discordrat | bd4b0dfe9e66252d9512a4defa0ab340390cf3e91839ecf6a42ba5bb5aabe10e

Analysis

max time kernel
10s
max time network
11s
platform
windows7_x64
resource
win7-20241023-de
resource tags

arch:x64arch:x86image:win7-20241023-delocale:de-deos:windows7-x64systemwindows
submitted
27/02/2025, 04:03

Reason

Machine shutdown

Target

Denvys.Temp.exe
Size

78KB
MD5

55586b229e1af01a0982db4dba585a94
SHA1

b51bcd9edb108811d48f9d63772084582a6ba80b
SHA256

bd4b0dfe9e66252d9512a4defa0ab340390cf3e91839ecf6a42ba5bb5aabe10e
SHA512

90dca227d2633af06a28ea3c396a24dd791d31ca7cf790e26539fb94b4c3727500c1693085e7c5d4ad1f444f1822f203235c827ea7eef456a145efb0e137e443
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+OPIC:5Zv5PDwbjNrmAE+qIC

Score

10^/10

Family

discordrat

Attributes

discord_token
MTM0NDQ0ODM3OTI0NTAzOTY0Nw.Gw5wN7.PD7pU9XFDMJuMo9bfQdU5RYpjTvwdshVNyoJnY
server_id
1344447876629270598

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 2812	3060	Denvys.Temp.exe	30
PID 3060 wrote to memory of 2812	3060	Denvys.Temp.exe	30
PID 3060 wrote to memory of 2812	3060	Denvys.Temp.exe	30

C:\Users\Admin\AppData\Local\Temp\Denvys.Temp.exe
"C:\Users\Admin\AppData\Local\Temp\Denvys.Temp.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3060 -s 640
  2⤵
  PID:2812

memory/1512-5-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

Filesize
4KB

Download
memory/2896-3-0x0000000002E20000-0x0000000002E21000-memory.dmp

Filesize
4KB

Download
memory/3060-0-0x000007FEF5FF3000-0x000007FEF5FF4000-memory.dmp

Filesize
4KB

Download
memory/3060-1-0x000000013FFD0000-0x000000013FFE8000-memory.dmp

Filesize
96KB

Download
memory/3060-2-0x000007FEF5FF0000-0x000007FEF69DC000-memory.dmp

Filesize
9.9MB

Download
memory/3060-4-0x000007FEF5FF0000-0x000007FEF69DC000-memory.dmp

Filesize
9.9MB

Download