Analysis
-
max time kernel
16s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
04-12-2024 07:43
Behavioral task
behavioral1
Sample
339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab.exe
Resource
win10v2004-20241007-en
General
-
Target
339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab.exe
-
Size
78KB
-
MD5
753e87f5c4964def0fda955a4c843788
-
SHA1
c73d5c34fbeeaf2cddfa13b303a823221c580062
-
SHA256
339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab
-
SHA512
fa6c7a4d01735c422bb5ee89ba955dde6dd3e290156ceea6b7f2abd786da1741947ec6b0b9d494ff516ced757ff0a23941552f9854312c216437b0bd3a5f5a84
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+YPICB:5Zv5PDwbjNrmAE+8ICB
Malware Config
Extracted
discordrat
-
discord_token
MTMxMjQ0NjE5OTc3MjYxNDY3Nw.GhABBF.61anJPM9L_52V7MlH_CpTqsEUtXmZZkrQXQgfw
-
server_id
1141450322020139008
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Discordrat family
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab.exedescription pid Process procid_target PID 1820 wrote to memory of 2272 1820 339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab.exe 28 PID 1820 wrote to memory of 2272 1820 339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab.exe 28 PID 1820 wrote to memory of 2272 1820 339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab.exe"C:\Users\Admin\AppData\Local\Temp\339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1820 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1820 -s 5962⤵PID:2272
-