cdaa30be778a5f7b035cc6e3ca2d7bc41116e9c66db35ed0b730f8c9e7c49e12

Resubmissions

15/10/2024, 14:25

241015-rrl4vaygrg 10

15/10/2024, 14:22

241015-rpyd4atbmr 4

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15/10/2024, 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

discord-image-logger-main/main.py
Size

12KB
MD5

aaf65d7e0a2033b7b2e339d864c344a6
SHA1

aecd4b56560a61d22716128fcb3e3f0fbd018872
SHA256

ec4d36e40dc6806bdc7440f8656913e76833443599f58b7927088e06a1014180
SHA512

386db15b398556353a731c44a7ea25b60a1c898ac47e4ce352e0b0a2b9764a6673eba55e0dc2a87ff93f044205658d190fd2d0dc9234439d4e300bb7c578ee6f
SSDEEP

192:5xK3Qv4DPHlZ/amBgXSIOT4fN3e4vLnlTRsc4/cnlbCmQrHO+iNKDfqy0zwBQ6Qt:5x54THvSmBgvbIdAvNKlBk

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133734757867239970"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe
1212	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe
Token: SeShutdownPrivilege	3772	chrome.exe
Token: SeCreatePagefilePrivilege	3772	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3632	7zG.exe
3772	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
220	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3772 wrote to memory of 2932	3772	chrome.exe	99
PID 3772 wrote to memory of 2932	3772	chrome.exe	99
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 4280	3772	chrome.exe	100
PID 3772 wrote to memory of 1588	3772	chrome.exe	101
PID 3772 wrote to memory of 1588	3772	chrome.exe	101
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102
PID 3772 wrote to memory of 2636	3772	chrome.exe	102

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\discord-image-logger-main\main.py
1⤵
- Modifies registry class
PID:3336

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb5f17cc40,0x7ffb5f17cc4c,0x7ffb5f17cc58
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1860,i,1703563340036822213,14357823411450986416,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,1703563340036822213,14357823411450986416,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,1703563340036822213,14357823411450986416,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2460 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,1703563340036822213,14357823411450986416,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,1703563340036822213,14357823411450986416,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4560,i,1703563340036822213,14357823411450986416,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4696,i,1703563340036822213,14357823411450986416,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4660,i,1703563340036822213,14357823411450986416,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4944,i,1703563340036822213,14357823411450986416,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5012,i,1703563340036822213,14357823411450986416,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:220
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff7e1684698,0x7ff7e16846a4,0x7ff7e16846b0
    3⤵
    - Drops file in Program Files directory
    PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4860,i,1703563340036822213,14357823411450986416,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3288,i,1703563340036822213,14357823411450986416,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3420,i,1703563340036822213,14357823411450986416,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3860 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5140,i,1703563340036822213,14357823411450986416,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1212

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1980

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2268

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4364

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Discord-RAT-2.0-2.0.zip\" -spe -an -ai#7zMap10991:122:7zEvent17670
1⤵
- Suspicious use of FindShellTrayWindow
PID:3632

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Discord-RAT-2.0-2.0\" -spe -an -ai#7zMap28686:100:7zEvent11802
1⤵
PID:5080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9c2551dc141f935beefa4ee8f0c25eb6

SHA1
c3d48df46005618d5e670273a23fb2a6c88bfd85

SHA256
7dfb1ee17b58f7477d1167474ae1507f8233a973e1badb2d7d4baa57f81ba8cd

SHA512
8796969a14e029e02da5df6490ff5902ad9a6d5778548e778689ca0c62f534cb3af537cfa54b88133f293d6798072bed093d87758bad03b0514cd9736de958fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
12.1MB

MD5
c783c73fd3b91ea1bc82d0505252baea

SHA1
bc18d717daa70f480ae1a18b3995adfc63800898

SHA256
66620a1b56658de7c44954cee362da73aad69a223cb65f5225e60bd4b2e11b51

SHA512
502210fd47bde3bf5a6c1e322b17f877c9e36076d0a36d6f732b54714541f66f8aec08f9f610f1ad6626ed3611fb11c2dc29637e62eb0d5dcc836778c2d28692

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ef3ad4b79ef1369acad2dcd5370e9a8c

SHA1
2114f40e1131317d1e2c5de39fe1b9d6a7c117da

SHA256
44dfa033cd4b4a3127506e80e49878eb073747709e29e2df095a07c7714ee686

SHA512
ba64bd9e90de975262dfbb4873102498bdc2b7695b1cc121b21946a77b69bf6fd2e111cc7bc4d0241d5495df2a64de9cdff52728f49cbcf557a1705495c5821c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
774811e1a65f25ce2a6a51915a1046c4

SHA1
e0dc0abd8138392cdd8cf5c93107da538b4a08bf

SHA256
25775cc0fa46bf9f395bdb313c2b044e6e23c2eb13bc5553f96f6dc2e43b9658

SHA512
859fe3813db886f65774e0245f9b68aa2af0ed3b9f1c0a94779adf350cef5054171aaab177eb71df907504dcf261dfd3459d2c9e67d53e7c54ddf0ba1f9c6f76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
162b82e95e898788b207b8b5435c3334

SHA1
0ccd823855f3d062cc571b67aba65ae889acf1e0

SHA256
eedbe3a37cab998f637a36641555ea867bd74d7d33e1fd7a6a575c0a1cd5b5d8

SHA512
d4fc63d4d4722477828b2bae9fd4d54ff8e6f6e18757b4711886f65100da1857cd5b961d86df1cc56aa26a77db589c72b8929c32cff67a66fc5c8e2785a442a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
eceb7c29b88778a5824410430548a164

SHA1
8d159ceba738e91baf4cb1d8bbb7e5eaada861ab

SHA256
ae7b97801333551dc7d060ce681ea147054df509510d72246c68a81ee3322580

SHA512
af15213f8997f045bc85d949d3068bd54a236a049ba2431ecfa765ced374c4234b4ed9b5d41ab0ec248c2b2a90f7825d86c81dfc792e0afafba5f45329c501e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c62d114911b5125eb791d273e257e679

SHA1
883e7d04a255d19224344e0748a95289d3e6f475

SHA256
cb2bda5783da22128e90a45a05163ec0b845cec05eddc316c465f659689f34e0

SHA512
54a96e6ee47d3626bc662d2232369bd545dad18035aa2395e8533d08e038d00e57727e4d0c1e70622db36131d07ae8cb2d95f798e0ed69a78510752a76d15a5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
040edcab3da220f88555c7a933316ec9

SHA1
e067308d79b97253b5d33814b11226907a8a2241

SHA256
0a94477c07afb0d324bcaf26d7b5d21b0b95f05d8b22026c61acdee4d91a0eb0

SHA512
e86b24edfa37a858b5c70f46d335e81b7193ebd737fe699c1a84c9347f956641f439fc43493111bf685e1adf7a9715c64a5a48677a0cf488705d8d51932892d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
f4fb15ae1eaef07097442daf12edb420

SHA1
0d3816bbff8770e59306b9236baa22499fff69ff

SHA256
38a907a034a48f378ad3832d3355f7c52c9f736efc0dcb1b5c04abbb8e1c226e

SHA512
74157bdbe11792f554203512fb8c800c6bd37d7d571c970da9f498f3a7793e6257c7d3893c8197ef325a706649ed183363d6c5e5ba5f2435c53297f9e3493971

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1a5cba031899c5ebec0fd5be3ce365d5

SHA1
a90b966cd127eb8cb317d63c3fb37852897bd42f

SHA256
039a9be8f9cd714a018bac26f291cffcea4aff4a42353e7eff755b2bd7b1cb20

SHA512
29da9e4da77dc8a20c8806281ff9d5be0cbb8727e81f180f33d4dd46fc696c2b1172f6a20a99e7fd85de6a23ae7943bab6493e3fdcf9ed5843695d34f2880998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
63e8df48967cecdbfd1617aa1c4fcecd

SHA1
cccfb5b3c68cf33d895c83473f7e46eebf87f187

SHA256
4aaef18a585581ce4031777efd6c92f3c78f46f1c947eb0696ab00878d023408

SHA512
175d1ba7126d77b28101de7ef49daf09c47a33a589a499efde09a5c54579a3bd0c5f74b7269d2b098d889011d04e8aa7a5d15eb1dac889596593a7cb8ea29f3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
37a90fbc33704d3de07684febf39f72d

SHA1
a277f01340c8327c59ef153afe327a0ff559dcef

SHA256
126fe297ec5a5dd9a7b1f570da9cea9410e0d6a184a162ba93307b27fdf9f1ad

SHA512
bb7863545344219d863cd4a9ba364d0670c2d5662127ebe9e8f66c5a4f2de6b203876c4fae1c3ff29bc1797154c14f4d529c0d0ff5575bd25028a4e9e7eb467f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5d642830e88e92061aa8258738128275

SHA1
21677236e84ffc8f3d49b5b03844a2430dda309c

SHA256
676d7f457d1299fa73947a12eed1e4c42daef1d2ded51ccea3799d9bd949a100

SHA512
bb1492b049328eca1b1833802040dd2df596eec8de6aebdd8a24ea27700174534d5b2738a8289c42f4a39b44fffaf32cc6c58ecb1ff3e36b3728f98f8b7d43c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
29c7def2317432ee2fbecf1fcad0adf3

SHA1
d24428db8d6d13aa527e258abaebd4cbbb4fc187

SHA256
d5ce89beda6ca37b0d64af8654f28eae1959d238bb24514709e8dc934f7260f3

SHA512
d0ee94a9e9163fa51cdf9240fdb59ab3c6f6cd454a7123b0dc86d241f4c7100ea25ad5d4d7591b0cfb7d0bd47d5140f425ef56b0d9bcf4ca57f716a9f7e8bcac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
feaa3decf216dda2c61ea2ed6815b3b9

SHA1
4cf1f85c332fde7b34c0d7790b792ba528a58541

SHA256
c17818325e66558a7ede492fe3532f4df5e61c98502e4393bdd525b34d1458c5

SHA512
2c9ac0d8b3d3a03136f104e89f20e0ce88fd85701ccdb70047f037c501b109bd2f72bf9e453b657a78ad60ae928d1aa8f5c3eb0a725a95d6844368bdc9e65e8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1acda1799d2b4bdf1d82a75154c753a5

SHA1
bbfcf0fbb3f5e8ced14cf8d312777f08089516bc

SHA256
ffd9cecdc0898884fdb1d373e2b5dcfc0e2c3c7982a51263ed3ded784d8abf87

SHA512
24f33ab472bf5efc2da13c344fbbed269ec3b33f1b62914ba0413467179ee97ece5b7b071b8e9c0e4bada943c69cbcd0d8e4c93ab1e05c2a508d7921ec04de15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ddda85349457eccfa0f602e782d9ac4e

SHA1
933cce148649c65c1f1ef60623be1d2d0bba8083

SHA256
5718a4a1886e2fa69db583a158ad3434adabdf83fa68c1a4f2597488958ccf55

SHA512
0ca1fb758a21e4af70c9a9697b09f9d358da182e51a30ecb3e73db6fa8b2687c0eb3cf028ee3d22043ddf16dd2a27c2aacc854a444a0f808775e1c2b486958c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b78d3963acccbd04173f91c3bc7e8ea5

SHA1
892cbcd5e113ce16331a54f8dd6edc88ef338438

SHA256
2ecb9269a7c33a1c08044b56c4e5222eca6fc830054e39dba8ad3fd4202f01c8

SHA512
d6190117a83ed7b5ad610611e21a9b6cf37e6ca8b50e2980dfb51c2d63afb830f707ecfac1413cf59aa04b021bc880e84c9f1747bceaaa458522951149c48ab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
794f15505258e2beb8e6d57fee513507

SHA1
157cac958ea4606af367734752a87cf62e5857eb

SHA256
676db41f06ed4caf9e5c2904c4c63480478f3415af9fc7f28dc307fa828da1b5

SHA512
35d58a087ba79ff04e38a2d5b9a6a7c52e73c94394c388d8434346e28eb6b75452fc7887f317b1a1cc0c499daa29b2daccb0811a54f2e9c44b0cd34aa9d2d9b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8b22e19a07c8c4f9d2d60d20e51bd72d

SHA1
de31242eb1cee654c580da4cb974a0507016c074

SHA256
e46819102dc60de3da9b6a1a1ee6faa80e1a5ef0a9064b8d9cba22800416eef0

SHA512
823b5e3037d635351d9e22ba6e9b7d0df611ad118174085648b783ea43d66b851aad734b0d30b08266e1d901ba41641c48dece26d3b229cfd00157274e9c37c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d2c04d55ca85fb40cc2e2637ca72ff34

SHA1
9ebb12c66e85a77fd265edad709ecc3ec279d834

SHA256
66265bcb2dbe705eb601d2a9ac78a5af6c15bd5d964df9c9eca7e72531bfeb0b

SHA512
2d2e6f3c695db297cea4eb94022cb6a43f347fefc0137b940d4ef62592c69be8f2cbf7b3fa894cc674560938dd4b820f33db49e268878463fd05a149b51d90c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
227KB

MD5
af413bce9bc260ba082f0f3cfc961bc2

SHA1
76123d2e9343d02993240e3eedf3fd3715d716e3

SHA256
59648dd1c8a764d8b0d50491145986aaefb6834bb89e6b3430585d6efbf51a1a

SHA512
5fc7e5a91453cabca8589d7d23ec280fb253a9aff938fd1ff83164ac5027a22755f3260a392c2bbdcab14dd9c4714a1be15afb372a581e61d83a74a84fedc8e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
227KB

MD5
a44b56c13289d4a9e336eb1400a5a341

SHA1
b6c2ca6bfdbf65e05f372804442c5ce48805f85c

SHA256
aa5c66de84b6fb9875618a1aa5cc5af6340e1a6e29da9d00e7ed379c2f6e5f49

SHA512
2fe9e0b19fa8b1e03285f3e30d7beb09f5b243129c54f56310bae98bc7e08f0bdd9ef16b990a90b2409959b2697c1b86b02447f29bab7a523b452726d18e1547

Download Submit
C:\Users\Admin\Downloads\Discord-RAT-2.0-2.0\Discord rat\packages\dnlib.3.5.0\lib\netstandard2.0\dnlib.xml

Filesize
1.7MB

MD5
9d0b1cea0c8169eb095bf92d5fe3b59b

SHA1
74f750c40daf92acb0f0b9fb37a0738c0a4638aa

SHA256
af8888709b2dc6ac003f235ed12c2a776a8a01666b4e6b44e1f9cb931ce3a5e9

SHA512
3c859d50887318d4c2a755dcecd349cde633dd7a320c059eda67e97957f216073db9a9e4cb6d7ff7785ba30509472dc0ff09f8349ed609efaf15571910448b9a

Download Submit