03fc0492dfe8ae3f9903c35cd6038a8e4511bddd9916b686934a3b73765ec071

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-09-2024 04:46

Target

DiscordSetup.exe
Size

75.5MB
MD5

d28f2f463d1f65d0ca154693e04085ee
SHA1

41e5e3d64f4fc0b405f383e82911b8e8b8215364
SHA256

03fc0492dfe8ae3f9903c35cd6038a8e4511bddd9916b686934a3b73765ec071
SHA512

f0e088d5224b0fe384612c9f2ae743c887e947878b587662ae71cfb54ec008f30e75fec1d0cdec2c718753a58a62c3e0c2fb1351c310e1da0b74a1663443faf9
SSDEEP

1572864:GvhQ6lUWCWSk8IpG7V+VPhqIUE7WTylPj4iY4MHHLeqPNLtDaN/AbZKzBX:Gvh1mTWSkB05awIATy5nMHVLteN4bmBX

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
1660	DiscordSetup.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020a0b-1261.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 1660	2872	DiscordSetup.exe	30
PID 2872 wrote to memory of 1660	2872	DiscordSetup.exe	30
PID 2872 wrote to memory of 1660	2872	DiscordSetup.exe	30

C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe
"C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe"
  2⤵
  - Loads dropped DLL
  PID:1660

C:\Users\Admin\AppData\Local\Temp\_MEI28722\python310.dll

Filesize
1.4MB

MD5
933b49da4d229294aad0c6a805ad2d71

SHA1
9828e3ce504151c2f933173ef810202d405510a4

SHA256
ab3e996db016ba87004a3c4227313a86919ff6195eb4b03ac1ce523f126f2206

SHA512
6023188f3b412dd12c2d4f3a8e279dcace945b6e24e1f6bbd4e49a5d2939528620ceb9a5f77b9a47d2d0454e472e2999240b81bed0239e7e400a4e25c96e1165

Download Submit
memory/1660-1263-0x000007FEF54E0000-0x000007FEF594E000-memory.dmp

Filesize
4.4MB

Download