analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Discord Tokens Generator.zip

Full analysis: https://app.any.run/tasks/eac30e21-4d38-4798-bb9b-608c1e419cb3
Verdict: Malicious activity
Analysis date: October 20, 2020, 03:05:40
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

B1B310BB23492228FEC2352927E3B6EE

SHA1:

14E28A28A5D67562B145EB34012A98769D69F654

SHA256:

95E4FF61B8BD20F5FB6B4A445F59503447926B30BB886C6335FE3339002AE1A1

SSDEEP:

393216:Xz6wDVoaHjC9xH2/qX3e4dt4BQDP6Ew/1p21vys:Xz6wDnHm9xWUpHAkU/1p+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Discord Tokens Generator.exe (PID: 1908)
      • Discord Tokens Generator.exe (PID: 576)
      • Discord Tokens Generator.exe (PID: 2772)
      • Discord Tokens Generator.exe (PID: 2268)
    • Actions looks like stealing of personal data

      • Discord Tokens Generator.exe (PID: 1908)
      • Discord Tokens Generator.exe (PID: 2268)
    • Loads dropped or rewritten executable

      • Discord Tokens Generator.exe (PID: 1908)
      • Discord Tokens Generator.exe (PID: 2268)
  • SUSPICIOUS

    • Application launched itself

      • Discord Tokens Generator.exe (PID: 576)
      • Discord Tokens Generator.exe (PID: 2772)
    • Executable content was dropped or overwritten

      • Discord Tokens Generator.exe (PID: 576)
      • Discord Tokens Generator.exe (PID: 2772)
    • Starts CMD.EXE for commands execution

      • Discord Tokens Generator.exe (PID: 1908)
      • Discord Tokens Generator.exe (PID: 2268)
    • Creates files in the user directory

      • Discord Tokens Generator.exe (PID: 1908)
    • Loads Python modules

      • Discord Tokens Generator.exe (PID: 1908)
      • Discord Tokens Generator.exe (PID: 2268)
  • INFO

    • Manual execution by user

      • Discord Tokens Generator.exe (PID: 576)
      • Discord Tokens Generator.exe (PID: 2772)
      • taskmgr.exe (PID: 2328)
      • rundll32.exe (PID: 3192)
      • rundll32.exe (PID: 2596)
      • rundll32.exe (PID: 924)
      • rundll32.exe (PID: 3844)
    • Dropped object may contain Bitcoin addresses

      • Discord Tokens Generator.exe (PID: 576)
      • Discord Tokens Generator.exe (PID: 2772)
    • Reads settings of System Certificates

      • Discord Tokens Generator.exe (PID: 1908)
      • Discord Tokens Generator.exe (PID: 2268)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2020:10:05 10:29:01
ZipCRC: 0xfe490d13
ZipCompressedSize: 15573797
ZipUncompressedSize: 15862039
ZipFileName: Discord Tokens Generator.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
57
Monitored processes
13
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs discord tokens generator.exe discord tokens generator.exe cmd.exe no specs discord tokens generator.exe discord tokens generator.exe cmd.exe no specs taskmgr.exe no specs rundll32.exe no specs rundll32.exe no specs rundll32.exe no specs rundll32.exe no specs wordpad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2432"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Discord Tokens Generator.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
576"C:\Users\admin\Desktop\Discord Tokens Generator.exe" C:\Users\admin\Desktop\Discord Tokens Generator.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
4294967295
1908"C:\Users\admin\Desktop\Discord Tokens Generator.exe" C:\Users\admin\Desktop\Discord Tokens Generator.exe
Discord Tokens Generator.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
4294967295
2684C:\Windows\system32\cmd.exe /c title ThisEsteb - Discord Tokens Generator - 0 TokensC:\Windows\system32\cmd.exeDiscord Tokens Generator.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2772"C:\Users\admin\Desktop\Discord Tokens Generator.exe" C:\Users\admin\Desktop\Discord Tokens Generator.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
4294967295
2268"C:\Users\admin\Desktop\Discord Tokens Generator.exe" C:\Users\admin\Desktop\Discord Tokens Generator.exe
Discord Tokens Generator.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
4294967295
3340C:\Windows\system32\cmd.exe /c title ThisEsteb - Discord Tokens Generator - 0 TokensC:\Windows\system32\cmd.exeDiscord Tokens Generator.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2328"C:\Windows\system32\taskmgr.exe" /4C:\Windows\system32\taskmgr.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Task Manager
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
3192"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Windows\System32\ieapfltr.datC:\Windows\system32\rundll32.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
2596"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Windows\System32\dxtrans.dllC:\Windows\system32\rundll32.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Total events
834
Read events
742
Write events
0
Delete events
0

Modification events

No data
Executable files
150
Suspicious files
6
Text files
1 832
Unknown types
4

Dropped files

PID
Process
Filename
Type
2432WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2432.215\Discord Tokens Generator.exe
MD5:
SHA256:
576Discord Tokens Generator.exeC:\Users\admin\AppData\Local\Temp\_MEI5762\Crypto\Cipher\_ARC4.cp38-win32.pydexecutable
MD5:FC1EF85BCF1D44DB6D32192EDAF931F4
SHA256:DB4284303E94A682101C2C5FB73DD35405EB04AA7392E34429263547CF5B83B2
576Discord Tokens Generator.exeC:\Users\admin\AppData\Local\Temp\_MEI5762\Crypto\Cipher\_raw_ctr.cp38-win32.pydexecutable
MD5:37424FF388C6236FEE06022A44FD3BF9
SHA256:FCE59443A5468B292100E19C30D093DB33F1DB5C032A265AF0944DF388DC62AD
576Discord Tokens Generator.exeC:\Users\admin\AppData\Local\Temp\_MEI5762\Crypto\Cipher\_raw_des3.cp38-win32.pydexecutable
MD5:9E782D4950C2BB6D3C187EC17C3B9E4C
SHA256:58085B581F2BE8761ABF22163B0F06C06AD285F6F8C383C1BB980F61C13DD37B
576Discord Tokens Generator.exeC:\Users\admin\AppData\Local\Temp\_MEI5762\Crypto\Cipher\_raw_aesni.cp38-win32.pydexecutable
MD5:5D5C1BC6C74C7C83F27BA9C8C6638863
SHA256:53D8A935D07BC307692EB1AF1369C62E7AA051224178344270C6A2003394B67B
576Discord Tokens Generator.exeC:\Users\admin\AppData\Local\Temp\_MEI5762\Crypto\Cipher\_raw_blowfish.cp38-win32.pydexecutable
MD5:9B219BBC67D899C608718FB267B9E786
SHA256:90E8448B0BAD3AC2AF599488D9BA4E43C93FF83193B3E8F37D43C8F2D13A63EE
576Discord Tokens Generator.exeC:\Users\admin\AppData\Local\Temp\_MEI5762\Crypto\Cipher\_raw_eksblowfish.cp38-win32.pydexecutable
MD5:7229F3B936ED26D2FB36F5E748109CA2
SHA256:FF6081A2735B603CC9F984CC67E0A0A02EF5F9F8BE9F5CB3550557619230818D
576Discord Tokens Generator.exeC:\Users\admin\AppData\Local\Temp\_MEI5762\Crypto\Cipher\_chacha20.cp38-win32.pydexecutable
MD5:100BE873039DF2C8A2DA4F9554BAEEA3
SHA256:4861F5CA729112D56C4CD6B3301AACB2803DAF6371BD3992D4339E4BAE968AF5
576Discord Tokens Generator.exeC:\Users\admin\AppData\Local\Temp\_MEI5762\Crypto\Cipher\_raw_aes.cp38-win32.pydexecutable
MD5:662BF265439BB6C3A009EE41DBC4F6E4
SHA256:E73E54B991A1D5BDDD2E8497AEA1598D2A14602D3A12108F84FB685C34EFC239
576Discord Tokens Generator.exeC:\Users\admin\AppData\Local\Temp\_MEI5762\Crypto\Cipher\_raw_ofb.cp38-win32.pydexecutable
MD5:2716F30AAE6E61C5728335E761B03E15
SHA256:7CFEF91BC4AAE67AD950F47A1A8D1A8115F847CC46DC0EA56C10474D1D0DA526
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
2
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1908
Discord Tokens Generator.exe
162.159.136.232:443
discord.com
Cloudflare Inc
shared
2268
Discord Tokens Generator.exe
162.159.136.232:443
discord.com
Cloudflare Inc
shared

DNS requests

Domain
IP
Reputation
discord.com
  • 162.159.136.232
  • 162.159.138.232
  • 162.159.128.233
  • 162.159.135.232
  • 162.159.137.232
whitelisted

Threats

No threats detected
No debug info