Overview
overview
10Static
static
3Discord Ni...or.exe
windows7-x64
Discord Ni...or.exe
windows10-2004-x64
10GFSDK_Shad...64.dll
windows7-x64
1GFSDK_Shad...64.dll
windows10-2004-x64
1Scrafy.dll
windows7-x64
1Scrafy.dll
windows10-2004-x64
1d3dcsx_46.dll
windows7-x64
1d3dcsx_46.dll
windows10-2004-x64
1keys.dll
windows7-x64
3keys.dll
windows10-2004-x64
3swds.dll
windows7-x64
3swds.dll
windows10-2004-x64
3Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
09/11/2024, 10:27
Static task
static1
Behavioral task
behavioral1
Sample
Discord Nitro Generator.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Discord Nitro Generator.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
GFSDK_ShadowLib.win64.dll
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
GFSDK_ShadowLib.win64.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Scrafy.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Scrafy.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
d3dcsx_46.dll
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
d3dcsx_46.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
keys.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
keys.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
swds.dll
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
swds.dll
Resource
win10v2004-20241007-en
General
-
Target
keys.dll
-
Size
166KB
-
MD5
2c72867294029653210306933c4f53a7
-
SHA1
b1f7f0a441b767072294cda20b9539fa7de41a87
-
SHA256
a70f215428fe8fd412ef0efb74c5ad8d9afbc26eba4e416f1f4b22949c6fec5b
-
SHA512
eadbf37e44e42b6329206929d7675ac08eac0efed2f271e459fea7a844b2ff31054d39ab82ee779a397ba5a1b2718a0e42528bc5e388541aa64a8511c7788cd4
-
SSDEEP
3072:UjcH7izJoHwD+cguq5x4oCk052vK9WFi/Dbt2/aWb8c583pV6z3Y:2ewNg35CZl52vK9uSIDTY
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2772 2900 WerFault.exe 30 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 2888 wrote to memory of 2900 2888 rundll32.exe 30 PID 2888 wrote to memory of 2900 2888 rundll32.exe 30 PID 2888 wrote to memory of 2900 2888 rundll32.exe 30 PID 2888 wrote to memory of 2900 2888 rundll32.exe 30 PID 2888 wrote to memory of 2900 2888 rundll32.exe 30 PID 2888 wrote to memory of 2900 2888 rundll32.exe 30 PID 2888 wrote to memory of 2900 2888 rundll32.exe 30 PID 2900 wrote to memory of 2772 2900 rundll32.exe 31 PID 2900 wrote to memory of 2772 2900 rundll32.exe 31 PID 2900 wrote to memory of 2772 2900 rundll32.exe 31 PID 2900 wrote to memory of 2772 2900 rundll32.exe 31
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\keys.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2888 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\keys.dll,#12⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2900 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 2203⤵
- Program crash
PID:2772
-
-