ae8f2d50c7b6b267485a1e7c6ffdc69839db7e91cadaf9a81c2f500e55cc6dc251f1eb4511715296b69ff7

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Discord Tools beta\Discord Tools\Tools\Discord Spam\spammers\__pycache__\__init__.cpython-310.pyc"
    1⤵
    • Modifies registry class
    PID:3320
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads