5de180ff35a8a0835dc704f4b8551fb1bb196837358c2020f84849c4f517fad8

Analysis

max time kernel
113s
max time network
142s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
07-12-2024 22:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Discord Account Generator v2/RDXService/AlphaFS.exe
Size

13.2MB
MD5

3a49c6ce407d3b7757c99bd6d6af8724
SHA1

0793415a29df3b80ed1652b804c142fd07432e73
SHA256

9bcf497f05bd39935654dc7b92af299794a3f6fad83a37f2fbfc097b664645c5
SHA512

8efeb1a4d77527d234a6777c8324f19a61d3a0f012d1171620ef240f24c076a503a3dfcdd91b7239e69b8e5554bea330e663773d8a6e38d485e0bc2b8fb60747
SSDEEP

393216:IVm9jIg3Mf+WJno10MzU1oFw4EHykhp3kWGCjuq:IV2W++oiMzQn1hZKCjuq

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 20 IoCs

pid	Process
3812	AlphaFS.exe
3812	AlphaFS.exe
3812	AlphaFS.exe
3812	AlphaFS.exe
3812	AlphaFS.exe
3812	AlphaFS.exe
3812	AlphaFS.exe
3812	AlphaFS.exe
3812	AlphaFS.exe
3812	AlphaFS.exe
3812	AlphaFS.exe
3812	AlphaFS.exe
3812	AlphaFS.exe
3812	AlphaFS.exe
3812	AlphaFS.exe
3812	AlphaFS.exe
3812	AlphaFS.exe
3812	AlphaFS.exe
3812	AlphaFS.exe
3812	AlphaFS.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	3812	AlphaFS.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 3812	3032	AlphaFS.exe	82
PID 3032 wrote to memory of 3812	3032	AlphaFS.exe	82
PID 3812 wrote to memory of 1964	3812	AlphaFS.exe	83
PID 3812 wrote to memory of 1964	3812	AlphaFS.exe	83
PID 3812 wrote to memory of 1372	3812	AlphaFS.exe	84
PID 3812 wrote to memory of 1372	3812	AlphaFS.exe	84
PID 3812 wrote to memory of 2772	3812	AlphaFS.exe	90
PID 3812 wrote to memory of 2772	3812	AlphaFS.exe	90
PID 3812 wrote to memory of 2276	3812	AlphaFS.exe	91
PID 3812 wrote to memory of 2276	3812	AlphaFS.exe	91
PID 3812 wrote to memory of 2032	3812	AlphaFS.exe	92
PID 3812 wrote to memory of 2032	3812	AlphaFS.exe	92

C:\Users\Admin\AppData\Local\Temp\Discord Account Generator v2\RDXService\AlphaFS.exe
"C:\Users\Admin\AppData\Local\Temp\Discord Account Generator v2\RDXService\AlphaFS.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Users\Admin\AppData\Local\Temp\Discord Account Generator v2\RDXService\AlphaFS.exe
  "C:\Users\Admin\AppData\Local\Temp\Discord Account Generator v2\RDXService\AlphaFS.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3812
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1964
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c title Discord Generator ^| coded by Nightfall#2512
    3⤵
    PID:1372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2772
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2276
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c title Discord Generator ^| Proxy: False ^| Threading: False
    3⤵
    PID:2032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI30322\VCRUNTIME140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\_bz2.pyd

Filesize
87KB

MD5
8b40a68ae537c0aab25a8b30b10ab098

SHA1
1c8ac1f7f5c3697c457dd98f05296c2354ff7f55

SHA256
0b86ef4810d53e79f1d934b427fdbacf3792eebb37ed241bc89148238af763fa

SHA512
620ad61ff05c73adee4ac8f4b88a3880c11893eaac77ccca4e88edb29b492366a5bcf813d18628f005730f7e45ce373af9275776ea768b67b8d0e3bc62949229

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\_ctypes.pyd

Filesize
131KB

MD5
9a69561e94859bc3411c6499bc46c4bd

SHA1
3fa5bc2d4ffc23c4c383252c51098d6211949b99

SHA256
6bbde732c5bcb89455f43f370a444bb6bca321825de56f9a1f2e947b0a006f1c

SHA512
31d9e3844f1b8e72ec80acd1e224a94d11039c130e69c498a668e07e0d8bba8d1ed1ebe0b7a16376ca597d0e2b74a0d5e3bf53d1cbadf5bf099d3bf78db659a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\_elementtree.pyd

Filesize
203KB

MD5
80788d9c36aa4f950d1a71518abfa5fc

SHA1
3bcf2f8df698160d01c74f934ab4c06555ae1f8c

SHA256
75b93ebab7de27022d1d9f468c5051be5ac64b436b6a10928d75b3de19dbcb6b

SHA512
f26187e364c80c5ff423699fbcf62a8035969592a6da339c80fa862185f1f2e674c44325321c6643cb6cb7e2034623e04603a9491d1e8f06a4063efbf85ef48e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\_hashlib.pyd

Filesize
38KB

MD5
1f77f7a5f36c48e7c596e7031c80e4ff

SHA1
79f86e31203b60b3388047e39a2a26275da411f5

SHA256
30dfbd97883b1545513ca5bb857a9aad6e9bf4b8b4272569818346eaf25033f7

SHA512
b647e820ae4854921839a6cc92610fd63ef79623d442fd17503a39ca145dfd6cde3719c50473c0c74fe487f980b12e90bd3d3beb5729fa5498a357d44f81809c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\_lzma.pyd

Filesize
251KB

MD5
16fb5a2363ce8dd12a65a9823a517b59

SHA1
59979d9195259f48c678cdaa36b5efee13472ff5

SHA256
bb78ca0dd1478027e2e9f06f56fc7c3cc6f157b4151562d58a7f6646e463fcc2

SHA512
d9801cdd8cc9809781b79882a226ee7a56d93eac0181295c80cb1f088f0fbf46e3eb35c7d8ff208dbd5a3e93a190a04c48fd254c9971a3740b020547973683e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\_queue.pyd

Filesize
27KB

MD5
94b57996008875822a0b13fa089ae513

SHA1
340ab82c3653c7e664f28d2dffb6863f1df20709

SHA256
28136612834be0dd236f085f46c1d9b8a1830b9c073557464e22bc006d81e494

SHA512
aa9db065609dbae700a5c04266afa99ef838a9f5dc58acdca1c9b95c5d845195cfce895b81d718e761e69b5cfaeb71e9e8450fb76c590f991850e67f65b32abe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\_socket.pyd

Filesize
74KB

MD5
0ea1df6137ee3369546a806a175aecf4

SHA1
95fd1ad45892cb9e655bfa62ca1be80a0b9b2d43

SHA256
6fcc31573ae6b380db1d4e23731755465fd2cee0856e7a6c0e396759bcbf73b5

SHA512
6497fdb86ac69f6551a7794c090ca695bf22eb647b7a503fa23d7944ad375f061429f17e2ea043c809460e7cb9fc3df77c7bfe0b64f00ddd65de1aa744d3adcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\_ssl.pyd

Filesize
121KB

MD5
0e970f3353e65094165edcdfcaf1c299

SHA1
e86d2c4723ae09890f69ab1a6f4a1a935dc0a0e7

SHA256
4fed9f05da139d66e0582b47c20ee91c91be44d379c225f89b22462bedc989d3

SHA512
4621d1add268f9aadf0119055d6cce23739eec969ab031fc0a510c40cf4cce60230a89735fd85c38f28c22ed9dc829ff294ef48590fc56191464e1fec1fa4595

