Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
22-08-2024 08:54
Behavioral task
behavioral1
Sample
RegService.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
RegService.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
discord_token_grabber.pyc
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
discord_token_grabber.pyc
Resource
win10v2004-20240802-en
General
-
Target
RegService.exe
-
Size
77.8MB
-
MD5
f116e4d2492183d0d8347fb5c91288d2
-
SHA1
141517ab31889e4707c627672aac072858b6d8a8
-
SHA256
c9216da9eaf8c561d6002f9de38cf1a261c84896f2091ae19c3a4209d7c3956e
-
SHA512
97d537e301fe8883232e074a8b0bb727bfab8e8bd728b77107bf23592513de37c0b4f41895238736b93f353ff7b1024f1988f6ac33976b5dc44fa08a86fe0b2c
-
SSDEEP
1572864:fvHcRlKWZh7vXSk8IpG7V+VPhqYdfME7tlHegiYweyJulZUdghhxr7qEjV37U:fvHcRYGhTSkB05awcfLdMpuFhxrGQo
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
Processes:
RegService.exepid Process 2400 RegService.exe 2400 RegService.exe 2400 RegService.exe 2400 RegService.exe 2400 RegService.exe 2400 RegService.exe 2400 RegService.exe -
Processes:
resource yara_rule behavioral1/files/0x0003000000020b62-1411.dat upx behavioral1/memory/2400-1413-0x000007FEF6380000-0x000007FEF6A45000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
RegService.exedescription pid Process procid_target PID 2124 wrote to memory of 2400 2124 RegService.exe 30 PID 2124 wrote to memory of 2400 2124 RegService.exe 30 PID 2124 wrote to memory of 2400 2124 RegService.exe 30
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD5ac28edb5ad8eaa70ecbc64baf3e70bd4
SHA11a594e6cdc25a6e6be7904093f47f582e9c1fe4d
SHA256fbd5e958f6efb4d78fd61ee9ee4b4d1b6f43c1210301668f654a880c65a1be86
SHA512a25b812b9fa965af5f7de5552e2c2f4788a076af003ac0d94c3b2bc42dd9ab7e69af2438ce349b46a3387bf2bfcf27cec270d90ca6a44c9690861331c9e431e1
-
Filesize
19KB
MD5b5832f1e3a18d94cd855c3d8c632b30d
SHA16315b40487078bbafb478786c42c3946647e8ef3
SHA2569f096475d4ba1533f564dd4a1db5dfeb620248fe14518042094b922539dc13e3
SHA512f3016ded97591e25a6d4c70d89251a331402455ab589604e55c486fec37ee8e96bd1be2d4e4e59ba102dad696b3e1f754b699f9ebe8ae462e8b958ed2d431a5b
-
Filesize
19KB
MD5fd59ee6be2136782225dcd86f8177239
SHA1494d20e04f69676c150944e24e4fa714a3f781ca
SHA2561fd044fdbc424779b01b79d477ee79dfbb508a04e86c62e1c8fc4f6d22f6a16a
SHA5122250d54c3b9e6aeb2f5406e1428536564357a48ceab51596b33ff0843086fb420ad886af61725b25a58e2f50a4c17ddee10696d6041db9b60891eff8e495775c
-
Filesize
19KB
MD58ff0692d32f2fcb0b417220b98f30364
SHA15eeb1d781d44e4885284c8b535f051efca64aef8
SHA25653cea73c248a49389bc2da01acac1d8e8022a7e034bcd522306e43a937200897
SHA512f73249f70953c537da02b890308cb18a9c6676401975bf13aeb61b1db9dfa042e908c52ee266b404948a568b23b0cfb37ecd4b80379c398c15f56ce7a82cf7a5
-
Filesize
19KB
MD5863ed806b4f16be984b4f1e279a1f99b
SHA1b9a919216ef90064ac66b12ccde6b3bf1f334ee8
SHA256171ca9df2b9ecfa545748af724c1c56ab396b299503a14c4da2197b0e5a44401
SHA512fb8f195d9a1885c16aa2cc6eff38e627ea127b18978016d6046dc0120a19ab40cc4fe4b799c06f133b02f7cd6a634ae1665f05f9be5fcae609229dfaae0ce478
-
Filesize
1.7MB
MD536e9be7e881d1dc29295bf7599490241
SHA15b6746aedac80f0e6f16fc88136bcdcbd64b3c65
SHA256ebef43e92267a17f44876c702c914aafa46b997b63223ff46b12149fd2a2616e
SHA512090d4e9092b7fe00180164b6f84b4bd1d1a1e12dc8fea042eaa0e75cc08bb9994c91c3853bedec390208db4ef2e3447cd9be20d7dc20c14e6deb52a141d554cf
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER
Filesize4B
MD5365c9bfeb7d89244f2ce01c1de44cb85
SHA1d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1
-
Filesize
1023B
MD5141643e11c48898150daa83802dbc65f
SHA10445ed0f69910eeaee036f09a39a13c6e1f37e12
SHA25686da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741
SHA512ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f
-
Filesize
92B
MD543136dde7dd276932f6197bb6d676ef4
SHA16b13c105452c519ea0b65ac1a975bd5e19c50122
SHA256189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714
SHA512e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1
-
Filesize
1.1MB
MD5988755316d0f77fc510923c2f7cd6917
SHA1ccd23c30c38062c87bf730ab6933f928ee981419
SHA2561854cd0f850da28835416e3b69ed6dae465df95f8d84e77adbbc001f6dbd9d78
SHA5128c52210a919d9f2856f38bd6a59bbc039506650a7e30f5d100a5aa5008641707122ff79f6f88c268c9abc9f02ba2792eed6aad6a5c65891a9ce7d6d5f12c3b0a