Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
09-07-2024 08:46
Behavioral task
behavioral1
Sample
97c7ae8ac391e08c3444a4ae7dc0d6495108480b99abb7471de808b179f4af96.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
97c7ae8ac391e08c3444a4ae7dc0d6495108480b99abb7471de808b179f4af96.exe
Resource
win10v2004-20240704-en
General
-
Target
97c7ae8ac391e08c3444a4ae7dc0d6495108480b99abb7471de808b179f4af96.exe
-
Size
78KB
-
MD5
e73dde8cadfeacc37972c1b00c42eafc
-
SHA1
105622094f03b4872945dbca9b44b45a590e78d6
-
SHA256
97c7ae8ac391e08c3444a4ae7dc0d6495108480b99abb7471de808b179f4af96
-
SHA512
293921cea9c01cedb79d58475a38a3a071ef4695717ca5fc0cd32572be9fa9b79c37b8ba3e00a8c4066989e97bd588a633df563fb9909ac26097a0246e632299
-
SSDEEP
1536:52WjO8XeEXF95P7v88wbjNrfxCXhRoKV6+V+nkPIC:5ZT5PDwbjNrmAE+n4IC
Malware Config
Extracted
discordrat
-
discord_token
MTI0NzY5MDU1NzMxNzE4OTY4Mg.GyYj7a.-_zHa0DX8IUmeV5V7lgI2Zu9LJMJB_rP88vRLU
-
server_id
brk9yMXHktZqUD2AbKIm56v4q38xL6py
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
97c7ae8ac391e08c3444a4ae7dc0d6495108480b99abb7471de808b179f4af96.exedescription pid process target process PID 3064 wrote to memory of 2708 3064 97c7ae8ac391e08c3444a4ae7dc0d6495108480b99abb7471de808b179f4af96.exe WerFault.exe PID 3064 wrote to memory of 2708 3064 97c7ae8ac391e08c3444a4ae7dc0d6495108480b99abb7471de808b179f4af96.exe WerFault.exe PID 3064 wrote to memory of 2708 3064 97c7ae8ac391e08c3444a4ae7dc0d6495108480b99abb7471de808b179f4af96.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\97c7ae8ac391e08c3444a4ae7dc0d6495108480b99abb7471de808b179f4af96.exe"C:\Users\Admin\AppData\Local\Temp\97c7ae8ac391e08c3444a4ae7dc0d6495108480b99abb7471de808b179f4af96.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3064 -s 5962⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3064-0-0x000007FEF5123000-0x000007FEF5124000-memory.dmpFilesize
4KB
-
memory/3064-1-0x000000013FBC0000-0x000000013FBD8000-memory.dmpFilesize
96KB
-
memory/3064-2-0x000007FEF5120000-0x000007FEF5B0C000-memory.dmpFilesize
9.9MB
-
memory/3064-3-0x000007FEF5123000-0x000007FEF5124000-memory.dmpFilesize
4KB