1f7d8094a388fbb2ebcf2c7bcac0269bb7f71f689ece97e88955487caa3aad9e

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19-01-2025 21:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Discord.exe
Size

7.7MB
MD5

29f1b0d06ae87e4d2bc114048beff8db
SHA1

a2713988a22ba0b3efc23c113b1f43dd2a006c5e
SHA256

1f7d8094a388fbb2ebcf2c7bcac0269bb7f71f689ece97e88955487caa3aad9e
SHA512

4731e88bc1b6f6139b722d6023a19d43b112d6e5e01eabae78decf944792e4aa05622ed95867b60fe11a3a5441c36a330c3c40289febd1c67d47c6cf1332962d
SSDEEP

196608:3h0tSZ0eNTfm/pf+xk4d7nZRimrbW3jmyA:QCy/pWu4lZRimrbmyD

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
3056	Discord.exe
3056	Discord.exe
3056	Discord.exe
3056	Discord.exe
3056	Discord.exe
3056	Discord.exe
3056	Discord.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001a4de-72.dat	upx
behavioral1/memory/3056-74-0x000007FEF5CA0000-0x000007FEF6288000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2680 wrote to memory of 3056	2680	Discord.exe	30
PID 2680 wrote to memory of 3056	2680	Discord.exe	30
PID 2680 wrote to memory of 3056	2680	Discord.exe	30

C:\Users\Admin\AppData\Local\Temp\Discord.exe
"C:\Users\Admin\AppData\Local\Temp\Discord.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2680
- C:\Users\Admin\AppData\Local\Temp\Discord.exe
  "C:\Users\Admin\AppData\Local\Temp\Discord.exe"
  2⤵
  - Loads dropped DLL
  PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI26802\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
37fcc989b5ae55d0d18ee69edf57f6c6

SHA1
c4b2cdc1aee7137fbe4993b03859e9fb45fc3e14

SHA256
4047ec069444b0b466c4b375bd55aa1e1b6c177bda61eca391969b3d0d07f534

SHA512
bcbf7c4bd709ab1b7fbac483bf2b002abaac93e7e74ec465c31ab9ece6cd7874ffeced5a998302514e3f0cf15e571c09d7197d146f6fe490dbf429ea2a964d4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26802\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
d48de46dc141d9cad89cd97a9ac326da

SHA1
6ae6491924a7ea716f907490cf1851da014ee3c5

SHA256
aaacc72a5e85ceb15181b4604683543f81b37dd1d5215d647ff3fb464935f890

SHA512
6bcd7f62c293f8a3aea9937c4520851babd8ed796b138860e3e3aac7bb95715b5987485f8ee8255209bbb704e73e833d4cddf1c8e57bd2a39448dc292bb4f6ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26802\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
a9b11e4a24f3dfd567f79e1fca5375d2

SHA1
90a76ed33255c1db551fe95debbefdf07d3617a3

SHA256
df91a750aad544f3c1048d2b397890aa91282e115652ac833639196f8e945a3d

SHA512
2fc0163d74fb121d4d426b99ba70c65a1f847c9b867fad0f86e9caa7b295e101958b2bf05a8b2498fbe0027cad71ea8c09ece3e5d2c4d707936e42c21f840236

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26802\python311.dll

Filesize
1.6MB

MD5
bb46b85029b543b70276ad8e4c238799

SHA1
123bdcd9eebcac1ec0fd2764a37e5e5476bb0c1c

SHA256
72c24e1db1ba4df791720a93ca9502d77c3738eebf8b9092a5d82aa8d80121d0

SHA512
5e993617509c1cf434938d6a467eb0494e04580ad242535a04937f7c174d429da70a6e71792fc3de69e103ffc5d9de51d29001a4df528cfffefdaa2cef4eaf31

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26802\ucrtbase.dll

Filesize
987KB

MD5
907116582b20dab2c7952d283b2859e0

SHA1
92ed93d90e3dbed0bede26684618cdf40824f3f7

SHA256
aaada1f31f5862c7f7ebd68b15a4b854465d9e0c525228632ab6c85c2f321acb

SHA512
eb468b1537c299ddb486d6b8ebf4edf5821458bd012400b995c4c2d351aee67e5e292f5828baef07cc52a8c57940cb0d7cda7a99ef83e21978818fd28a7e4bc4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26802\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
6b280015cf873517051ccbda728dea4b

SHA1
c83f9bc0e27eb1969559d6aeaa268c99a5a4dde1

SHA256
f2a0d0fc3d24e72f3cc46111d7166ab8a4511674b73617d2019f235c61b30654

SHA512
fcb108b3a95d13059434415c3d054669b4741c85f4a21dc60f69af870a306aa6c2726b03e746f9ad5ff916cfc23a1bc1ed541e635b4720e430b334e921e568e1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI26802\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
d23eb2dbfb3094b4bd37cb304f6c2a8d

SHA1
9f2ed84b2a8d46bd8ca0704917e95a44c3426ef3

SHA256
af4d0083bac90404962e846a91385fc10b62dc739d1a763ec11950636a62a1f3

SHA512
d1cfbcdb9f97958593c561c3e7bdf6da7fe1ab586592c74bff7dd5cf1296fb2f5f7139ebeebe55bf4ae62c4043819955fc6764a6e724e00e9bbdb77d52d8f7b6

Download Submit
memory/3056-74-0x000007FEF5CA0000-0x000007FEF6288000-memory.dmp

Filesize
5.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads