hxxps://discord[.]com/channels/1268305066964684881/1281923853366591529/1281991787363172448

Analysis

max time kernel
0s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-09-2024 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://discord.com/channels/1268305066964684881/1281923853366591529/1281991787363172448

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
4	discord.com
16	discord.com
17	discord.com
53	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 4464	2984	msedge.exe	84
PID 2984 wrote to memory of 4464	2984	msedge.exe	84
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 232	2984	msedge.exe	87
PID 2984 wrote to memory of 3592	2984	msedge.exe	88
PID 2984 wrote to memory of 3592	2984	msedge.exe	88
PID 2984 wrote to memory of 3528	2984	msedge.exe	89
PID 2984 wrote to memory of 3528	2984	msedge.exe	89
PID 2984 wrote to memory of 3528	2984	msedge.exe	89
PID 2984 wrote to memory of 3528	2984	msedge.exe	89
PID 2984 wrote to memory of 3528	2984	msedge.exe	89
PID 2984 wrote to memory of 3528	2984	msedge.exe	89
PID 2984 wrote to memory of 3528	2984	msedge.exe	89
PID 2984 wrote to memory of 3528	2984	msedge.exe	89
PID 2984 wrote to memory of 3528	2984	msedge.exe	89
PID 2984 wrote to memory of 3528	2984	msedge.exe	89
PID 2984 wrote to memory of 3528	2984	msedge.exe	89
PID 2984 wrote to memory of 3528	2984	msedge.exe	89
PID 2984 wrote to memory of 3528	2984	msedge.exe	89
PID 2984 wrote to memory of 3528	2984	msedge.exe	89
PID 2984 wrote to memory of 3528	2984	msedge.exe	89
PID 2984 wrote to memory of 3528	2984	msedge.exe	89
PID 2984 wrote to memory of 3528	2984	msedge.exe	89
PID 2984 wrote to memory of 3528	2984	msedge.exe	89
PID 2984 wrote to memory of 3528	2984	msedge.exe	89
PID 2984 wrote to memory of 3528	2984	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/channels/1268305066964684881/1281923853366591529/1281991787363172448
1⤵
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9835546f8,0x7ff983554708,0x7ff983554718
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,7704184902552553496,5390665065962834613,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,7704184902552553496,5390665065962834613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,7704184902552553496,5390665065962834613,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7704184902552553496,5390665065962834613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7704184902552553496,5390665065962834613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7704184902552553496,5390665065962834613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2036,7704184902552553496,5390665065962834613,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2036,7704184902552553496,5390665065962834613,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,7704184902552553496,5390665065962834613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,7704184902552553496,5390665065962834613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7704184902552553496,5390665065962834613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7704184902552553496,5390665065962834613,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7704184902552553496,5390665065962834613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,7704184902552553496,5390665065962834613,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,7704184902552553496,5390665065962834613,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4896 /prefetch:2
  2⤵
  PID:3588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
76ef4620ddb0b8bc810986d5b9e35870

SHA1
cd84881f300a4684f778b25debb5643e8d692110

SHA256
6bee6e6f7b17b3640c08c845f099a39efec968d9b57e18f87d6b44440ed67cf1

SHA512
f2268c3d2ccbfb1659dd6b9129c175f6ef3e47b0dc4c8f7c55f71d9f7bb98ba025c9bf4d7b79bb9fbe74a315ccc66ee3731f9808c1449a1e861a062dadf570c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
469B

MD5
072af76f66df756a27d70a80ec7132c9

SHA1
507f33d083a33a69733113669264ff4c4d8407d3

SHA256
cd4332a8651efe9695317bfb097852999168135189bcf621de42962507fda322

SHA512
91963f2cfc74f87274c7d692899a79ff15d1c1a1a0b3d7e63745c6f31d11065e49761bb78b4d5f49316a21642c12b6da3cca6ad0e573bb8c248e147bf03bbdf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
438B

MD5
1ea78cb73402c982eb69905a129a0afa

SHA1
99cf54e0a425b5567c0cd2f5f6602535c2c507a2

SHA256
e440eb0855f1077ad49b0060f91c86b02d43fa5ef962f8878e312c9c35fa30b6

SHA512
d02c9f10f3cea3da5ab2ff26d10f60371fbc9ee647f35ebeccd4ab2e7d1b315631f3343802516378331d42ea6ef09e331d1b9c37552d5d86915255031738e08c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fd6e6b208b4de14100e1a1717d72b378

SHA1
ddd1a6c2587e14a9c94a0886cd94c937ab099a73

SHA256
60ed019dadf534436e433a06ea5abd9bcb7a039bfa837f5fd622310fde57c0db

SHA512
ec412d3777eb9d7251d211c3e2df76a95a9218f248a5586cf1ad42b1ed121f754f0f9ed746659cc16e244fa09685d543be2e2d595ac1e26edc1630d50ea11da9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
88e04a328e4d44ef73a84c382322d0bf

SHA1
c092013a42ce3a38fed6095564b0d036b90088dd

SHA256
811ff969156eb0e7a359d9ccb64f3d9e13acfbbc78068319e96ac86e2baaf412

SHA512
11ac5a8cad6b65c28062790357b6d9bc853584bc2a7ab4f72ef00c672462ec8f0b268ef648f0750e0f17e0ef7de567047d4314f6ebb4e6fcd4bcf45c78f73e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ee5e66ebee8deaac116688809a013020

SHA1
f61f1b7786194597ebf9e74f751fe8a495d5d453

SHA256
e93896f415d31329284f0769eb55cb3698a38a166aedd3d4f2f03ca0608b699e

SHA512
cd852666e93b36a4c3134346b9123631eeba71cab7032074afbecffb7090a8fdef8b20e10a4d35f84824115e4157afa3cb3a916218f5dbda4ac455fe9d564716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5884db.TMP

Filesize
370B

MD5
cca5b86fc8c98e849a4c7728957e8cb1

SHA1
95c8042e36aed7e1f3d66c2295b2809346e3999b

SHA256
2d0f1770e44baee65f75169979419efb056f80c6b3930b5de707c982143b3650

SHA512
0bcaa6132fd0a07a132ac65f2017edcd304d6434942f6d37737e15a714870e584068abd095db816c4112c205adec921091f2b766e3ddbc4cf0af31c0132704f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cfdab45a-8834-49b7-a1ff-20eb4359af35.tmp

Filesize
370B

MD5
5d8be96507599e8a2cbc3fcd5bc90558

SHA1
db6a6da0ad099d81ece868ce81549d22ff6e9ea6

SHA256
e8ea749e7a7a36898e065323e6a8056a9d9515582dce660d3a3d4e3117e38f04

SHA512
1801f9270b5c428d43a457aeff37a0f041360409aac3e699f210c8e05b2d0c6edd266cc5678b08d09d8536e9b04030f84c66586d7d928dcfee6441a51a32f060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
43938f3a06d34e7cb0e21d58eb196c98

SHA1
b0cdfc71905b3a36d5c3693a0e7b49d8f3d11a8d

SHA256
aea709a921501b09e24da026aeef091eaed65a3e0b20f9a627876aef740045b5

SHA512
5f99ffd3e78182acc27e0e5fd8f91003a981756d610b6585ebaffbaefd7c8ef56b1f4f79d4be801bf02ef6cd0df47418eeb2dca588e3959226dba471d35c078e

Download Submit