b36214dc2f88734f64053a587d5e958cb4465025ec152a31311b2bf437f08735

Resubmissions

28-10-2024 21:12

241028-z2l6laxepg 10

28-10-2024 21:05

241028-zxj6faxekb 10

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
28-10-2024 21:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DiscordNitroGenbyCybo.exe
Size

12.7MB
MD5

0c42c2031a47e510c4bb51a194f07d7d
SHA1

ec8f62c943996c7d6b46447093810a1594d69df9
SHA256

b36214dc2f88734f64053a587d5e958cb4465025ec152a31311b2bf437f08735
SHA512

dae80d0d4145bc641052352877dd03c605b218d3918bb01540f6201beadd19d07576c64f374fa54aa2184a6b5b9b92805046aa082d8e6bfc114fa7143423e87f
SSDEEP

196608:rEdpbKrulBKd2G1cMczyYUNYPyzcFgXft7Q/6odBFFC6j8dkkSmKyXNdaFjsTPIk:QpOruRG6lUNU76t0/TBFj8+tmPPaqk

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 9 IoCs

Processes:

DiscordNitroGenbyCybo.exe

pid	process
1380	DiscordNitroGenbyCybo.exe
1380	DiscordNitroGenbyCybo.exe
1380	DiscordNitroGenbyCybo.exe
1380	DiscordNitroGenbyCybo.exe
1380	DiscordNitroGenbyCybo.exe
1380	DiscordNitroGenbyCybo.exe
1380	DiscordNitroGenbyCybo.exe
1380	DiscordNitroGenbyCybo.exe
1380	DiscordNitroGenbyCybo.exe

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI35122\python39.dll	upx
behavioral2/memory/1380-82-0x00007FFCC05D0000-0x00007FFCC0A51000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI35122\_ctypes.pyd	upx
behavioral2/memory/1380-87-0x00007FFCD3790000-0x00007FFCD37B4000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI35122\libffi-7.dll	upx
behavioral2/memory/1380-89-0x00007FFCD9240000-0x00007FFCD924F000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI35122\_socket.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI35122\select.pyd	upx
behavioral2/memory/1380-93-0x00007FFCD51A0000-0x00007FFCD51B9000-memory.dmp	upx
behavioral2/memory/1380-95-0x00007FFCD50D0000-0x00007FFCD50DD000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI35122\_bz2.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI35122\_lzma.pyd	upx
behavioral2/memory/1380-99-0x00007FFCCF870000-0x00007FFCCF88B000-memory.dmp	upx
behavioral2/memory/1380-101-0x00007FFCCF840000-0x00007FFCCF86E000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI35122\pyexpat.pyd	upx
behavioral2/memory/1380-104-0x00007FFCCF020000-0x00007FFCCF055000-memory.dmp	upx
behavioral2/memory/1380-105-0x00007FFCC05D0000-0x00007FFCC0A51000-memory.dmp	upx
behavioral2/memory/1380-106-0x00007FFCD3790000-0x00007FFCD37B4000-memory.dmp	upx
behavioral2/memory/1380-113-0x00007FFCCF840000-0x00007FFCCF86E000-memory.dmp	upx
behavioral2/memory/1380-114-0x00007FFCCF020000-0x00007FFCCF055000-memory.dmp	upx
behavioral2/memory/1380-115-0x00007FFCC05D0000-0x00007FFCC0A51000-memory.dmp	upx
behavioral2/memory/1380-112-0x00007FFCCF870000-0x00007FFCCF88B000-memory.dmp	upx
behavioral2/memory/1380-111-0x00007FFCD50D0000-0x00007FFCD50DD000-memory.dmp	upx
behavioral2/memory/1380-110-0x00007FFCD51A0000-0x00007FFCD51B9000-memory.dmp	upx
behavioral2/memory/1380-109-0x00007FFCD9240000-0x00007FFCD924F000-memory.dmp	upx
behavioral2/memory/1380-108-0x00007FFCD3790000-0x00007FFCD37B4000-memory.dmp	upx

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

DiscordNitroGenbyCybo.exe

description	pid	process	target process
PID 3512 wrote to memory of 1380	3512	DiscordNitroGenbyCybo.exe	DiscordNitroGenbyCybo.exe
PID 3512 wrote to memory of 1380	3512	DiscordNitroGenbyCybo.exe	DiscordNitroGenbyCybo.exe

C:\Users\Admin\AppData\Local\Temp\DiscordNitroGenbyCybo.exe
"C:\Users\Admin\AppData\Local\Temp\DiscordNitroGenbyCybo.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3512
- C:\Users\Admin\AppData\Local\Temp\DiscordNitroGenbyCybo.exe
  "C:\Users\Admin\AppData\Local\Temp\DiscordNitroGenbyCybo.exe"
  2⤵
  - Loads dropped DLL
  PID:1380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI35122\VCRUNTIME140.dll

Filesize
99KB

MD5
8697c106593e93c11adc34faa483c4a0

SHA1
cd080c51a97aa288ce6394d6c029c06ccb783790

SHA256
ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833

SHA512
724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35122\_bz2.pyd

Filesize
45KB

MD5
98ab44b9d334a5aef1ed37ef2e7095df

SHA1
8d06943b4dca7db205382bdd1753d5568e9adb4a

SHA256
67d4d727f9dcf7cb2038039c5d1283f6a4e2671176a8733eee75ad95d0ddee95

SHA512
98c5962b708467e3d0280300b1aa3ef8dd6854d3e82f63b7345bc359af09aa08370f4e61972319a7785209ee8e2dffe39b79424be4697a9b1f7288ebebe8a68b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35122\_ctypes.pyd

Filesize
55KB

MD5
f916698444085f53b8c86f4fdceaa7a2

SHA1
c2fe9ce13a986ef459becbd8e25f5085ec8129bc

SHA256
90bf140f894d2216383224d669ccb1bdfbae4d6a1df668fca7b185d7cd211e47

SHA512
713f3b805041c3b7829e13ff4fde40444d32d6bc29e5bf02a6180994e30183e5404c10310dd73cba6b0905f4d148f3d2de4d51eb6ba09160f883438fb02fe201

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35122\_lzma.pyd

Filesize
84KB

MD5
f0a7b9abdbaff6a7c969d120e5428751

SHA1
7dec4314354cf32b43905b8db1d26def37424fb7

SHA256
7e633f46ab6d48328b9e08c34f90753c6d31e74a5c65c1090345287dec510d9e

SHA512
1b0abc9a93664bd1a42a349e0f18e21983bbd62fca8bbbdbab339145a32901ebbfa26d2572f021a0912bd60c7c4d39c96b62fa0679499b56cfd77da040e7799f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35122\_socket.pyd

Filesize
39KB

MD5
9d0af24815ad7f41076f8c5dfd623293

SHA1
6a90ab14e8c90bfac25853da4f0ea573263e9755

SHA256
650880d06d8ad59418af6be481689ad0a7bbc7faa52c59c030d6a8cbd8b06208

SHA512
a7cb36e29aa39193be87637cf7aaee0f903a189c8d278f227ba7e7f491ac6c4a6477eb63b7e1b7fab4cc2c51b6f34049d56a22f8e63326210a95a0cf5a5d7660

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35122\base_library.zip

Filesize
775KB

MD5
85f0158a10f39950f28a3b300636eb84

SHA1
b5e84222b83c27ac20f73c51579c773cc9c651ae

SHA256
a2b04a65c98256a381ac85b1d84c6bbd1ccaab9225f364c73c3a1ce817e99b12

SHA512
451818c709ed511bba02a687ad1847bb49dbe3917e649b29ad87c8afdb3f8f6127917ec4c4d80f83e07693d4477c101cee301d33c4dceb30fa2102d858d92fab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35122\libffi-7.dll