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\base_library.zip

Filesize
768KB

MD5
eb723b4c1b48d3e8969ff3f4d897b79e

SHA1
a03479e7a916d0ee5e3647322307aceb0b1c30b9

SHA256
ed6356556e3a86b92f9995bce5b1c3182d5df8976a2ca2e400ebf4eaed592ef5

SHA512
4c9902b5698e4e3d8837d594e337a6696ce03d9f6d0d3fc7f5f144c53c2fb7494ac10d303ea597c25c159076f74a7b7c59eb2d29db068878ab6f4bbb510fd13f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\certifi\cacert.pem

Filesize
257KB

MD5
1ba3b44f73a6b25711063ea5232f4883

SHA1
1b1a84804f896b7085924f8bf0431721f3b5bdbe

SHA256
bb77f13d3fbec9e98bbf28ac95046b44196c7d8f55ab7720061e99991a829197

SHA512
0dd2a14331308b1de757d56fab43678431e0ad6f5f5b12c32fa515d142bd955f8be690b724e07f41951dd03c9fee00e604f4e0b9309da3ea438c8e9b56ca581b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\libcrypto-1_1.dll

Filesize
3.2MB

MD5
bf83f8ad60cb9db462ce62c73208a30d

SHA1
f1bc7dbc1e5b00426a51878719196d78981674c4

SHA256
012866b68f458ec204b9bce067af8f4a488860774e7e17973c49e583b52b828d

SHA512
ae1bdda1c174ddf4205ab19a25737fe523dca6a9a339030cd8a95674c243d0011121067c007be56def4eaeffc40cbdadfdcbd1e61df3404d6a3921d196dcd81e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\libssl-1_1.dll

Filesize
670KB

MD5
fe1f3632af98e7b7a2799e3973ba03cf

SHA1
353c7382e2de3ccdd2a4911e9e158e7c78648496

SHA256
1ce7ba99e817c1c2d71bc88a1bdd6fcad82aa5c3e519b91ebd56c96f22e3543b

SHA512
a0123dfe324d3ebf68a44afafca7c6f33d918716f29b063c72c4a8bd2006b81faea6848f4f2423778d57296d7bf4f99a3638fc87b37520f0dcbeefa3a2343de0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\lxml\_elementpath.cp37-win_amd64.pyd

Filesize
141KB

MD5
3702f8ff3e1af9be72126683fca3a1ce

SHA1
82e6be08797fcd9558cb3e7759c0e3de2ffcea88

SHA256
28fd0337a5251d409d8d8d27383f682ba63b3d52bd0691a22a90b208e23b4f93

SHA512
d18ffd06d6580b52d07749bd6f2927bc1bc445c3a7c8267288b9e4f00de321ad897959519e1aed199e36ff7008be26cc7af486bab0b2c7433a9c72c349a24713

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\lxml\etree.cp37-win_amd64.pyd

Filesize
3.7MB

MD5
e685bf02d3b11fa4715a94107a7292be

SHA1
b5822fda8f6ae3b7c5117c524584a490c6e95c91

SHA256
04db5dfd6b41b3245b86d4f97e96664d0199ae2af755b71e011a4e0e92124633

SHA512
c6118cf72c6cadb68b33e37197ac64cf5151f3266e8059619e2a30fc7a12bc9176e2b2a2a8257a7b0a68c96665b566c606ab294e8798d578a62957fe34cf65f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\pyexpat.pyd

Filesize
194KB

MD5
ebf42794afd81d3a158f1d4eb4096483

SHA1
9c49d840a600d126b1d0b3a294218f82c2292c8d

SHA256
0cb9ae2dfd64c291de65aee89a524a0bbfe7755c34c8215e8b47a4f409ef3743

SHA512
28db296525d48e970c40bf267523dfdcd823fbd471e606b97cd61af373af9d42bb72765f846df4bf33457124fd1a039e7e06b5e6e863503a26a3efc9b15078f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\python37.dll

