Overview

overview

10

Static

static

10

Archie Exec.exe

windows7-x64

10

Archie Exec.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    71s
  • max time network
    73s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-01-2025 20:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Archie Exec.exe

  • Size

    78KB

  • MD5

    34d14c123c669b83eb895301ba962fe2

  • SHA1

    5639ecb0423da1b4a70150b04c7088f9ac322e09

  • SHA256

    24d0e2199cc3b9403cc5c89d0604acc7956a821c739971b6e4e59a9462f04dc7

  • SHA512

    8170d4fb1f38b4bd4faaa263f7fddf9e4aa6aa42c24984cac86ad396865b778f2b03a3dda4e2162d938d678a3bff294769a31961b448d1b4caa2e01e03eacb6c

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+2PIC:5Zv5PDwbjNrmAE+yIC

Score
10/10
discordratdiscoverypersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMzMDk4MTIyODExMDY3NTk5OA.GT88WA.ePwsxmg2sKPAG2_wckoOXY00L3miyVqQ4YdvPU

  • server_id

    1330981226093346919

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Archie Exec.exe
    "C:\Users\Admin\AppData\Local\Temp\Archie Exec.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:780
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault42487a7dh9cb9h4da0h8112h4249cb4dc231
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1608
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffc6abc46f8,0x7ffc6abc4708,0x7ffc6abc4718
      2⤵
        PID:312
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,18170583379935133052,14076712632171400414,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
        2⤵
          PID:740
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,18170583379935133052,14076712632171400414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2804
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,18170583379935133052,14076712632171400414,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
          2⤵
            PID:2572
        • C:\Windows\System32\CompPkgSrv.exe
          C:\Windows\System32\CompPkgSrv.exe -Embedding
          1⤵
            PID:3008
          • C:\Windows\System32\CompPkgSrv.exe
            C:\Windows\System32\CompPkgSrv.exe -Embedding
            1⤵
              PID:3944

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
              Filesize

              152B

              MD5

              37f660dd4b6ddf23bc37f5c823d1c33a

              SHA1

              1c35538aa307a3e09d15519df6ace99674ae428b

              SHA256

              4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

              SHA512

              807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
              Filesize

              5KB

              MD5

              ae500252f4f21b13db11c436b2df566b

              SHA1

              2201a15c9b5ceac81b4205d588dfe4eb95be320e

              SHA256

              5ab797efa328f1552423a18d0503885154fa88f772514e92b36cded803367c0c

              SHA512

              9d68adb562230d10bda692d0eead187a6cb28678ebde599b05295a955b92a149ff992b23a85ed974edc7ab7ea14544363bbd147f88e909bc90c1f723d4f95ec0

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
              Filesize

              8KB

              MD5

              c7e14e65561e40d654795e63de29402b

              SHA1

              fbe84fd0333603cd138d2a7e574b4f2472c54bb9

              SHA256

              f31ca16876cd16a073a43db857a078669b76442b3d39c61ac0a050b08a7653af

              SHA512

              eaee733d0346f2d733b15675088af99183cc624a352433fd02fce4e902a049816cf059c8c331e1187231ba68910bc6187e4ca79f5ed517aa8617a270a327bb29

              Download Submit

            • memory/780-0-0x00007FFC72ED3000-0x00007FFC72ED5000-memory.dmp

              Filesize

              8KB

              Download

            • memory/780-1-0x0000017208DC0000-0x0000017208DD8000-memory.dmp

              Filesize

              96KB

              Download

            • memory/780-2-0x0000017223500000-0x00000172236C2000-memory.dmp

              Filesize

              1.8MB

              Download

            • memory/780-3-0x00007FFC72ED0000-0x00007FFC73991000-memory.dmp

              Filesize

              10.8MB

              Download

            • memory/780-4-0x0000017223D00000-0x0000017224228000-memory.dmp

              Filesize

              5.2MB

              Download

            • memory/780-5-0x00007FFC72ED3000-0x00007FFC72ED5000-memory.dmp

              Filesize

              8KB

              Download

            • memory/780-6-0x00007FFC72ED0000-0x00007FFC73991000-memory.dmp

              Filesize

              10.8MB

              Download