Analysis
-
max time kernel
137s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
01-07-2024 01:35
Behavioral task
behavioral1
Sample
3452a8da597975fc6a00c06c5106f009.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3452a8da597975fc6a00c06c5106f009.exe
Resource
win10v2004-20240611-en
General
-
Target
3452a8da597975fc6a00c06c5106f009.exe
-
Size
78KB
-
MD5
3452a8da597975fc6a00c06c5106f009
-
SHA1
4e5118042d641d12c0f6fc42a6eaeb86aed43fb6
-
SHA256
998be75a886cb45442cd31c27a72558459540f05d588961a67515ca98049f4d2
-
SHA512
b3e0f6d7ad90c4e60389594a35e7592bd651d544f68fc0f232c671d6da70f219176113ff031608a8c49e9c897898aaa9ccb485d1ba1f97180adfe44f0fbb41ba
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+jPIC:5Zv5PDwbjNrmAE+7IC
Malware Config
Extracted
discordrat
-
discord_token
MTI1NjY2NjMwMTQ4NTU1MTY5OA.GJPfoK.e4hSv7hek2RkFivU556o2-E78FxjuV2jTYvdLk
-
server_id
1256574491014725675
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
3452a8da597975fc6a00c06c5106f009.exedescription pid process Token: SeDebugPrivilege 4576 3452a8da597975fc6a00c06c5106f009.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4576-0-0x000002CE79890000-0x000002CE798A8000-memory.dmpFilesize
96KB
-
memory/4576-1-0x00007FFCF9A73000-0x00007FFCF9A75000-memory.dmpFilesize
8KB
-
memory/4576-2-0x000002CE7BED0000-0x000002CE7C092000-memory.dmpFilesize
1.8MB
-
memory/4576-3-0x00007FFCF9A70000-0x00007FFCFA531000-memory.dmpFilesize
10.8MB
-
memory/4576-4-0x000002CE7C6D0000-0x000002CE7CBF8000-memory.dmpFilesize
5.2MB
-
memory/4576-5-0x00007FFCF9A70000-0x00007FFCFA531000-memory.dmpFilesize
10.8MB