Overview

overview

10

Static

static

10

source_prepared.exe

windows10-ltsc 2021-x64

7

discord_to...er.pyc

windows10-ltsc 2021-x64

3

get_cookies.pyc

windows10-ltsc 2021-x64

3

misc.pyc

windows10-ltsc 2021-x64

3

passwords_grabber.pyc

windows10-ltsc 2021-x64

3

source_prepared.pyc

windows10-ltsc 2021-x64

3

Resubmissions

22-02-2025 19:09

250222-xt5xmawnhn 10

Analysis

  • max time kernel
    95s
  • max time network
    96s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250218-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250218-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    22-02-2025 19:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    discord_token_grabber.pyc

  • Size

    8KB

  • MD5

    849e6942b15c2008c7641432902645f5

  • SHA1

    60942191e1ab3c6d3edf697b57d09c1620c51710

  • SHA256

    fa4ec025ef2d20b6ebd19803e7131f6b540a7ba14d6769bfd62c37fb875a134b

  • SHA512

    0e6611f100ea22b2d5d5632cd099f87d57696b73bb9c9d10dde98477b2bb1ff927816b54ee005e07df49d6897f36ad3d858ac142ae082d25800f07597f67248a

  • SSDEEP

    192:ESB7osP1MJaugQXaafNqaclHJLOq3ZJFD/b8xjJzdJv:TP1iavQTqacyq35D0Fnv

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\discord_token_grabber.pyc
    1⤵
    • Modifies registry class
    PID:3048
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4336
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\discord_token_grabber.pyc
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:4388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads