48fe545d10166c4aea48252deab4a043abd56b758aed8439a5f1479d18ae6944

Resubmissions

31/12/2024, 03:26

241231-dzfp5ssjer 7

31/12/2024, 03:23

241231-dxrpmavmfy 7

31/12/2024, 03:22

241231-dxckps1rgj 7

31/12/2024, 03:18

241231-dt4j1s1qgj 7

Analysis

max time kernel
841s
max time network
842s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
31/12/2024, 03:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Discord-Token-Joiner-master/main.py
Size

746B
MD5

58f14c91101db143b0a90fdc8b1bf9b4
SHA1

e3abd4d335d709118b615100cf57e648e9cd2b1a
SHA256

b88dd5fea640870cc0ccbe582db0aa3fde782ce3978c76fcb5cf9425102ea919
SHA512

683cc70a60867635a4b8473e71a3c5f47e9de1387e49da540dd031437e1fac67de2d9d859f708eb555922a8be19a7d2296460980d6ff4d322d5dfdc6cfac52db

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_Classes\Local Settings	rundll32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2264	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2264	2508	cmd.exe	31
PID 2508 wrote to memory of 2264	2508	cmd.exe	31
PID 2508 wrote to memory of 2264	2508	cmd.exe	31

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Discord-Token-Joiner-master\main.py
1⤵
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Discord-Token-Joiner-master\main.py
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...