Analysis
-
max time kernel
1556s -
max time network
1557s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
28-06-2024 15:09
General
-
Target
dead.builder.exe
-
Size
3.5MB
-
MD5
843cb08b973c9003b0fb086da217b63d
-
SHA1
0fd13e058ae7ffd15b8a303700710e879a5927f9
-
SHA256
664ee273d850e82e2b13819c224a46e08f1740ded02deed3df51074788cfb3d2
-
SHA512
f46cb8f145d26223d2f4b4d49462c9f06202cd2803f9760a76eb2a5bf2bd94b1ae6995b687c5f1e6e00c7a41037c9557d35285e4769ecbe39af5241dd6cfee02
-
SSDEEP
98304:FkjozJ9/im8XVBKl6tmJVP2sRx/E0T7zN3HtHMSGuA+i1i:5zJpjS346tmJ1ds+7ptHM9uAm
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 8 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 40 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dead.builder.exe"C:\Users\Admin\AppData\Local\Temp\dead.builder.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/VYsbQ7DEWk2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1644 -s 9962⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCCFilesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCCFilesize
252B
MD5208ed1445f680f350c56ee97c74a2e25
SHA1be2901dad869553ce793c805c3b4a53d2cf630fb
SHA2563fd6b80bfa3928937535b933d52d9f84e1b001debf94e66cb527d26c7e6b4680
SHA512af2f7c4d6a004d0f9147ee1b71efceaecb69d45c3e83c7d59113e893485a04e6a4c196166f9984f607ce872d94ef773fe0d737470e305795f72b60c88a09f684
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD50f60fbd2bd4453e729f54e8bfe6de6c8
SHA143ac47dcc4caf52532ce828a2d3774ead304796d
SHA256fba7e54feb637bf46157a13a61f7a2c4b2c19f02410708c710dd0eea4b583635
SHA51230f239bfb53e3c27d0bdc2f050fd9edd1fd976c56f63f2a7747974ad554f9fbb4cedcc7003045293c220798510b5d3f9f39b9924661bdeef98b3b378cb262b78
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5485cf39238f59ad48b1acf59ea8f8b31
SHA1af99d35dbace47f55ca2aa818f3d8b84ac72db93
SHA2565b4be93f29b184cd1f0177b766b1d7b7cb9830dac8e87123607b5c0f989d3640
SHA5125aeb859085308b463e30093508934ae080cc968dbcea518089db29572cbf342e17a667876159c894e4bdc1e6cb3882842cf652f44fd97bee69c2d9fcdb24e955
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD583e0afd55cb6fcc79e807ddc1a405209
SHA1911d584f8a2f8c3c8ff4b1735d6d734b8fb016ae
SHA25608b87adf49624868193fecc68e08d99c3abd687ff830937ef3fe50260889da14
SHA5125e08b67e3579bfa35c833f904b81b9a42f0457ed9d16d5c54fba7c6cec5baade937239d9c1ebf2a424e96aa1e0fe2b0a4d5935c05f98e741f13003cb307dac11
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5ad427eae4067794d34fd47841ee2a815
SHA11f28906ae4d654e0a2b8ab125f7fa4bc1e89ec65
SHA25645e893208440fc49a200a1c783d10dffb195981f6cde4062dd71e676d2486dec
SHA512c5ff69fde294de4072eb16f0d0389379be33fa62f117d8638371d3d2e4decf4b9b37ffd40f93e5ce8e00e058de187280290fe20d9e27d5efa0cdb04134a023aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD53386b9340f4db58d04a2468d7c93fb6e
SHA1f18f1d6de70d07860df096baf483684be85a4a86
SHA256f5f9e6316ada34c208e952f1b8009e80a729a5f849942330dfe4d3a77cbc7ade
SHA51298b9829140ea6cadc4ad9a3e3eddc350f8f45035c91eb0f191467394d07526565ed4f43b429ccbbaa71adb27d06b9d4bb5c61e118cc5ed627bf22136e0c5ff15
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD50892dc8166d7fd39bc188c6dca3d00b0
SHA1335ae1a604d71c64e35b0a9ac10fd8cc6fb82656
SHA25610395c34a47097f03506f3f7a37b4a322eeeda86648973393a231feacd2ca572
SHA512f2c375f7d0b6b78a4b4842870ce704175464c7c8dd3418fa474c323d629c853d8e7931289613148270a982d76cc0634ab98a61a04c390436ecea677338ec453a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5992debfb06a9118115b41bda390b2da7
SHA1666a49db3467a79b279c47bff1d6c8797ca1ab6e
SHA25671eaed3ab08272cca56556fad14c89420b6b151176d386077011831ad9d47ab9
SHA512ff41d1dd70dfeb561718607fd59617104c7205ce98c19500a45a4110a7a5df17bfefca68d80e0ccd50660f6ce0fbdd5649d847b06ed01874ae0c026ed8812cc2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5de8b472d62ab7030f564f1c866be861f
SHA14bf0dd2d231a065c4f9b2f33d20ffd8a5862b7c8
SHA2569ee1c4dc3893c7c8391d3a314bccf78ee1baa325d3e5e285520248e0d073f2fa
SHA5126788846d379c2b753aa7074576dad6b8edc4790e1cc4c683f57f64c986d556712c2e51389354ccc100037c08e0d64fe77c4d929c2e730b9c0ed6066f17dd1662
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5e42a75b467e327151c474ece3229cbe6
SHA14d42837b4d010304bfbb9a0a9857f244adfc9cf6
SHA25643ba463b1c8b8e7e65550f2673c74850adb31494bef59dde88a8e864f98d6ed8
SHA512c27d3397801ebae4baf7bd036ec65e2432033acdda5b9b84f14d8b0649dd3a63d1a9c3faf55f2d359fbcb1135f7a26e8a4b695cdc05c15f77158d64730299f61
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD54669a64a1405e9f89d16a26916fe4c43
SHA12002b329623e4811bedce54f885177f71fb4655f
SHA256f41bab2f9ff94b20ade1c2c7336dacf747d1a24aab8a1fa913eb43ac86e81af0
SHA51257158b9f2f79ce83b77e79a3e250829133ac2006e75cf8654e1d707185e8726d07a58239438f11db290be2a8f1ad489ca272aea4fe183cfc8db846b7ea02e470
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD50e03a721f0a3885ee06b2188393da48a
SHA1a5a9716bd6a6db42a716270fece0ebe650941ea3
SHA256149ec9964c934b175c344e8e9f4ee4a5c22f9a8df6063184b9b5d33bae1dcbd1
SHA512a4872a6abb02d7e9b0ee891313e6bd5f29e2dc22b3496bed624ff05b39e7c9dc165043a70f5b2b6e16e74324342c4f45ae98e9c8d2233f37fdfc533fa01a2eec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5ea8203ffe9bf59e94eff1451c472e55b
SHA1986539b52e25aa03237653fbaf744716cd618733
SHA25658ebcb154eaa400342a23e30ab7c86377532a0f7351724fba6f179bd8a60e06c
SHA51282587c81db79bf4fca2ec4849ae3f9cb57c186a6db3cab7126d6e2c3b3c019fedc8e0d9f9afc5db79b605b3c62567a15ac96da003358cb8bf9f688cc9eb6a958
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD57a169739f5ef9c785ca845950ee64115
SHA1d53c6017e1f952d0c3c0b7668869b6d44568c7c2
SHA2561b0a03c4c2856982f8ea2f957c751851a2f98227869e19d685b83dd58dde9503
SHA512ca7669808cc2353de6365485e6098a83a132076bbad38d1b195ddae162df8db66610e9acd815dd22babcb27e885d4f31f9685e05811d3c7dcdc6265d2b79efe1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD59c8b0e624adee8b5410798d0716cf286
SHA19ad01ce7142548b9a1a58e49c59f7a00915e7787
SHA25690ffa157b686776e65a4c89f33d86719bc4d3b87a5d139bc8fd0b0c80ba04e42
SHA512d73d3830c3c8519f7f0d819c9c43df432193f8cbdec2fe0a2696c6ff8bb544bc36b47a2526fe32c3ba4aff8b6e12634e768a985e0a6b40de043dcc32c7dd85ee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5b93954e16e94bba3601a709867c0f4b8
SHA132bbe170c1ad85ff5b4719e10a210a9b39f3730a
SHA25691a1f2be212f6c099c8196b9aad59ee589e4c21c800ca9bfd81689b398e875b3
SHA512cc6c26d1af75c3036a7f09b80bd425f8543e34e583bafd72740504a779130e46e7156fb66b5e18af3f4fc69aa8218edaa13ba3ca2caf582b80e10aa9a9d5db04
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5d054f59b690a18898975af489fddfa2f
SHA11ca5ec7e0752c1aa1d1009736d89455c93c75f7e
SHA2567861b857dd3cdf5176adf69681781b3e9b9c126d4cf28e28f695d3723fd3059e
SHA512698bd8234d37253e903c0663c1714cdac325c98b7c4e36ae5261011dde621958264793c1f6142e438c1e3f1fc3764e50f64de4e002d19648a56b1eac48a0d987
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD51611621d97171236df68621e4dbe23d9
SHA1d3296fc72b96b927ceec330cf00452198321b948
SHA256cdea07026bbca195b6c27f6c37322b41f90005dbc6c453f50aea63467fdede19
SHA5122da6846340950ee3ca4b3640ee82a8bf4ce11e79d571e1acf2de4cb2fa8fd55b9b4a6eb7206b18a81648ef0de3a39ba0eb6202e9bb5be04264e32c440e55a80a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD53e33ce863ef399581b71611efa3376f2
SHA1a3a1dde43cd20848f10e2c190423022c47e05bab
SHA256ec5ae7eb0106f2fdfb0f50342eeb6621c926a3011715268246194ff1ea5ce3ea
SHA5120bc8d8860ea54cc575923137356ab1fbb3893ee61f052e3e03c9f3ee676634df807062d9c7faca37dbc8abd38b10aea31cd33037e16f66b85a0801f685868576
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD57dab3026e9501b5f33c44081bd927828
SHA1ccf8667b20ddc743e00f943b20ee63583fb08899
