Overview

overview

8

Static

static

5

zapret-dis...rt.dll

windows7-x64

1

zapret-dis...rt.dll

windows10-2004-x64

1

zapret-dis...64.sys

windows10-2004-x64

1

zapret-dis...n1.dll

windows7-x64

5

zapret-dis...n1.dll

windows10-2004-x64

5

zapret-dis...rd.bat

windows7-x64

5

zapret-dis...rd.bat

windows10-2004-x64

5

zapret-dis...be.bat

windows7-x64

5

zapret-dis...be.bat

windows10-2004-x64

5

zapret-dis...rd.bat

windows7-x64

8

zapret-dis...rd.bat

windows10-2004-x64

8

zapret-dis...be.bat

windows7-x64

8

zapret-dis...be.bat

windows10-2004-x64

8

zapret-dis...ve.bat

windows7-x64

8

zapret-dis...ve.bat

windows10-2004-x64

8

zapret-dis...ws.exe

windows7-x64

5

zapret-dis...ws.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09-10-2024 15:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zapret-discord-youtube-main/discord.bat

  • Size

    664B

  • MD5

    92bd2198b52fa1f69424fb254ef69e2a

  • SHA1

    36c3337c3b37f464f1fe2a9e75bc8788451cc334

  • SHA256

    16fc3b522c9b55c53097a58dda7757343838e2a75c351039986e9886c34eebbc

  • SHA512

    54ca7572dd67c92550176537cb5ad3fbd8ec9eed2f2b3a71015412a7f817f2f36ecb091efd65bd7e6e734a7b7f7d6997b6282282b82de2fd6e435b6567e2a440

Score
5/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\zapret-discord-youtube-main\discord.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2868
    • C:\Users\Admin\AppData\Local\Temp\zapret-discord-youtube-main\winws.exe
      "C:\Users\Admin\AppData\Local\Temp\zapret-discord-youtube-main\winws.exe" --wf-tcp=443 --wf-udp=443,50000-65535 --filter-udp=443 --hostlist="C:\Users\Admin\AppData\Local\Temp\zapret-discord-youtube-main\list-discord.txt" --dpi-desync=fake --dpi-desync-udplen-increment=10 --dpi-desync-repeats=6 --dpi-desync-udplen-pattern=0xDEADBEEF --dpi-desync-fake-quic="C:\Users\Admin\AppData\Local\Temp\zapret-discord-youtube-main\quic_initial_www_google_com.bin" --new --filter-udp=50000-65535 --dpi-desync=fake,tamper --dpi-desync-any-protocol --dpi-desync-fake-quic="C:\Users\Admin\AppData\Local\Temp\zapret-discord-youtube-main\quic_initial_www_google_com.bin" --new --filter-tcp=443 --hostlist="C:\Users\Admin\AppData\Local\Temp\zapret-discord-youtube-main\list-discord.txt" --dpi-desync=fake,split2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --dpi-desync-fake-tls="C:\Users\Admin\AppData\Local\Temp\zapret-discord-youtube-main\tls_clienthello_www_google_com.bin"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/492-0-0x0000000100400000-0x0000000100446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/492-1-0x000007FEF5DA0000-0x000007FEF60B2000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/492-4-0x0000000062800000-0x0000000062813000-memory.dmp

    Filesize

    76KB

    Download

  • memory/492-2-0x0000000100400000-0x0000000100446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/492-5-0x000007FEF5DA0000-0x000007FEF60B2000-memory.dmp

    Filesize

    3.1MB

    Download