discordrat | faece5f525d1b95daca76e943128cafbf2ce22521926ffbb5c896f78c149fab8

Analysis

max time kernel
139s
max time network
134s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
28/03/2025, 23:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

fe6ac21b3f97ebb4d19ee336cfdc75bf
SHA1

9bb6f19ff60d9f0a550f9bedaea63debf3d3a49c
SHA256

faece5f525d1b95daca76e943128cafbf2ce22521926ffbb5c896f78c149fab8
SHA512

74bcf3406e91a6ceb39e1d99392c0095a5d95d535a121ec34f5989d901a419a21b61554482896a9305ed3bc2db05160bd22b70348472b39d8e54ac09ffcadcff
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+FPIC:5Zv5PDwbjNrmAE+VIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIwMDc0MjY3NjAxMDY0MzYxNg.GwqP0d.L4z2jKSoVGlsFnli3GxYPBA2T0AUaXdFWOrlPQ
server_id
1260997893373038662

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	discord.com
5	discord.com
7	discord.com

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE

Modifies registry class 4 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1136229799-3442283115-138161576-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1136229799-3442283115-138161576-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1136229799-3442283115-138161576-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1136229799-3442283115-138161576-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
488	WINWORD.EXE
488	WINWORD.EXE

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4216	Client-built.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
488	WINWORD.EXE
488	WINWORD.EXE
488	WINWORD.EXE
488	WINWORD.EXE
488	WINWORD.EXE
488	WINWORD.EXE
488	WINWORD.EXE
488	WINWORD.EXE

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4216

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\RepairRequest.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:488

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:3604

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\99c70a51-02fe-4763-bc70-86e62d222ce5.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
417B

MD5
32064e6c20eb9f71dd1b23a831356c36

SHA1
f0a8c79ac9ced7ec0d071d4f278383a2e28a0e8e

SHA256
c7fcec1fd4b972e1a92c86148a2d7ad3758ce6d012fe86b2c81c5c47b6c9e26b

SHA512
1d1b4642e940065c72681540f8dc97df5dc859455a55e8a6185bcb36d84b787fb1afc5c0494652f13233e2eb957eec3d6be49c9017f0f1b7e6f0b2c565efabaa

Download Submit
C:\Users\Admin\Desktop\CheckpointDismount.mpeg3

Filesize
566KB

MD5
8ca86f09ffd9b9c9a5e61140fd68b347

SHA1
7deb3933217db944827c258442f3e13980dfdd02

SHA256
f0875ef27a2d007df8079c9eafce2e0b932a7653ae15e827194751a590f297bc

SHA512
75d9faf508acec2cdc1886348d117aca3e19faae303f2275a9415fdd1d4dce154894d892262e80dfdf0cd97f9594a4265206ed6347a1aa053c9bbb0f97b8d147

Download Submit
C:\Users\Admin\Desktop\CompareDebug.wav

Filesize
233KB

MD5
39e4a8e2f647b15e7505058c74fb7164

SHA1
11804bcac9091fc989242ff1752c293af67e4afa

SHA256
b3eb3df94e29d933a49729da50d1784a244a239163fe9aa315fd57808a5335ce

SHA512
9992969f3bea061db289c94f12cbdf0df1a5800019b32350972c90939011e7523b1dd01784c8383f73e9bdaa922844845b942603eec62d938839660289e571c7

Download Submit
C:\Users\Admin\Desktop\ConnectPublish.wmv

Filesize
333KB

MD5
2c6f1331006888a6d786c5c254a0778d

SHA1
dd9eb7bf05478198b527e4971e3a689815e43bee

SHA256
0e4cb6ae78760d6b5810bff0f9d2facf5e4b343f4116572170c53533c16cea0d

SHA512
e8c041ead98018fb0929ad7eb3d2908ed760e650ae8026573335ff0fb5bf5e9f7c7837ce9a1ca1211e5bbd6fff22d1695fc22c573ff30fd73947ec7e78af5b62

Download Submit
C:\Users\Admin\Desktop\ConnectWait.css

Filesize
366KB

MD5
f8be8a67cbdab577553d414e40bc9177

SHA1
f4d3ab02645f18cd23c40cf257bb8f6fd897d8ee

SHA256
8e3aaeab5c8984d4139d94c6a5a2ba189ac4323c7d865e348ef3e9a18d0949fc

SHA512
6b02b151c3c32d881064d935c6744370247a3cb4f8aad3e00a6b5e0d3b4e39905220a4bd1976aededc022d420b55b757c28fd9d457ac72be044980b6b22432b3

Download Submit
C:\Users\Admin\Desktop\ConvertToCompress.ps1xml

Filesize
249KB

MD5
073092bd98c59385985a6b53600e74ec

SHA1
67bc804cf2e837c9e0b604e20b048a296dba87c4

SHA256
e5f79104f6c19a79bf9b74211d13dd1c3156289ff29b642f34042a09e046e69c

SHA512
ef200161b4479239a5dcefdf54a1f4d75fd338d50096ee84f8aed411cc4b8cd4f11fe603634895653402b5eedce37ffcba20e2d295f38c962ad0ee38af6cc3cf

Download Submit
C:\Users\Admin\Desktop\ConvertToStart.jpg

Filesize
583KB

MD5
d006bd70ba3682d54c00598f8418be15

SHA1
e01745ccdafd684b5c29efc34cfcc5959d02a3bb

SHA256
f88e59b91c266450149ebaf5d320c9d82b6d457aa4e9dccdf93f82710751c27c

SHA512
49c7580d9141886b04cba9e0250957ce5f25cb27421885cf2c878da5a26af7378a7378ad883eec111c50d6ae366f7822c8ca691ea5ad79c0789ad12c91ba2095

Download Submit
C:\Users\Admin\Desktop\ConvertToUninstall.mp3

Filesize
266KB

MD5
df2b383d2b6c1c10e919e969ae97cd9c

SHA1
cd11691815d795667d252fe0d9088b1687018ca0

SHA256
5fff0bce01418a1d1cfeb49b88ddc6ce2eee1bf288a234541d24782953f21dd2

SHA512
7abefcb6711146972ce586f3b11fce0f53ba9cd792fcd35f45665688a0973264dd94b9452b5c8d5e7588681fd5df1b3d4d99b6f35900a3b402bcaad8cd893156

Download Submit
C:\Users\Admin\Desktop\EnterConfirm.xlsx

Filesize
12KB

MD5
bbdd0349fed49a90f0e59b11af1f123b

SHA1
20ed20e38f69ad428549644aa4841b69b43c33fd

SHA256
dde1a533b3c9f992173b184436860432c2167dfd0a44f1b2fc9db18a9387e477

SHA512
ed1de0af1e60ed151afb7be884a9fa24a826c832a7c4f6e816567fda6e50ffebea928c8f768ef94932239bcb116593ad6daaaa6b064f8015f5a3d2c32352b15f

Download Submit
C:\Users\Admin\Desktop\ExitBackup.xlt

Filesize
466KB

MD5
bd5e367e779d7247ac08f5651e945c0f

SHA1
8e29d624913faea5b33203d5c8e2e5e26d64f5a0

SHA256
864d4a2f40aa4a8fd9dfcad5275006e85e73a162ba6fd178461f81cca7440071

SHA512
5168a8638f3edc563250f0e82e804122914eca28ae8662f37a77dae04fb733cd3e792bb3d0d8ff2d19068305070f5dc69ae237c958f6f1bc0899cafaa59e5b65

Download Submit
C:\Users\Admin\Desktop\ExitSend.tif

Filesize
483KB

MD5
5a5c57b33166f1ee453c3a836aa7c440

SHA1
16407e6c02ad292c23c55e64a49ce3565740d906

SHA256
43925f32ec5005234926da20df59e9185056d7c244e558f47d4874337f16d714

SHA512
1fd84383832966015f78effd7ed1e7ebaf0b97534e79c98a9d4914f1187672997e0b49c179e6e42fac2a1685db6db627ac0b1e216d22acb427a277d0be927631

Download Submit
C:\Users\Admin\Desktop\GroupUnprotect.xlsm

Filesize
433KB

MD5
e2e7c4420f8c2ade43e86395c8d1bf9e

SHA1
dbd44c6d1915f2731de8a2ffa258f83016f8e06f

SHA256
c4afefc27aa7939277c058c7d8918645e9001c6979c21ad9016d2828013e1533

SHA512
02100b7d6c9f3db5551205c570f795aee79b777bdab441774f96f562131d96a4006ef8eaa084ea0491b991bb783a3b5cb6e711a77d85ba41e8186e96fdab2f4c

Download Submit
C:\Users\Admin\Desktop\LimitProtect.dxf

Filesize
299KB

MD5
5315d12d25dffee47109da35b4652b59

SHA1
931d3fff17aeb33b66f3bc90938d86022b8addba

SHA256
f65d59b0835e3af0b0d216ad748e037be7c4565d47d21a4a71ff523797ec9bdb

SHA512
8ce71f557dd1887b5987b7442f1668eceda5fb79a5fdc92cfe54c02070558cf0bdcdf04f6c1bd1f782e25f7cfa327f9487b0c6a1909f62da1c34fcf6c78f7de4

Download Submit
C:\Users\Admin\Desktop\MeasureUnregister.docx

Filesize
17KB

MD5
9221a8aec27fb8a197188f58e54be219

SHA1
729f55167abeeb66c67ebc68f0c84efe14c577e5

SHA256
e78ceeaef21e081225351e5a5f8b05eb0ac9e8a5baf769f1a1047a0b698e105d

SHA512
349993b1d4f6cae7b0f6ab947ce3f01c914ad0643cb60f65a2e1864c2152d5de5a590bfa897cb81ce4ec696a19644408b2b84872e7e78c3d3fc3aa2300919b22

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
b860b7d73a5c454e7eb27bfe3c99e66f

SHA1
3d873b5ceea9e73f82f7d9d5893b787f0cc23be8

SHA256
f541694cc8b4dfafa7dbc966f2fc1bda21bc27d7f7c667f5e420ee36a9889dd3

SHA512
f00aa707fa6afb34f8a9e79531871eb2c50fa570dc6366b37f5f4c5b5e1e0e56df85be0ef57ac17757f700aa56573b37e78eac4e0bcb0abbce5018e9b42b4af0

Download Submit
C:\Users\Admin\Desktop\MountRepair.pdf

Filesize
849KB

MD5
2261f4ff11dbef3dba98e51c8404363a

SHA1
6db81f943f793c3c8e45b76bb55014562a870e81

SHA256
aabb9989e99c57b6d3f83c89a7733f1a588603abcfae98d0b878aeb17f6307d9

SHA512
6d3869a662d5f3ba0ab755b0464c4ff432658b2c8c5e9cbe3a06fef89125129b0e3a1303e1c456b642378514dfd00b9cb2d701e9883bfc1ebe5b510d821a8f5a

Download Submit
C:\Users\Admin\Desktop\PushMerge.xltm

Filesize
349KB

MD5
0b31ed56e1ca56beac3f6727e084fd02

SHA1
9a3cf780f32532931b7a054ef75509692e0cafbc

SHA256
c254e0eae25e693b14464004e1aa3089efed24e32cebea8221e84eca055a67fe

SHA512
838135a16338268f80a71ed2ea54b6c51fecb9375d143649c74df18837956ab1029f1b20c7653eef0cede8d7ac8e8c7b9466496536d8eb3258e90b865928f20e

Download Submit
C:\Users\Admin\Desktop\RedoRestore.lock

Filesize
216KB

MD5
35af14980ec43cce3f13275ef9c0d617

SHA1
0ff3fa35ff2001164494e6f65195b14408476928

SHA256
d68e92e39c5ded82533e69a513e5f7f6658ad540bcd51cf346f462f2e79ce546

SHA512
65c607e8754565bd52c78a2d0fb78d925a2e32a07c90c9f341cd50245873b297e97fe0d4dd07bd6e5b7bc854ecf5bef3d0009f1c093c63bd861a7c2098f3574b

Download Submit
C:\Users\Admin\Desktop\RemoveCompare.dotx

Filesize
449KB

MD5
2b11434730ef2323b47b4c533e8c27df

SHA1
cb9e41252306f1f4cabe63ba371e10e26cbc92ae

SHA256
03f034077e0043cb11978e2b46ebc6def89a1c8a16f5e6428817fea357fac4c9

SHA512
baa378fae5f113b3eecc71bb21234edbdaedfcb5032b5595ec9256e49a8b7945258c5ffcfd8d9b324e1e8a211daf921cadfa70fcfa7018c366c6e49abea112b5

Download Submit
C:\Users\Admin\Desktop\RepairRequest.docx

Filesize
16KB

MD5
4021216bfae210286fadcb68d8971ee3

SHA1
23e52e0f4f6baa28f8920e52c409749ef2760cd2

SHA256
e30df821fca83dae1ccdca7d4889c8b4bc660cdd3dd5c38dc32575c0fd6b9dda

SHA512
d1f529806836b744b0d49e5779083d41401e5998309a6438596bcec7bf21889b86fbb5bcfa03091105345bd802bc16ac0cc970205cf1435798b069fec88e2774

Download Submit
C:\Users\Admin\Desktop\ResolveDisconnect.ico

Filesize
416KB

MD5
c6aa9daa7b8506649451bec8a1c45350

SHA1
6e255614bd5335864decae1625fb38a6018bb449

SHA256
c1ae910b7e7db9926cc48d38fbade2464fe662c070926e2caebed91ea31dbb53

SHA512
47a4f6cf7fc77b85f594ca746676498f92d4f21f5c6d282a509b415218ea6b029f9c723e27615da2b224ff2eef61db2abd91677d855564165d209e9c93fadec2

Download Submit
C:\Users\Admin\Desktop\SaveProtect.exe

Filesize
616KB

MD5
9874996184274428fdf475b6dcf594bc

SHA1
32f2597558c3bcda1f48df042b7565e163f9450d

SHA256
63ad0b2747c8a552592daf3ec4e0a1179f7766cc74aad2c36ae431231af0bb04

SHA512
516f953b7b58c8f9ec4ed89aa1aa31c9ece82db83a9158b3ae3ef228a85b1de208092a5baae176c1709f5be053a1f44ceff35312a0ac80b41ce3dc7517705f0f

Download Submit
C:\Users\Admin\Desktop\SendInvoke.vb

Filesize
599KB

MD5
257558b2676fbcaab8e7f6df68e92353

SHA1
ca8548f5fb74a664da867bc41c6dd603ab00f8fc

SHA256
9f0783fd2e6cae12489c77d322be873a8e65b0b4f39029a4c17a762be1ddb499

SHA512
0c4bef27bc588ea2ef8f3db4ca7b998321b50c427bc1c0ed22e3ff3373fbc2d9e1e5ff945e5a6500ce712a5ecee17da2dba3dbf2cddf6522b784162c4cbca337

Download Submit
C:\Users\Admin\Desktop\SetEnable.sys

Filesize
399KB

MD5
3426dccf95e0e2cd1759b56407e6504d

SHA1
cd672cc55dbb4ae307507f995d737d85619770a7

SHA256
572f1474017f4a977987c33284296dd13b923680623e630189e97de74cc85786

SHA512
fbf2c15c01b55a83206e2c4e0c35892a0915ae44551a5cf66a54369298750c0f6a9de694eeff75b223fa881a9aa688d76c7b16ede23029f9fa400432b0f0b71f

Download Submit
C:\Users\Admin\Desktop\SuspendStart.pcx

Filesize
383KB

MD5
ded1cfe774e1602b49da21ee2653a880

SHA1
a297719b8427f05d239b4b30e5c53b3cf710fa02

SHA256
5ff5de5531fd8e50e0928f68aea947d703fb651f0139cc757a5bf4ee81fb5570

SHA512
90cb801d792736a45860fdd470b9e4baa9cc0cf82c4701b88ce12417608552e4a89e45df391572a45a0deb92c3b23080e71a694f624f566fe8670afe3e83ff59

Download Submit
C:\Users\Admin\Desktop\SwitchJoin.xlsx

Filesize
9KB

MD5
aa2b223f992564ed075ee745f66c198e

SHA1
05839db047ac38c61ec48e8f1317d1b1e0a539b3

SHA256
411da0db04650483f0f3efb3b29d6acad9d9364c7972b8887239218863f175c8

SHA512
2e273dad07ed1c01707bd490678f822aa45ef8e228a0474709e2d4470065771b30520c6c9a9ffe3c2979d057d4bbf5c491cfe187f901384015d47f095f615bbb

Download Submit
C:\Users\Admin\Desktop\SyncConfirm.svgz

Filesize
549KB

MD5
e9bd863330d951c70eee1b12c45147d6

SHA1
3014b4820a82d500353c591b787f1cace6c3aa77

SHA256
215568d3d76d0e199c044ea8860d2bec2150fc9d51eafefd077310ce32014c5e

SHA512
473ba3efd43b0ba8902f6fface882892a5ddef0ed221e16abc0e888274d826a57ddb2f57e4ede9aae9a1a0fc7bbe8a73dd95c6e5f98606aa35bde0d2eefab1fb

Download Submit
C:\Users\Admin\Desktop\UnblockComplete.docx

Filesize
17KB

MD5
4c1eb2cf2e3d284fa47d10084c97e959

SHA1
f841011679bd1919f0da0f33636e814481ff4618

SHA256
82a958af600a556a179d04b38be197fd818cbf361dd0cfb16a530cec20529424

SHA512
7a51207d5f2d8c8584c63a79c3fe7308d7197a51c8e82849b416a7f087f783103b955c7c4290bf4966de6adea7f07f044c9dbe5492f880831ed425f16d72a4c9

Download Submit
C:\Users\Admin\Desktop\UndoWait.emz

Filesize
499KB

MD5
09e87c1d6a0a345f9a2fbc1832074e91

SHA1
ac78dc2f4e37c41837dd94e677f5dbc823b6870f

SHA256
5ef6ab3b83e1a2029cc178efeb6457cfda34bf09e856a70947f5170c99696ab3

SHA512
1ae8aa5688401ef057a906ff83bccc803cb2e3326a397ca0426d9e12f9fd83db6e0856374f65f0781f3cf79554c6a0e5c87770e5db92f451f62e1c1f8e2635be

Download Submit
C:\Users\Admin\Desktop\UnpublishConfirm.m3u

Filesize
283KB

MD5
3939fb2a0df770498ce0a1ee9758e05c

SHA1
8abd4662fe330926cdac4ccc12e2a8435d68fa2c

SHA256
89116fa8bd767014e1420cc330eeae31f7d1308b450ebedcb7ddffb2b43241c3

SHA512
678cecae1447b942672c888c917eb19c7540a9e90aff1f449854805cc1fd46e467e8ac485f7c293e13e53595ce53ca99778fbf74a3db7ea8566fd5c1668b2fc2

Download Submit
C:\Users\Admin\Desktop\UnpublishPing.avi

Filesize
316KB

MD5
686c3ccc907fe4ecd1707249b24179e9

SHA1
338fdfaaab177a1246aab3c8a5b80db531fa2f2c

SHA256
e89993501b7077d5ff7f80bc4484f9c92d7cb1cd3cea13251a5ae21cdb12a148

SHA512
32e954afff250c16fb5f7d0f13cd2db1acec58aae8bf05f3f7f5ca202322d50dfef21d6a323a6ff5463cde6ea5dc1ca4eb4da20ddc3a3567e10d8fe66ade1b03

Download Submit
C:\Users\Admin\Desktop\UnregisterResize.xlsx

Filesize
10KB

MD5
c7b5582ad612692e144a6452ba7a3602

SHA1
94edddf31e3b6f7f20a6712747901e3c39e7ebc6

SHA256
2d40334f4393c67607c70d908380b29117b6140a7b27d9e7f52ca336c3c45401

SHA512
99189d2114d1f14e64392d83741abcb0446270414fdb7453e0250eb7b9012dded84f1efd4d9ffd6993d305cf3da44d421adde5ccda0c3cb9e8097920326594a4

Download Submit
C:\Users\Admin\Desktop\WaitClear.xls

Filesize
516KB

MD5
e4bec58bd516317f7ed596e1886d23a2

SHA1
8e5df15d475758b838d1a7287e16a7823a0c4e35

SHA256
3d4dec8b128c0740c4d7ce19c042c18bc99d0ed76567f8ee4aee2a9e95beb205

SHA512
ff0c2c48626b7c39865c2c3b73fbb2ea007f953eb65564168bece488c4b54853e047e881ef1a8e0bac8af94d29c5dd9636d7771bd4a81c896ace4e6ae320ef10

Download Submit
C:\Users\Admin\Desktop\WriteSuspend.shtml

Filesize
533KB

MD5
b45deca036d4bb6c72d8b71b3cbaa915

SHA1
b02dd26aa8c3d5b211fbbc3e86423e0aa575acc1

SHA256
1f558ccdd839213b9d9fe2059e4996794b714272b6c776a333dea8e68135d443

SHA512
62ed78955cd92f65b6546ffa24de0356b74c251141da31012d495e4495c36decf41081f3139d196fbbb784f83076333300db7ef2ee91c2b71b9c02da442d4bcb

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
fbf436ccfbda4d1b089f3dc6e036a600

SHA1
9590877e333740fa559ba96d83ea474373ea2d90

SHA256
0783ac1dbd84aa80915346ee1385e550dc86a22b3376c70061f70191409d3888

SHA512
4a2fd7e4630750e97561c8f6f02c9761c36c11fc45b82a6aafab6daa7c380c9e20e5297db66425335ab3375472538017d30617ce5dd05f44c000b70ad17e5bdb

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1KB

MD5
9f98010742c1b61e492a9301425c1b91

SHA1
38cc8a3ece5b4f0434e13ee0223b3b9dbce23255

SHA256
368836c5215b58699fb227460358cbadc32009a27065411163c5f0cf896c8a5d

SHA512
800cbebc19181e3640e37b6ea9bcd7e4dab616c5e0e5a0f5a67e84fa0db2ee5829c54dfa7343aff3622f68f9e51b6eb4bc50ff82f0d2d7a6285834dcbbb63415

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
e16efe1b789c2f6fb13974efc411adf0

SHA1
278355ac1fb5261b8f83c0c4ad9d16ceb2b2c9da

SHA256
7ec321bd059f9c70294a191b8778f7fbcdbf27f00d397c434ee7e6b623a68af5

SHA512
f8e42071942e1d96309d0e6997191d6ce03140e0a562df1873d22113d4e446c12dd156b0930a46caa37e3abb1af90eb7415491ef0162efb54b9e5afef0f6741a

Download Submit
C:\Users\Public\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
00a1ac1ddf054020d9e9f2a5a25ec1c1

SHA1
fedaa79bec9134bba5db4d0ea020adcab0a3c195

SHA256
724c5e7155bc4efc935f3f9f39858e2daa99340466de7e6e648f7c5ee0b0c0e3

SHA512
845c6dfa1b3b7755e935a6cdb6217e77ec54db3f1b969613ca880516eeb2ec64d05d2897cb2df7539780f853e7eff2494900e5aae10a1c3350eb68d39cf5dbef

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
a800e0362539d29e7a09f54eac2dec77

SHA1
51a5bc8a7dab36a53b9bff05704cc9857210e3c8

SHA256
7908c33ba805b8c0595cd64574e881556cd79e0406f78aa53ad50904aa8d9f5e

SHA512
799f4a32647d605eecb4107649b79a0848ff68d609c1831ddb07d7d7873c6fc7c845bb01dccc02bcf3243d519041b4a41b533381e9ca6d3e43acf15e4d76e509

Download Submit
memory/488-10-0x00007FFADB8F0000-0x00007FFADB900000-memory.dmp

Filesize
64KB

Download
memory/488-21-0x00007FFB1B860000-0x00007FFB1BA69000-memory.dmp

Filesize
2.0MB

Download
memory/488-57-0x00007FFADB8F0000-0x00007FFADB900000-memory.dmp

Filesize
64KB

Download
memory/488-58-0x00007FFADB8F0000-0x00007FFADB900000-memory.dmp

Filesize
64KB

Download
memory/488-19-0x00007FFB1B860000-0x00007FFB1BA69000-memory.dmp

Filesize
2.0MB

Download
memory/488-22-0x00007FFAD8D50000-0x00007FFAD8D60000-memory.dmp

Filesize
64KB

Download
memory/488-23-0x00007FFB1B860000-0x00007FFB1BA69000-memory.dmp

Filesize
2.0MB

Download
memory/488-24-0x00007FFAD8D50000-0x00007FFAD8D60000-memory.dmp

Filesize
64KB

Download
memory/488-7-0x00007FFB1B903000-0x00007FFB1B904000-memory.dmp

Filesize
4KB

Download
memory/488-62-0x00007FFB1B860000-0x00007FFB1BA69000-memory.dmp

Filesize
2.0MB

Download
memory/488-59-0x00007FFADB8F0000-0x00007FFADB900000-memory.dmp

Filesize
64KB

Download
memory/488-15-0x00007FFADB8F0000-0x00007FFADB900000-memory.dmp

Filesize
64KB

Download
memory/488-17-0x00007FFB1B860000-0x00007FFB1BA69000-memory.dmp

Filesize
2.0MB

Download
memory/488-60-0x00007FFADB8F0000-0x00007FFADB900000-memory.dmp

Filesize
64KB

Download
memory/488-20-0x00007FFB1B860000-0x00007FFB1BA69000-memory.dmp

Filesize
2.0MB

Download
memory/488-8-0x00007FFADB8F0000-0x00007FFADB900000-memory.dmp

Filesize
64KB

Download
memory/488-18-0x00007FFB1B860000-0x00007FFB1BA69000-memory.dmp

Filesize
2.0MB

Download
memory/488-61-0x00007FFB1B860000-0x00007FFB1BA69000-memory.dmp

Filesize
2.0MB

Download
memory/488-11-0x00007FFADB8F0000-0x00007FFADB900000-memory.dmp

Filesize
64KB

Download
memory/488-14-0x00007FFB1B860000-0x00007FFB1BA69000-memory.dmp

Filesize
2.0MB

Download
memory/488-9-0x00007FFADB8F0000-0x00007FFADB900000-memory.dmp

Filesize
64KB

Download
memory/488-13-0x00007FFB1B860000-0x00007FFB1BA69000-memory.dmp

Filesize
2.0MB

Download
memory/488-16-0x00007FFB1B860000-0x00007FFB1BA69000-memory.dmp

Filesize
2.0MB

Download
memory/488-12-0x00007FFB1B860000-0x00007FFB1BA69000-memory.dmp

Filesize
2.0MB

Download
memory/4216-2-0x00000247AE020000-0x00000247AE1E2000-memory.dmp

Filesize
1.8MB

Download
memory/4216-3-0x00007FFAFAA10000-0x00007FFAFB4D2000-memory.dmp

Filesize
10.8MB

Download
memory/4216-4-0x00000247AE900000-0x00000247AEE28000-memory.dmp

Filesize
5.2MB

Download
memory/4216-0-0x00007FFAFAA13000-0x00007FFAFAA15000-memory.dmp

Filesize
8KB

Download
memory/4216-5-0x00007FFAFAA13000-0x00007FFAFAA15000-memory.dmp

Filesize
8KB

Download
memory/4216-6-0x00007FFAFAA10000-0x00007FFAFB4D2000-memory.dmp

Filesize
10.8MB

Download
memory/4216-1-0x00000247939E0000-0x00000247939F8000-memory.dmp

Filesize
96KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads