Analysis

  • max time kernel
    133s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-07-2024 20:26

General

  • Target

    discord_token_grabber.pyc

  • Size

    17KB

  • MD5

    e523026b612006e580e96bd9e2a8882c

  • SHA1

    03b9938701f7eff11a0c3632ed805e8188598c88

  • SHA256

    8ae6baddc552f9a47c488760a3d3b04f217f7c999dbffc1a548bb09532e6bf77

  • SHA512

    a0f15f5edecbab4894aa3b85092fc2bde34b76f6048b198ce387d59a56d6c74969201cc43d19cd27a9ff0a6ab72268884a90ef206f0be34a5707a7f6ea24a853

  • SSDEEP

    384:cGllyAavwS9F0RW807PPQviowoYbCj+Mo8WWIc02a8:cIlytvX9iRW8inQ6owoYOyM0d2a8

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 1 IoCs
  • Modifies registry class 2 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 48 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 19 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\discord_token_grabber.pyc
    1⤵
    • Modifies registry class
    PID:4396
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4644
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\discord_token_grabber.pyc
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:1044
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1216
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa0e63cc40,0x7ffa0e63cc4c,0x7ffa0e63cc58
      2⤵
        PID:3984
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1996,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1988 /prefetch:2
        2⤵
          PID:1380
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2108,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2168 /prefetch:3
          2⤵
            PID:4984
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2332,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2292 /prefetch:8
            2⤵
              PID:1852
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3200 /prefetch:1
              2⤵
                PID:3016
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3456 /prefetch:1
                2⤵
                  PID:1632
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4584,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4596 /prefetch:1
                  2⤵
                    PID:4028
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4804 /prefetch:8
                    2⤵
                      PID:4772
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5032,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5036 /prefetch:8
                      2⤵
                        PID:5036
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5160,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3752 /prefetch:1
                        2⤵
                          PID:3452
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4572,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3568 /prefetch:1
                          2⤵
                            PID:1556
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3352,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3444 /prefetch:1
                            2⤵
                              PID:4764
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4468,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3192 /prefetch:1
                              2⤵
                                PID:1092
                            • C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
                              1⤵
                                PID:4596
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                1⤵
                                  PID:2068

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\35e9cd4b-7335-45e2-bc56-4932c8e47c0d.tmp

                                  Filesize

                                  197KB

                                  MD5

                                  08c0955b5239e8c7d860e356c6f1e302

                                  SHA1

                                  b2a01ac7b3a71dda12af7aa049ea0e29056f2217

                                  SHA256

                                  9794ee5260cb148b5b3edde63164f26a8461d1e598bde2320b17df9819335d24

                                  SHA512

                                  93f0840b5becd953edec7d22d449186a4e87695280fb86aa877c7bf55913234c8b071396b5033f7956488cb380fd4220b8c1a5bb8000ee2b1f5943e9fef9ee1c

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

                                  Filesize

                                  210KB

                                  MD5

                                  5ac828ee8e3812a5b225161caf6c61da

                                  SHA1

                                  86e65f22356c55c21147ce97903f5dbdf363649f

                                  SHA256

                                  b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

                                  SHA512

                                  87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  192B

                                  MD5

                                  319088f8fede97329e4f771315124306

                                  SHA1

                                  a60390b4eed539e5ebaf4a54b90301ebd24704ef

                                  SHA256

                                  528702eaed6883c8e60ecd9716d74dd0a638786c9d5a14968a13feb156f1b126

                                  SHA512

                                  24132e1fec4e6dd56508a40c0f4001f5e2e3de9298b6a43b1ba777f8684059dc54e45e4655c9d839ab4539c30d347d9e203b088d9aa1f39b1b20d943da6bbfc1

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  2KB

                                  MD5

                                  53eae2697007d5a766695df7a4c0bda3

                                  SHA1

                                  d5ee73948df0a879acd48468c7eb15fd8ef6a85d

                                  SHA256

                                  c389078a7e88e006b79e6c4d93067d0f4293b6123d2146a61a3329f6260e5905

                                  SHA512

                                  7070b054cfd57f3096b01281aeb1f9814030ff192e6bb65cdea7715860f5a66de7e78615fc20d7f4f97da044d60b138be8364d2a1a1a1c7805d478c30dd46daa

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                  Filesize

                                  2B

                                  MD5

                                  d751713988987e9331980363e24189ce

                                  SHA1

                                  97d170e1550eee4afc0af065b78cda302a97674c

                                  SHA256

                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                  SHA512

                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  356B

                                  MD5

                                  ed9d3fd259d570482c7a932955bcbde7

                                  SHA1

                                  9c1c2cad748dc967fbd0f62be76db08c56e41fef

                                  SHA256

                                  b36841f34b13f05d02e7567548bc51f04f40f5162812eb0f3171f6a577f91add

                                  SHA512

                                  5ca0b329f70a3f58fa075eb6251fc5a73a05b3cb85058897e8ea669e3343108c86623b5ae51663a5338c72fbe4fd42bbc76ef6101e01b554599667fca8385361

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  356B

                                  MD5

                                  d829b09be357dd323adcb4325f9a315d

                                  SHA1

                                  fa16c7067db47b9e895ccce42d3578f986e9d741

                                  SHA256

                                  e7fa240f3bfe058bc947ba1add8a30ca99f3c5afdcdf39b4812d3b44b4d04b10

                                  SHA512

                                  d4478a65cd1a023b654a892359c53cd3f8660b5116843601e5b1765098d8d68102e8f8660591525990078ad13cf68ae24905a500503a5376bb808a6a58b80d8c

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  8KB

                                  MD5

                                  e11e978c5320e287c85ebd1e96ff1a5e

                                  SHA1

                                  4f362a5fe9b9fa20c72d8bb263e4a32c472a4f13

                                  SHA256

                                  73af68b2866b412dd928a709c0234b3efdb02aaa565637174e1e2f9c887ea2ea

                                  SHA512

                                  3230aa984c92654bf297eabba65438535560edc2c79ca3a0b8f0efc54725fad0baf38a741d6b0236478e035b390298d19e76561dff74add627ab969ca65a69b1

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  8KB

                                  MD5

                                  ced0952759e0f59a97de5943b7f0e436

                                  SHA1

                                  1f83c937738ed020e9c4d2da797929934fdc8465

                                  SHA256

                                  7212d0be185a73a61258c19408f5f4a3e9a6e7c62e66cbb6a5090eb9642360e0

                                  SHA512

                                  84b20c8b8bdc6e0f9ff19fa242c72afd55c1650f23e3a95fb6c7aa3b44d5741df2a6aeaf732fcdb8fff786979b8b4e2a1585f2369190cd490693f05c0bfc7a0a

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  197KB

                                  MD5

                                  62569361bf322cc449ee96709b74eb53

                                  SHA1

                                  ce366dab742441c57bcadf20d6ef1b12217e7c39

                                  SHA256

                                  c8f7258b3aa6f43c022120778f5a4147918271b2b45e120d215c9018629256cb

                                  SHA512

                                  fb339d3b76988b6af0e053c7d9e62cbb3c854433ec95fa4083a9e581ca19ee964284b371c5c2a2d2348523802ade83867c505ec664d87f2733b1c1d2ad68d6e4

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  197KB

                                  MD5

                                  1cac5259f97900f62ff829cc2972fce3

                                  SHA1

                                  6035f7470eddad87318afea11fe5dde7b65964aa

                                  SHA256

                                  3506fab3889fe3f2c214dca5c33413afad4658ed5afefae7a6d585698bb5cc6a

                                  SHA512

                                  616663363b6358c8312fd3c2d00c0f8a85f6bb9d60e608a2b6f35f7d9def738cf2751ec77aefba8d9c54216bc48618110500c4846a8c6e0bbd75793c97aa64c3

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                  Filesize

                                  264KB

                                  MD5

                                  f50f89a0a91564d0b8a211f8921aa7de

                                  SHA1

                                  112403a17dd69d5b9018b8cede023cb3b54eab7d

                                  SHA256

                                  b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                  SHA512

                                  bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                • \??\pipe\crashpad_1216_NVSUHNGXOXGUBHTA

                                  MD5

                                  d41d8cd98f00b204e9800998ecf8427e

                                  SHA1

                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                  SHA256

                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                  SHA512

                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e