Filesize
3.6MB

MD5
86af9b888a72bdceb8fd8ed54975edd5

SHA1
c9d67c9243f818c0a8cc279267cca44d9995f0cf

SHA256
e11aa3893597d7c408349ebb11f47a24e388fd702c4d38b5d6f363f7ad6e8e5f

SHA512
5d8fd9040f466e23af7f17772e3769ad83c5f55f8c70dcc3cfb1f827e105f0f4e6133f0e183fabc67dd44799495c47f931bf92546342b30b9c4a5c2b4aeee7c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\pywintypes37.dll

Filesize
136KB

MD5
77b6875977e77c4619bbb471d5eaf790

SHA1
f08c3bc5e918c0a197fbfd1b15e7c0491bd5fade

SHA256
780a72ba3215ff413d5a9e98861d8bb87c15c43a75bb81dc985034ae7dcf5ef6

SHA512
783939fc97b2445dfe7e21eb6b71711aba6d85e275e489eddcc4f20c2ed018678d8d14c9e1856f66e3876f318312d69c22cee77f9105a72e56a1be4f3e8a7c2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\select.pyd

Filesize
26KB

MD5
e1d0d18a0dd8e82f9b677a86d32e3124

SHA1
96a00541d86d03529b55c1ac5ff1c6cfb5e91d1e

SHA256
4595675949851bd0ff65521e936647fcc5c8d2f32f0ac2641a262fb6323896dd

SHA512
38e3b6b23ebcbdc60eeeed0bf3dddc69004a1ccd4a2486f3a9f8c0d4624b690e2e5704e3fe05bf1bf2c900bf4f5bc9439f45f3c02fd4c67783056b3da15e0f56

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\selenium\webdriver\remote\getAttribute.js

Filesize
6KB

MD5
e6b3169414f3b9c47a9b826bb71a0337

SHA1
d22278a492d03863ce51569482dcfb30a0b006e9

SHA256
1198a9999dde24dd2da0d9877cc2e8f8dd70bfdaeee0b5012b24e5474b50e88c

SHA512
bf9e48caf03e19274b5020d5eae6a3d6d75b611676f307346cf28117da71410e6022a72da0f82a8f2c6ca06a2c503c8e6528c6a164c4fb488c5195d6aa3e3819

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\selenium\webdriver\remote\isDisplayed.js

Filesize
42KB

MD5
313589fe40cbb546415aec5377da0e7d

SHA1
bc2b6e547b1da94682e379af1ea11579e26de65b

SHA256
c1a04024e5414fca8c1deedb452be77a8b9d13bb3cf67ff4230d5983537a3096

SHA512
bbdfa98ecd07a27f20966b5eb0cdcc0fac6085bebd6868a061563d210262f61d630b823e6eabd3217175b7f01516cda9c162adbfe063130d6510e0a3f4be2f7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\ucrtbase.dll

Filesize
987KB

MD5
61eb0ad4c285b60732353a0cb5c9b2ab

SHA1
21a1bea01f6ca7e9828a522c696853706d0a457b

SHA256
10521fe73fe05f2ba95d40757d9f676f2091e2ed578da9d5cdef352f986f3bcd

SHA512
44cd871f48b5193abb3b9664dbea8cdad19e72c47b6967c685cf1cc803bc9abb48a8a93009c972ef4936e7f78e3c92110828790aa0a9d26b80e6a523bbcd830d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\unicodedata.pyd

Filesize
1.0MB

MD5
23bba751c8a182262856eeba20db3341

SHA1
0120468629aa035d92ebdf97f9f32a02085fbccf

SHA256
96eafcb208518f6df0674ef6f1a48f4687eb73f785c87b11cb4a52dcf1ce5c66

SHA512
482fdb6f542be27d6bf3b41bc7aa7d7fda3077cd763f32bb25e0c50cf8ae11ebd8173d18cb0a52126b2150fc737109d384971298e8e2cf8a199ad1f1956d9326

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads