Analysis
-
max time kernel
31s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
09-07-2024 01:56
General
-
Target
ab4714df1877b59e511db33d45e27748.exe
-
Size
78KB
-
MD5
ab4714df1877b59e511db33d45e27748
-
SHA1
9361f003225e8d9e6318d21a0ea4c3e8abd28098
-
SHA256
c294635103f902bcc9efe1b4ae4ef86b226a657b627fca38e0db840f882dd0a5
-
SHA512
ed18a6e4fa0d430068c7010f82cd315db61a59a1124b73485d605a7ba06a28272a9e75c00455cddfa134fe0877fd913bf708e58514ca96be92235cb8bad8ea04
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+9PIC:5Zv5PDwbjNrmAE+tIC
Score
10/10
Malware Config
Extracted
Family
discordrat
Attributes
-
discord_token
MTI1NzYzNjQ1NDI5MzcwNDcwNA.GriHoe.5AoWc0NGUyx_i3CgIfNmTychDUDT5RP-vDj-7Q
-
server_id
1214291005298315345
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ab4714df1877b59e511db33d45e27748.exe"C:\Users\Admin\AppData\Local\Temp\ab4714df1877b59e511db33d45e27748.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1420 -s 6002⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1420-0-0x000007FEF6003000-0x000007FEF6004000-memory.dmpFilesize
4KB
-
memory/1420-1-0x000000013F980000-0x000000013F998000-memory.dmpFilesize
96KB
-
memory/1420-2-0x000007FEF6000000-0x000007FEF69EC000-memory.dmpFilesize
9.9MB
-
memory/1420-3-0x000007FEF6003000-0x000007FEF6004000-memory.dmpFilesize
4KB
-
memory/1420-4-0x000007FEF6000000-0x000007FEF69EC000-memory.dmpFilesize
9.9MB