Analysis
-
max time kernel
17s -
max time network
23s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
06-10-2024 13:04
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20240903-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
Client-built.exe
Resource
win10v2004-20240802-en
3 signatures
150 seconds
General
-
Target
Client-built.exe
-
Size
78KB
-
MD5
08a5f1b89e6944163b9ec83d08b55d7e
-
SHA1
1741611da7edf548b0b75714d43eb9d3548e14df
-
SHA256
9bc8769d0dd47237653ef3320afb136df186dc6c0782f86ab1c3d2af20b9202e
-
SHA512
b7b5beabc56bb674af46633125ea558c6f440cb94dc59ce440345193fa37076c26633996ceba9f7db0cf7a81f93928003934ea798338890570585dab088e4dc7
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+6PIC:5Zv5PDwbjNrmAE+mIC
Score
10/10
Malware Config
Extracted
Family
discordrat
Attributes
-
discord_token
MTI5MjQ3MDY0NTIyOTA5NzAwMA.GNERIx.GW0rdAd6D_xAs0J8UsqQVnTwz9YQuxERLzA87s
-
server_id
1292471074809839676
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 33 2900 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2900 AUDIODG.EXE Token: 33 2900 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2900 AUDIODG.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3060 wrote to memory of 1980 3060 Client-built.exe 29 PID 3060 wrote to memory of 1980 3060 Client-built.exe 29 PID 3060 wrote to memory of 1980 3060 Client-built.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\Client-built.exe"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3060 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3060 -s 6002⤵PID:1980
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2796
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5e01⤵
- Suspicious use of AdjustPrivilegeToken
PID:2900