a30d636180a4117dff04e748324214dbbfd852cf68238b6c991814d0ba875729 | Triage

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
24-08-2024 20:24

Sharing

Report Analysis Logs

General

Target

DiscordGrabberTools.exe
Size

17.4MB
MD5

7c0cda8d86f73c4be7a39f4fd6ad05d4
SHA1

158591044d3aaafca4fde959fef49a0b42076432
SHA256

a30d636180a4117dff04e748324214dbbfd852cf68238b6c991814d0ba875729
SHA512

57b02340e18c500c5b9b2839c007a0b19cf8cedcb308a73a88a7aeb4cf4208a661e7c6ab53582827c365d0360bab02d2ee346e35379d564f89ba9e9846bcc808
SSDEEP

393216:2EkZQtss271IW+eGQRj93iObIhRS/MLJrqr6oAd8XTn:2hQts7IW+e5RB9MhR9den/X

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2872	DiscordGrabberTools.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 2872	2692	DiscordGrabberTools.exe	30
PID 2692 wrote to memory of 2872	2692	DiscordGrabberTools.exe	30
PID 2692 wrote to memory of 2872	2692	DiscordGrabberTools.exe	30

C:\Users\Admin\AppData\Local\Temp\DiscordGrabberTools.exe
"C:\Users\Admin\AppData\Local\Temp\DiscordGrabberTools.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Users\Admin\AppData\Local\Temp\DiscordGrabberTools.exe
  "C:\Users\Admin\AppData\Local\Temp\DiscordGrabberTools.exe"
  2⤵
  - Loads dropped DLL
  PID:2872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI26922\python311.dll

Filesize
5.5MB

MD5
65e381a0b1bc05f71c139b0c7a5b8eb2

SHA1
7c4a3adf21ebcee5405288fc81fc4be75019d472

SHA256
53a969094231b9032abe4148939ce08a3a4e4b30b0459fc7d90c89f65e8dcd4a

SHA512
4db465ef927dfb019ab6faec3a3538b0c3a8693ea3c2148fd16163bf31c03c899dfdf350c31457edf64e671e3cc3e46851f32f0f84b267535bebc4768ef53d39

Download Submit