Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
29/09/2024, 11:25
General
-
Target
discord-multitool-main/func/accountNuke.py
-
Size
5KB
-
MD5
1ed93905223fafc688062d65810c2ccb
-
SHA1
7bc161b22cac4924def61f9e57f73fc9e221bb63
-
SHA256
a788b6549472bcc202c1477045fbef32830370a35c5c0e93469e45ecec6dcd78
-
SHA512
cd4615a1470f0fbfd36a5354466e87cc83cfbba01d6135240def896626a62a9e373bd4f96799411e9a9616f1d7906923d6595a80e635f31a2943cccedcdb2f42
-
SSDEEP
96:jklzY7os1a9FKJbX0CAtsmX0NgCgXTh+RhNbG9TbUywhp+L+mPg:YNYUs12MFkCAOSU3S9Tcv8Y
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\discord-multitool-main\func\accountNuke.py1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\discord-multitool-main\func\accountNuke.py2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\discord-multitool-main\func\accountNuke.py"3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD574c7b6682f03c064ab927fac9811ed37
SHA19ec41c1d4dc0f49c4492c4dd2d65d3f6242f7ae3
SHA2566ad587a16713ce17cbf33606dedd5c4447f81ced0d8be129e871c0f970e35bf2
SHA51224556a9769224cb535fa9c4d8dbe57b33b56d8340a98e606a3bb87163c92db1d29fef20fce940b0bab47c761178a49c70acbc5ddac5f8304e2373e3ea7e5bc6a