Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
30-06-2024 16:02
Behavioral task
behavioral1
Sample
Easy Installer.exe
Resource
win7-20240508-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
Easy Installer.exe
Resource
win10v2004-20240611-en
6 signatures
150 seconds
General
-
Target
Easy Installer.exe
-
Size
78KB
-
MD5
47eea4e5c2e7a5c324bdbe8dbd92f767
-
SHA1
0ef6fc9907bfde40c891ac4fb2b6edb7a1309666
-
SHA256
57eed574304d4cfbcc88500b5182c4860d41d304981fb4998ed86d07988a2ca0
-
SHA512
28b656ca6eb05da8485851812ab9e4ccc88f2fca2c7824584ffcee3387cc521fc5bf41251c76db45a9a2228ec0d63da9d194bd7af515610d0df54e28c77128df
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+SLPIC:5Zv5PDwbjNrmAE+CIC
Score
10/10
Malware Config
Extracted
Family
discordrat
Attributes
-
discord_token
MTI1Njg3NTU2Mjg4MzA4ODQ2NQ.Gfaomm.Q8t_H-8TPNfmYeYs7TNEUk7uofM9ZANkiepzfY
-
server_id
1256875331898577006
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Easy Installer.exedescription pid process target process PID 2068 wrote to memory of 1656 2068 Easy Installer.exe WerFault.exe PID 2068 wrote to memory of 1656 2068 Easy Installer.exe WerFault.exe PID 2068 wrote to memory of 1656 2068 Easy Installer.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2068-0-0x000007FEF5703000-0x000007FEF5704000-memory.dmpFilesize
4KB
-
memory/2068-1-0x000000013F9B0000-0x000000013F9C8000-memory.dmpFilesize
96KB
-
memory/2068-2-0x000007FEF5700000-0x000007FEF60EC000-memory.dmpFilesize
9.9MB
-
memory/2068-3-0x000007FEF5700000-0x000007FEF60EC000-memory.dmpFilesize
9.9MB