Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://discord.com

windows7-x64

6

Resubmissions

24/02/2025, 02:13

250224-cnqkjaxrgz 6

20/02/2025, 02:08

250220-cknlrstrdk 10

Analysis

  • max time kernel
    11s
  • max time network
    13s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    24/02/2025, 02:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://discord.com

Score
6/10
discovery

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\explorer.exe
    explorer https://discord.com
    1⤵
      PID:2552
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2476
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://discord.com/
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2208
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
          3⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:916

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
      Filesize

      1KB

      MD5

      55540a230bdab55187a841cfe1aa1545

      SHA1

      363e4734f757bdeb89868efe94907774a327695e

      SHA256

      d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

      SHA512

      c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_866DEC72621527AEAF83B2153FBFA6F7
      Filesize

      471B

      MD5

      7a5487e04213f57d1c1272249e8b69c2

      SHA1

      549119ae2b7852758208fad25109c05b8741104f

      SHA256

      7b1111a5f0cf571770787c270ebe0291972394a6d3302dcf0d453328a8b819a4

      SHA512

      c4d1f2be74c7f5b39cf71751efcda88b94235b5e9bf989c6da77f5601c12d0c5b34bfa328febd194cfcb1358e2efbaf9f3e5a333453995acbf5e14177962bfbd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      196c55f854ef338a63a97c6bda4ea860

      SHA1

      3ab4725e577026536c32c8ef0b2c2f80f0f7f9be

      SHA256

      2c42416c444c9fb9a9e89adcbac7ee3304e89335ee9e35cdfd7290d3fc59766c

      SHA512

      125418cc9325c6202ee3fba691c61296981f7d0a7fe0f0e0165a5e0779e9e86acfff5505b32aa659c35150a519a625cc76929d69bf276ec58b71b2bd8210809f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      310c783dbc547b284aad64a905e4e6b3

      SHA1

      b2912b67c4c94a0850d52450c2591d2876e3f92b

      SHA256

      88ff78b19fca0136a76b5471b21e0ab1ca65b18d4388fde6ba1178c87bfc95c2

      SHA512

      9d05cbb90ba771e7efef680b48e796a67a737afd53d70be0bbd60ab2041f0bc717c1186409342f5a0e8385e2e12e86c85b3e4f53531df9c35bdd97b7d1b066d7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4a498e22de0628faa19375e9966d1a2c

      SHA1

      08e5cda4d3172a0ebd1931f83fe21221dcc20b1f

      SHA256

      3e670c59480c8c38a1002653a9cbe48ad7d3cf6f97f9af36c0c06672bb35034c

      SHA512

      a49307535bb3110c017649261991dd3b15f9bcbb25f33f310061df02801a209ec8b759f5a277ca2426d5585a90d5bd8da8119b518f3997acf875ac936765b83d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d12c87d359b15ee3c3fc36a1b00519ad

      SHA1

      7a732b3e548a8eafc372ef334fa4cecc4ad96654

      SHA256

      aa04e226de73af9ee7d26e63803c72e9523c6827fec8a7ebd6e3919cae862ad6

      SHA512

      2b2807c2990eeab919c4d368481ea6c0a58c28e6000f3ad31eb912d16e0a19be28ee4e73237f17683a475f78a558660f0d9b7749c7bb920a7b69dafb7fe74e25

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9c7f1418706d3f473b8ca363da0ac5f7

      SHA1

      e0e0d533b212340017c051bf7cc2f4364c4a67bb

      SHA256

      d1015594e1046a39acf64e6cd475eafc10712ef2c90557e8d4935a8e61b4a34c

      SHA512

      0a1d99e260343268876dd603f5ea5631cd1ff0b941bb1a30833f62d4ec87c2e0a8aaf81171629cd96230f63724e3f4287546f699fd9ead80f284325223d069b9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f5f3ada9bfa409d5d4cb0f5478ce6bac

      SHA1

      1c5c066392d52d00e9918c5294d1dba4f1b97bd1

      SHA256

      04b9715e4c3f4d17006f171f65e14fd9b1f064f46d880d97ff7781be89820fe4

      SHA512

      c57dba95bbd481cc49b8953c407b88228491be3f008c1a784f6a03304568cb5439040804bdb732fe9a37c51bc47fb2a45b4994ef6d6b34ec71afed8d7effcfc8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bc5a9482dd1d13888382a806a6ff94a2

      SHA1

      86aa29a0bcb885ecfffc2d9214569a79107012e1

      SHA256

      28dfcb0ed4078e5a923ce90eb2cdc428ab215db2618c85e9a9948234d8d84c7b

      SHA512

      64193034db3165916e4ad635875959bfd71b62563161a0d17c26ea71cbbc5fb214d4f584a235cbc64e5a81da4feabbd462794637777f15413de1e66bff757aab

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      38aac704a728e04833a705d2c7d8f2ee

      SHA1

      173e1972592e262e8b161484c4965e69cef93a6e

      SHA256

      138deac441a9387c1b313eafe494f6815b60ecaff5fcedf7eeffba14f25eeefd

      SHA512

      5c1a60c5e8a74adfd0d2ff4cd5d7e8ae8311c6e9819b2cd05695c979337f2832b06ac79feb1803698dbb004dc76f9959d1fdbbfa33f7e3405cf03348d5fd38c6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      412d17c13f81d48a8e53a412d061ae39

      SHA1

      6ee4ec114dad2ab211d3a3168a8fab66a378e33a

      SHA256

      8787e54d804589ec77b66972b84fb7e09df61820cb851e034f6fe44928a3c2a3

      SHA512

      3e0e3afc37ef2f46137b4ab30ed26c60c6d79e9f95d46f4b1b8a2731f275287a6ae484643e03a9372c43ace3bafd6e8b79be16910647536b2c90e350eb29f2e7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_866DEC72621527AEAF83B2153FBFA6F7
      Filesize

      406B

      MD5

      d986c92509ae549fe2dd27d58e4890d5

      SHA1

      e66c45ef328fcb7974ad124a0b6e36e6317b776c

      SHA256

      76f26847986bf7c35b706016d7a74678d7591a37753b1f33bcf5d49b9941a107

      SHA512

      2bd5fcdf3626abc9edc15b27b33221e58548effec34a1cbc697dc966dd364b94282b7f965d4b7c4498ffb919b99bdf010e05ac1a2f0dfa352ff9f27f6cc334aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\e1ur8h2\imagestore.dat
      Filesize

      861B

      MD5

      8bc19f288b5b3817700c39bc2b516dea

      SHA1

      343e3ae2a1e5ae6c2c449031ac3c9a8df2399bf0

      SHA256

      842004b5732a998b47531ba145c18463f5a32153b82dcfd2c5c8b448dfdce812

      SHA512

      8ed843d149c02b5206d0dbe8eafd35ff65529a35c0edcedfc5474051190957e9d83a678bf4e10f05709d8dd8b47fdc6aa6e92cc2ead4ea773733dd91dd0da768

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\62fddf0fde45a8baedcc7ee5_847541504914fd33810e70a0ea73177e%20(2)-1[1].png
      Filesize

      557B

      MD5

      c309ae41848547064c2ddb7dc66b6215

      SHA1

      6d9801822541e4be3ed25137c4e53a249c85ba2a

      SHA256

      11848b5f1c8a7f294c6211c2f0d0dc83a8a28bfe1ef0829a8dacfdf475c5e5a2

      SHA512

      3ef32b52e7070ca0fa9a8cf06e49fe43d67da63fd3a0cd0985363f6223c758440a44e65c3eebc7d6cee0b1ca3aedc4c6ee78b7167fc4136d90539d6ba18d030f

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\652737c319ba7da75394c4b9_ggsans-BoldItalic[1].eot
      Filesize

      87KB

      MD5

      829b5bd09a7c123f48d3eaf05b822d81

      SHA1

      ddb84be1e4ba00e603dbe9acb5daba3d76fb11d4

      SHA256

      09126fcd7dff721fdc23724e29931429e92befabc22c4f653847adda720f3ee3

      SHA512

      36973e23d4fb54dde084c25881dccda7491496fc8fc78b57db3f09f29d7a47401e35ab75f825be8dfbb780c221a3141f5812a7441d76803f92adf21fdcb3de34

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabCFEE.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarD010.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit