Overview
overview
10Static
static
3Discord Ni...or.exe
windows7-x64
Discord Ni...or.exe
windows10-2004-x64
10GFSDK_Shad...64.dll
windows7-x64
1GFSDK_Shad...64.dll
windows10-2004-x64
1Scrafy.dll
windows7-x64
1Scrafy.dll
windows10-2004-x64
1d3dcsx_46.dll
windows7-x64
1d3dcsx_46.dll
windows10-2004-x64
1keys.dll
windows7-x64
3keys.dll
windows10-2004-x64
3swds.dll
windows7-x64
3swds.dll
windows10-2004-x64
3Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 10:27
Static task
static1
Behavioral task
behavioral1
Sample
Discord Nitro Generator.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Discord Nitro Generator.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
GFSDK_ShadowLib.win64.dll
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
GFSDK_ShadowLib.win64.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Scrafy.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Scrafy.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
d3dcsx_46.dll
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
d3dcsx_46.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
keys.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
keys.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
swds.dll
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
swds.dll
Resource
win10v2004-20241007-en
General
-
Target
swds.dll
-
Size
1.0MB
-
MD5
8c05b73c73273ecb9b5f69443e2641e2
-
SHA1
0770a02c6617f5223a08a27fc8d05ecedc947316
-
SHA256
f802c0a63c0e3e0336bfa35b34502a00e8ce06ad90d930273e81df5076846e16
-
SHA512
291f6e634afec9724e3a1e09b86d8c9b8f7a884669f96405b97ddcf6470139ee7e248ba663cd4aa97c541f83c48bd9ff98fd07ff71e6c0d9a375b3daab82a462
-
SSDEEP
24576:gfiy/IEaNYLIJG80ce+FAM6EEiO4uXk+IksxjTJqg6Wu:2/pjgGNce+FAG9O4uU+Iks1T7u
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4136 wrote to memory of 928 4136 rundll32.exe 84 PID 4136 wrote to memory of 928 4136 rundll32.exe 84 PID 4136 wrote to memory of 928 4136 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\swds.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4136 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\swds.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:928
-