Filesize
23KB

MD5
b5150b41ca910f212a1dd236832eb472

SHA1
a17809732c562524b185953ffe60dfa91ba3ce7d

SHA256
1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a

SHA512
9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35122\pyexpat.pyd

Filesize
80KB

MD5
64b09541a4ede823053a1706d3449baf

SHA1
cff52bf69246a8b213fa5a99df459d401a3b0539

SHA256
975702e35f334197b944de1091f27d1662a655df7db5e0e85f1b20e1e1ac609c

SHA512
a95a2f7e62fe3893493a2eccb9748b2c6c0f1b36774b58fcdd153add61667b16a5ac617766eac22b30303c30a497d51cc0f6fcdf71d4df7924a79d76deb69557

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35122\python39.dll

Filesize
1.4MB

MD5
4347cdf525c811976988f15323967e7b

SHA1
3cb22b3fb1fbba89393a7d0dfeb781e480641cad

SHA256
5a46ac07f776f7f7224af22426af3955f23fc2136246a67418f6e2f33672d74f

SHA512
09f499315d2b918ece9bcf07887bd158011a3c4e5adea769f986cb8f981ef25a6af82ffb1b59c2f3db329401144585c469db81906b86072c69ffb7fb2b7909ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35122\select.pyd

Filesize
21KB

MD5
529ad67e07160d56f39da31394d11889

SHA1
e71ad58b7fc0d6c2ce23e3f36391d2045dc2cceb

SHA256
c6fbc763fa02177d159824b72dec8e3466fefe57a151cd3732b5d53e38150b06

SHA512
9001dac5a7c81baa29ae441836fab8c744f753a59f42acf534e92f414f7053de5a805cadbbd0dcac765f51cd2a2280c99ce798aac3fdc86bb54040074e64b02c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35122\setuptools-49.2.1.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
memory/1380-89-0x00007FFCD9240000-0x00007FFCD924F000-memory.dmp

Filesize
60KB

Download
memory/1380-106-0x00007FFCD3790000-0x00007FFCD37B4000-memory.dmp

Filesize
144KB

Download
memory/1380-93-0x00007FFCD51A0000-0x00007FFCD51B9000-memory.dmp

Filesize
100KB

Download
memory/1380-87-0x00007FFCD3790000-0x00007FFCD37B4000-memory.dmp

Filesize
144KB

Download
memory/1380-99-0x00007FFCCF870000-0x00007FFCCF88B000-memory.dmp

Filesize
108KB

Download
memory/1380-101-0x00007FFCCF840000-0x00007FFCCF86E000-memory.dmp

Filesize
184KB

Download
memory/1380-82-0x00007FFCC05D0000-0x00007FFCC0A51000-memory.dmp

Filesize
4.5MB

Download
memory/1380-104-0x00007FFCCF020000-0x00007FFCCF055000-memory.dmp

Filesize
212KB

Download
memory/1380-105-0x00007FFCC05D0000-0x00007FFCC0A51000-memory.dmp

Filesize
4.5MB

Download
memory/1380-95-0x00007FFCD50D0000-0x00007FFCD50DD000-memory.dmp

Filesize
52KB

Download
memory/1380-113-0x00007FFCCF840000-0x00007FFCCF86E000-memory.dmp

Filesize
184KB

Download
memory/1380-114-0x00007FFCCF020000-0x00007FFCCF055000-memory.dmp

Filesize
212KB

Download
memory/1380-115-0x00007FFCC05D0000-0x00007FFCC0A51000-memory.dmp

Filesize
4.5MB

Download
memory/1380-112-0x00007FFCCF870000-0x00007FFCCF88B000-memory.dmp

Filesize
108KB

Download
memory/1380-111-0x00007FFCD50D0000-0x00007FFCD50DD000-memory.dmp

Filesize
52KB

Download
memory/1380-110-0x00007FFCD51A0000-0x00007FFCD51B9000-memory.dmp

Filesize
100KB

Download
memory/1380-109-0x00007FFCD9240000-0x00007FFCD924F000-memory.dmp

Filesize
60KB

Download
memory/1380-108-0x00007FFCD3790000-0x00007FFCD37B4000-memory.dmp

Filesize
144KB

Download