Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
04-12-2024 07:46
Behavioral task
behavioral1
Sample
339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab.exe
Resource
win10v2004-20241007-en
General
-
Target
339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab.exe
-
Size
78KB
-
MD5
753e87f5c4964def0fda955a4c843788
-
SHA1
c73d5c34fbeeaf2cddfa13b303a823221c580062
-
SHA256
339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab
-
SHA512
fa6c7a4d01735c422bb5ee89ba955dde6dd3e290156ceea6b7f2abd786da1741947ec6b0b9d494ff516ced757ff0a23941552f9854312c216437b0bd3a5f5a84
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+YPICB:5Zv5PDwbjNrmAE+8ICB
Malware Config
Extracted
discordrat
-
discord_token
MTMxMjQ0NjE5OTc3MjYxNDY3Nw.GhABBF.61anJPM9L_52V7MlH_CpTqsEUtXmZZkrQXQgfw
-
server_id
1141450322020139008
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Discordrat family
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab.exedescription pid Process procid_target PID 2844 wrote to memory of 2756 2844 339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab.exe 30 PID 2844 wrote to memory of 2756 2844 339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab.exe 30 PID 2844 wrote to memory of 2756 2844 339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab.exe"C:\Users\Admin\AppData\Local\Temp\339567426457a7273c58adfa2f413d07909f25632e0950ce846503b51afe4cab.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2844 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2844 -s 6002⤵PID:2756
-