Overview

overview

10

Static

static

10

Client-built.exe

windows11-21h2-x64

Analysis

  • max time kernel
    320s
  • max time network
    332s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    01/01/2025, 22:06

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    Client-built.exe

  • Size

    78KB

  • MD5

    c5ee1d96303a9b22a34866beaaa4271d

  • SHA1

    498b95f35137a02bbdf164b87292f657ef505288

  • SHA256

    51a25d85d3e8e51bac4386f319fe4316e54b3457686c63149185d84b100114ae

  • SHA512

    b8661c5ab2efdc60233a6fbc6f7869ac9744068f384808e63460d2bb489e0977472ee2ecffbc853a15955273bea3444271e2859587f3265524ade7c7808f8047

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+kPIC:5Zv5PDwbjNrmAE+4IC

Score
10/10
discordratpersistenceransomwareratrootkitspywarestealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMyNDExODIwNDM4MTEzNDkwMA.GZSIU7.O-UTajAb4V-HFQMunqlImDEQ-eUIuJjfuVOJKg

  • server_id

    1324136004826697748

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 20 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Client-built.exe
    "C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Suspicious use of AdjustPrivilegeToken
    PID:2516
  • C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "C:\Users\Admin\Desktop\WatchMount.ppsx" /ou ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:4088
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\WatchUninstall.mht
    1⤵
    • Modifies Internet Explorer settings
    PID:5024
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004EC
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2312

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2516-27-0x00007FFCFBEF3000-0x00007FFCFBEF5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2516-1-0x0000020158B10000-0x0000020158B28000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2516-2-0x00000201731A0000-0x0000020173362000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2516-3-0x00007FFCFBEF0000-0x00007FFCFC9B2000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2516-4-0x0000020174510000-0x0000020174A38000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2516-63-0x0000020174180000-0x000002017422A000-memory.dmp

    Filesize

    680KB

    Download

  • memory/2516-60-0x0000020173140000-0x000002017314E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2516-59-0x0000020173160000-0x000002017317E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2516-58-0x000002015A8F0000-0x000002015A902000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2516-57-0x0000020173FE0000-0x0000020174056000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2516-0-0x00007FFCFBEF3000-0x00007FFCFBEF5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2516-30-0x00007FFCFBEF0000-0x00007FFCFC9B2000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4088-6-0x00007FFCDCDD0000-0x00007FFCDCDE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4088-29-0x00007FFD1CD40000-0x00007FFD1CF49000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4088-16-0x00007FFD1CD40000-0x00007FFD1CF49000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4088-13-0x00007FFD1CD40000-0x00007FFD1CF49000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4088-12-0x00007FFD1CD40000-0x00007FFD1CF49000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4088-17-0x00007FFCDA230000-0x00007FFCDA240000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4088-18-0x00007FFD1CD40000-0x00007FFD1CF49000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4088-19-0x00007FFD1CD40000-0x00007FFD1CF49000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4088-20-0x00007FFD1CD40000-0x00007FFD1CF49000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4088-23-0x00007FFCDA230000-0x00007FFCDA240000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4088-22-0x00007FFD1CD40000-0x00007FFD1CF49000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4088-24-0x00007FFD1CD40000-0x00007FFD1CF49000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4088-25-0x00007FFD1CD40000-0x00007FFD1CF49000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4088-21-0x00007FFD1CD40000-0x00007FFD1CF49000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4088-26-0x00007FFD1CD40000-0x00007FFD1CF49000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4088-14-0x00007FFD1CD40000-0x00007FFD1CF49000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4088-28-0x00007FFD1CD40000-0x00007FFD1CF49000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4088-15-0x00007FFD1CD40000-0x00007FFD1CF49000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4088-11-0x00007FFD1CD40000-0x00007FFD1CF49000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4088-53-0x00007FFCDCDD0000-0x00007FFCDCDE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4088-54-0x00007FFCDCDD0000-0x00007FFCDCDE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4088-52-0x00007FFCDCDD0000-0x00007FFCDCDE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4088-51-0x00007FFCDCDD0000-0x00007FFCDCDE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4088-55-0x000001CE766F0000-0x000001CE76972000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/4088-56-0x00007FFD1CD40000-0x00007FFD1CF49000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4088-8-0x00007FFD1CDE3000-0x00007FFD1CDE4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4088-10-0x00007FFCDCDD0000-0x00007FFCDCDE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4088-9-0x00007FFCDCDD0000-0x00007FFCDCDE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4088-7-0x00007FFCDCDD0000-0x00007FFCDCDE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4088-5-0x00007FFCDCDD0000-0x00007FFCDCDE0000-memory.dmp

    Filesize

    64KB

    Download