SHA2562536389164be77e9cc14291c6eff9f2a5edc4075b95fab91df64c23e7346aed9
SHA51262a50ed3ecb3d2cb4420708c97fc963015ca090ff62420795905bcc63a7531273576ca0bb68e22b93a17b9039d46ac937b927d9934a50745e20b92c421496dea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5974bdd4d064ec165053b41a510b60023
SHA1eb9688206902b28065f89ede3c0626ddda5b9437
SHA2569db9de2dd0c81ec5f505dd30149205f68c99bff7e3a4e4dc5c6b569034846d2e
SHA512f4f7f3b7da5f39ae406bb9362095d08218092b0ec4727f9beab9148af4216a1e7c3576ec51e5f1771c04369c4425a1d0f41d6c8097bee79cacddd55d6bb3a8e9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5cb4e27259e32b5a45717f5f9653d15f6
SHA1eb420ad3eb5ed54f9e4cf84c745a4ac3888d02d3
SHA256b952e8db5d5da0bd5d9fb296204a0aa9fc1b07f5dbea2c648f58f0c0be57bff1
SHA512d25e2fa05a9d49ff6675da19aaca989d857e850aafc04af1c17d7a04d94ddd4d169abe73c5c75335a1124e4063c9f4f578a45ca90129e8268482242b4d4a6888
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD555d6c3c83c1826d73e95f14bf8a57d30
SHA17e72bba336d992f05bc5d1b2a19bc3a4b58dcfd9
SHA256809daf456495257b6f92e39602a6f71ea523e09cc5b4092588f4b50eff7a51bf
SHA5128048247bdfe2deaee5a0200ec1d9925090656cee0bd89d0a22882cd196946dfe344330e98e6dba3c717c13dd50f0852af77085271814e9ca5f2538fa85450553
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357Filesize
242B
MD5cbbe515799b05f2c302917f62fc7d4f8
SHA11f60aebc2b6c11fa4a3f7d55ca094173a759352c
SHA2560d9bd9f08db74f45a993720775762e8efe300abfe2140174de8c96d9b7d53f1a
SHA51214340d150f2f37420bdf0adee2b4d0e039016543bfa6a9e9eae54f7358f6720539020c92ac8d2708f0f3f34df4fef430e5a205265ee01878121344f86284da39
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\92mvs6j\imagestore.datFilesize
24KB
MD5c54e95b3abb343fa071b518eb198eba4
SHA13a93e87bbbfa09e1a252570194921551e98d755b
SHA25674ac72c3492b2426d62012cad01105c685df9c0dcafa194dbf2dfad7daeb60c6
SHA512c6cc76132f5465a742095999240881c08ccef4b7e7449d8ed0d0694adbb92900e6b63931ece8a620a4031e700965c35f8e2a1ca6d19c4fceb856e85413e0d522
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\favicon[1].icoFilesize
23KB
MD5ec2c34cadd4b5f4594415127380a85e6
SHA1e7e129270da0153510ef04a148d08702b980b679
SHA256128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7
SHA512c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c
-
C:\Users\Admin\AppData\Local\Temp\Cab50FF.tmpFilesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\Local\Temp\Tar51A2.tmpFilesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
memory/1644-11-0x000000001B960000-0x000000001BA76000-memory.dmpFilesize
1.1MB
-
memory/1644-8-0x000000001AB10000-0x000000001AB7E000-memory.dmpFilesize
440KB
-
memory/1644-14-0x000007FEF5A70000-0x000007FEF645C000-memory.dmpFilesize
9.9MB
-
memory/1644-13-0x000007FEF5A70000-0x000007FEF645C000-memory.dmpFilesize
9.9MB
-
memory/1644-12-0x0000000002430000-0x0000000002460000-memory.dmpFilesize
192KB
-
memory/1644-0-0x000007FEF5A73000-0x000007FEF5A74000-memory.dmpFilesize
4KB
-
memory/1644-604-0x000007FEF5A73000-0x000007FEF5A74000-memory.dmpFilesize
4KB
-
memory/1644-10-0x000000001B6D0000-0x000000001B81A000-memory.dmpFilesize
1.3MB
-
memory/1644-9-0x00000000004E0000-0x00000000004FE000-memory.dmpFilesize
120KB
-
memory/1644-605-0x000007FEF5A70000-0x000007FEF645C000-memory.dmpFilesize
9.9MB
-
memory/1644-6-0x0000000000950000-0x00000000009AA000-memory.dmpFilesize
360KB
-
memory/1644-7-0x00000000004D0000-0x00000000004E0000-memory.dmpFilesize
64KB
-
memory/1644-4-0x0000000000420000-0x000000000042E000-memory.dmpFilesize
56KB
-
memory/1644-5-0x000007FEF5A70000-0x000007FEF645C000-memory.dmpFilesize
9.9MB
-
memory/1644-3-0x00000000004B0000-0x00000000004D0000-memory.dmpFilesize
128KB
-
memory/1644-2-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/1644-1-0x0000000000A40000-0x0000000000DC2000-memory.dmpFilesize
3.5MB