570214111b2a2381015c3607441a5645eac508a8267b6fc007a861fc07ef17ec

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 08:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DeathNetv7.1.exe
Size

6.7MB
MD5

a7534b98272a21d058c5873636adacee
SHA1

debf2595890bf9dacf16c707d0ffc7efc98f410b
SHA256

570214111b2a2381015c3607441a5645eac508a8267b6fc007a861fc07ef17ec
SHA512

5ad6f1b18ad282796de33deca061be51d3f3806d37e5e1ccafbb675df1ff1f1c352da4fe6e6a8171674929dd293dedfd70344050baf7e4056dfdfdf80ddff7ce
SSDEEP

196608:ylSCTWeeA3tlKXqXWnAGQIz6qu7ikZCN78VgbKqKeJ:GSCTWeeGlKjArIxky78mbMe

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 25 IoCs

pid	Process
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe
2872	DeathNetv7.1.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
560	powershell.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 35	2872	DeathNetv7.1.exe
Token: SeDebugPrivilege	560	powershell.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 2872	2276	DeathNetv7.1.exe	29
PID 2276 wrote to memory of 2872	2276	DeathNetv7.1.exe	29
PID 2276 wrote to memory of 2872	2276	DeathNetv7.1.exe	29
PID 2872 wrote to memory of 560	2872	DeathNetv7.1.exe	30
PID 2872 wrote to memory of 560	2872	DeathNetv7.1.exe	30
PID 2872 wrote to memory of 560	2872	DeathNetv7.1.exe	30
PID 560 wrote to memory of 1084	560	powershell.exe	32
PID 560 wrote to memory of 1084	560	powershell.exe	32
PID 560 wrote to memory of 1084	560	powershell.exe	32

C:\Users\Admin\AppData\Local\Temp\DeathNetv7.1.exe
"C:\Users\Admin\AppData\Local\Temp\DeathNetv7.1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Users\Admin\AppData\Local\Temp\DeathNetv7.1.exe
  "C:\Users\Admin\AppData\Local\Temp\DeathNetv7.1.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2872
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -Command -
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:560
  - - C:\Windows\system32\netsh.exe
      "C:\Windows\system32\netsh.exe" interface ipv6 show route level=verbose
      4⤵
      PID:1084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI22762\DeathNetv7.1.exe.manifest

Filesize
1KB

MD5
88dadc5e4d5c118532392f2217d09660

SHA1
d2ece42f50c991a8b28c0add4475302edcf20aa6

SHA256
27e4d40ef18a4b1a3d60523f50da3df07aba730faf8cf713d4c904cc0310842d

SHA512
482d6be2f67f6a2fd35e5f1000ab86822b4d190691f7cf37675d1dfd40838b726c99eb2df4d199752d0fb24619d08a3a3acfa16f3af61f9a89c4f9508852f477

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\_ctypes.pyd

Filesize
129KB

MD5
2f21f50d2252e3083555a724ca57b71e

SHA1
49ec351d569a466284b8cc55ee9aeaf3fbf20099

SHA256
09887f07f4316057d3c87e3a907c2235dc6547e54ed4f5f9125f99e547d58bce

SHA512
e71ff1e63105f51a4516498cd09f8156d7208758c5dc9a74e7654844e5cefc6e84f8fe98a1f1bd7a459a98965fbe913cb5edb552fffa1e33dfda709f918dddeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\_decimal.pyd

Filesize
266KB

MD5
ffa3400512beeb602ffae7c5895b231b

SHA1
a200ca5cfa9b7600e9a6544acd625ca189824814

SHA256
00cd2844a63920a7a09cc61364ef556643c9d05c9ed3885b28f2ef6f81acc5f7

SHA512
e4533ed3fcb8236863527703040c20736cbd36e8fc0a2d0698121a17d72c6848a38538a8962bc1e941a81087b5853619dcbf35540e322aedf5eb860bd1d03f77

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\_hashlib.pyd

Filesize
38KB

MD5
c3b19ad5381b9832e313a448de7c5210

SHA1
51777d53e1ea5592efede1ed349418345b55f367

SHA256
bdf4a536f783958357d2e0055debdc3cf7790ee28beb286452eec0354a346bdc

SHA512
7f8d3b79a58612e850d18e8952d14793e974483c688b5daee217baaa83120fd50d1e036ca4a1b59d748b22951744377257d2a8f094a4b4de1f79fecd4bf06afb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\_lzma.pyd

Filesize
251KB

MD5
a567a2ecb4737e5b70500eac25f23049

SHA1
951673dd1a8b5a7f774d34f61b765da2b4026cab

SHA256
a4cba6d82369c57cb38a32d4dacb99225f58206d2dd9883f6fc0355d6ddaec3d

SHA512
97f3b1c20c9a7ed52d9781d1e47f4606579faeae4d98ba09963b99cd2f13426dc0fc2aeb4bb3af18ed584c8ba9d5b6358d8e34687a1d5f74a3954b3f84d12349

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\_ssl.pyd

Filesize
120KB

MD5
d429ff3fd91943ad8539c076c2a0c75f

SHA1
bb6611ddca8ebe9e4790f20366b89253a27aed02

SHA256
45c8b99ba9e832cab85e9d45b5601b7a1d744652e7f756ec6a6091e1d8398dd4

SHA512
019178eecb9fb3d531e39854685a53fa3df5a84b1424e4a195f0a51ca0587d1524fd8fbd6d4360188ea9c2f54d7019c7d335ec6dc5471128159153c2287b0e18

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\api-ms-win-crt-conio-l1-1-0.dll

Filesize
12KB

MD5
a98ec7edb339cd967e5cbd5eec174ceb

SHA1
12d54e0874928e157a357d666f4099b6f0e895f0

SHA256
f17517f46361328aebf52954dd1b9181df5a98cbdb2395701e3e73c4da7a7a84

SHA512
c32926b41d0d40da7a8824b70b6dd1958a1c02cef5d6d91409adb7d7b09576d1bf3bf08d3ba1300c79b992d8e9b1faf7c6bdd3d4e6916cab0f3002f6560e7e8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\api-ms-win-crt-environment-l1-1-0.dll

Filesize
11KB

MD5
0753722e5bd0af130c1b465f2981477c

SHA1
1d6e6702496a5d68bb50a7f96492d6fcd31267fd

SHA256
fbd4bde83228c37de6043f36a98610fa4bb053355ead44a59d33a464ccdb9fac

SHA512
0607657f33235284f577480ffbf3ffbe25a0133ce709ded6356351fb2383c15fd9a835fabc159a6efb3a481491c36eac9b825aa38cd5b87f09cb6d487764e1a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
13KB

MD5
eba98af7ba9fc4696bfd3f03d43ce07b

SHA1
24d1632cdc55d6e513888c0f119aaff418668b21

SHA256
c31cfd12bd6c3da456bada513bb381d33ebb6980465ff0d586b24fe84719b50a

SHA512
2019fac652141e1a49e85f9929132a0a84227d680488df3709243205cc69c350451be5c0ddef94a13f615aa22e09790091d21306091b4d4e996ac5f19935e86f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
c2f694722f8d98990b218ecab729b0fe

SHA1
95fd1390dd8247759b2463d9ad415d0a45fe659e

SHA256
1fc7051de0d107ac25badb41bc6062bd3a67aaf5553b6256052c65e51b548df5

SHA512
f48973d0fc2f4cf90f7e5d63ec3ca9968884a22f1139845cb01dd554c83403c23edb8067e5fa3b43b3c4079a71e2b6bd5799edb7c0dba75f8e7c753b7f4f2882

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\api-ms-win-crt-locale-l1-1-0.dll

Filesize
11KB

MD5
62ed9da33afe5624a08d9427527536fe

SHA1
15aac6f0001ca1084d449969f70a3f4ff9a5a067

SHA256
860b4ebcf673ee4c389e0ff8f502f540fd1ce8b2614a9c16b7f65cdf5c2ae0f2

SHA512
8c6c391bfb6c066fe716cb1d5f0ea84fe8af25226220602532c921af8e663a6bc95b8efda83dd196eb3f5e3dacf7262c244719791a825c1a287162f0cdce530a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\api-ms-win-crt-math-l1-1-0.dll

Filesize
20KB

MD5
cab18eac01b9fcf6a0ca74e95fadb8b7

SHA1
f5770816a0547c28780572cb24c257071ae7fd36

SHA256
7aaf66c87221eaac91c50ec1368f4accd32b63970f0e826f7ffffb2c4306664b

SHA512
c8eef88370c5696c2a27e6a857ae3675f9b800c5181837a8ec97d3eb3997e546b54761261d567ec23cc698f7e4334589784503f81620a7c932acfd66cb7e0e2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\api-ms-win-crt-process-l1-1-0.dll

Filesize
12KB

MD5
a4fa9ca07855a7f237d1908e62b5b1c7

SHA1
40906f74ccb58923f7776657484443010157db92

SHA256
733d3c3856868107e5708c92e747aac6df968a4d072328a8e8f36425d0e81770

SHA512
bb26ef58883a94dd04fc334a26f100ab7d2146d59a34903e1e0f074110a822cd1d33b940e117cae1837f08ac33e66b5157f03872e65bb8a7ee70cce7c4b9a203

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
020e0dcc82a7c5afdee3fba57c5f30d3

SHA1
ce7e1791a5326f5f527aaa0b16208f0f3997ff99

SHA256
e1bd3f4b19a0c7e574673b88b12d819d97d503350ed280ce2204afbdd7c9bc5a

SHA512
e8c2841415e3a596600fa90c551794790ac86613bcff48c81ad893b99a1a980198b8ef4bbac972da72218c1b50f2e0956a65ab1e33c502220f367ec02069223e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
6a2c655bc6b7e2edfc98b632b521697d

SHA1
f7000ba98d92ddbaf268647a4e95da5debbb332c

SHA256
7e69bbbc6ef5072b6c8e17af5f842f9959bc12335ef61cc6398d18ec8e03c41d

SHA512
23248d09e095904fc8665eea4ce3a2b937293b8ed20b70973101104bd18ad37f032bcb8a3c851af23812de560208d9c96521c9060852394eb45cf7410460cd22

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\api-ms-win-crt-time-l1-1-0.dll

Filesize
13KB

MD5
cb20ccf93e34cc08ab4b58a344e76dd1

SHA1
9895feb39e4b29799b7adb3972b774093093246b

SHA256
50cf24a5b850ab992431f98dfe208704e7bc07427f74dee9873d0146900d56f4

SHA512
72f2490f5aedced9eb0a398134360f6f2affda8d493575d3e2920a17a72f9d03397e462bf2d27fa8260f255da15fde808fe31a6388b65a1f4180ccb29a07fd7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\base_library.zip

Filesize
761KB

MD5
f3c04facda456d02534231e84137c917

SHA1
c0fb81279a6998f2f5b7b2bc80f458ec1d047cd3

SHA256
7f4a3dce0cebd74d6a2e66b8135acbfe4e7e882a1aeb71208cb88d426b6cc42a

SHA512
fe47210889971881749e2841be77b915098c3dcc3b58844352354060d30c9ae464eac6e817ea4670c637a7c9995c78f52c6e2e7ed4b64d3d1be0ce241b52d9a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\libcrypto-1_1-x64.dll

Filesize
2.4MB

MD5
022a61849adab67e3a59bcf4d0f1c40b

SHA1
fca2e1e8c30767c88f7ab5b42fe2bd9abb644672

SHA256
2a57183839c3e9cc4618fb1994c40e47672a8b6daffaa76c5f89cf2542b02c2f

SHA512
94ac596181f0887af7bf02a7ce31327ad443bb7fe2d668217953e0f0c782d19296a80de965008118708afd9bda14fd8c78f49785ebf7abcc37d166b692e88246

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\python37.dll

Filesize
3.7MB

MD5
62125a78b9be5ac58c3b55413f085028

SHA1
46c643f70dd3b3e82ab4a5d1bc979946039e35b2

SHA256
17c29e6188b022f795092d72a1fb58630a7c723d70ac5bc3990b20cd2eb2a51f

SHA512
e63f4aa8fc5cd1569ae401e283bc8e1445859131eb0db76581b941f1085670c549cbc3fedf911a21c1237b0f3f66f62b10c60e88b923fa058f7fafee18dd0fa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\select.pyd

Filesize
26KB

MD5
c30e5eccf9c62b0b0bc57ed591e16cc0

SHA1
24aece32d4f215516ee092ab72471d1e15c3ba24

SHA256
56d1a971762a1a56a73bdf64727e416ffa9395b8af4efcd218f5203d744e1268

SHA512
3e5c58428d4c166a3d6d3e153b46c4a57cca2e402001932ec90052c4689b7f5ba4c5f122d1a66d282b2a0a0c9916dc5a5b5e5f6dfc952cdb62332ac29cb7b36a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22762\VCRUNTIME140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22762\_bz2.pyd

Filesize
87KB

MD5
4079b0e80ef0f97ce35f272410bd29fe

SHA1
19ef1b81a1a0b3286bac74b6af9a18ed381bf92c

SHA256
466d21407f5b589b20c464c51bfe2be420e5a586a7f394908448545f16b08b33

SHA512
21cd5a848f69b0d1715e62dca89d1501f7f09edfe0fa2947cfc473ca72ed3355bfccd32c3a0cdd5f65311e621c89ddb67845945142a4b1bdc5c70e7f7b99ed67

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22762\_socket.pyd

Filesize
74KB

MD5
d7e7a7592338ce88e131f858a84deec6

SHA1
3add8cd9fbbf7f5fa40d8a972d9ac18282dcf357

SHA256
4ba5d0e236711bdcb29ce9c3138406f7321bd00587b6b362b4ace94379cf52d5

SHA512
96649296e8ccdc06d6787902185e21020a700436fc7007b2aa6464d0af7f9eb66a4485b3d46461106ac5f1d35403183daa1925e842e7df6f2db9e3e833b18fb4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22762\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
d8f7a8440c5b23a587d981e7b9a4892c

SHA1
4782b169363f7bb135ca2637fe8926da9b0ab60b

SHA256
177e190aca8cc88c1ad1fa1f8848f9abcbbc24a5dfd046cfff06f72fff1a3566

SHA512
60f2be466952f3c75ba8cc963832076eb99c7f29163cdd2e3c2d9e01ee3dbc29ba4eeb00b90a3d9e64146e3cd350e1675e186de6efeceac95c41174131d1d344

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22762\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
4cdce034568c1177325799a60f987f27

SHA1
43d680d815c64b4c6cdff9c212923e507c89d6aa

SHA256
b27cfa62dc7a0a115b1593d6f4b0c90ae494505dab3cceeacc013e2135d25969

SHA512
5cbf4d38059f13b7dcb78fd060846b1f44b32fc382ee8371fc44e254a68447cbbc9f0fe3eae35987b490ac90c680723a03a5b701255429e85bd206510b38611a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22762\api-ms-win-crt-utility-l1-1-0.dll

Filesize
11KB

MD5
1ea4f3d5312c15a64904a6e9e457612d

SHA1
f399df3e88b7f3a865d5a79a1873f3be5191da2f

SHA256
33ca12e689203e92d20e1407169fce64f318ac327327e833061b4aad9bac9cab

SHA512
0a2e2b69a58f74585ccb1c1d4c6200c4a2fc92ddf5bf17c2fc47b49abdc3a801f30dc2bcdd36d730f2da396ed2e2379765e2e2c0a95a69e22c7f6f3ba774388d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22762\libssl-1_1-x64.dll

Filesize
517KB

MD5
4ec3c7fe06b18086f83a18ffbb3b9b55

SHA1
31d66ffab754fe002914bff2cf58c7381f8588d9

SHA256
9d35d8dd9854a4d4205ae4eafe28c92f8d0e3ac7c494ac4a6a117f6e4b45170c

SHA512
d53ee1f7c082a27ace38bf414529d25223c46bfae1be0a1fbe0c5eab10a7b10d23571fd9812c3be591c34059a4c0028699b4bf50736582b06a17ae1ef1b5341e

Download Submit
memory/560-114-0x00000000029D0000-0x0000000002A50000-memory.dmp

Filesize
512KB

Download
memory/560-112-0x000007FEF4D80000-0x000007FEF571D000-memory.dmp

Filesize
9.6MB

Download
memory/560-115-0x00000000029D0000-0x0000000002A50000-memory.dmp

Filesize
512KB

Download
memory/560-113-0x0000000002040000-0x0000000002048000-memory.dmp

Filesize
32KB

Download
memory/560-116-0x00000000029D0000-0x0000000002A50000-memory.dmp

Filesize
512KB

Download
memory/560-117-0x000007FEF4D80000-0x000007FEF571D000-memory.dmp

Filesize
9.6MB

Download
memory/560-118-0x00000000029D0000-0x0000000002A50000-memory.dmp

Filesize
512KB

Download
memory/560-111-0x000000001B230000-0x000000001B512000-memory.dmp

Filesize
2.9MB

Download
memory/560-121-0x000007FEF4D80000-0x000007FEF571D000-memory.dmp

Filesize
9.6MB

Download
memory/560-122-0x00000000029D0000-0x0000000002A50000-memory.dmp

Filesize
512KB

Download
memory/560-123-0x00000000029D0000-0x0000000002A50000-memory.dmp

Filesize
512KB

Download
memory/560-124-0x00000000029D0000-0x0000000002A50000-memory.dmp

Filesize
512KB

Download
memory/560-125-0x00000000029D0000-0x0000000002A50000-memory.dmp

Filesize
512KB

Download