Overview
overview
6Static
static
3Delta.zip
windows7-x64
1Delta.zip
windows10-2004-x64
1Delta.exe
windows7-x64
3Delta.exe
windows10-2004-x64
6ICSharpCod...it.dll
windows7-x64
1ICSharpCod...it.dll
windows10-2004-x64
1Newtonsoft.Json.dll
windows7-x64
1Newtonsoft.Json.dll
windows10-2004-x64
1bin/590.dll
windows7-x64
1bin/590.dll
windows10-2004-x64
3bin/592.dll
windows7-x64
1bin/592.dll
windows10-2004-x64
3bin/Fluxte...PI.dll
windows7-x64
1bin/Fluxte...PI.dll
windows10-2004-x64
1bin/lua.xml
windows7-x64
1bin/lua.xml
windows10-2004-x64
1bin/modules.json
windows7-x64
3bin/modules.json
windows10-2004-x64
3bin/vers.txt
windows7-x64
1bin/vers.txt
windows10-2004-x64
1scripts/Pu...re.txt
windows7-x64
1scripts/Pu...re.txt
windows10-2004-x64
1Analysis
-
max time kernel
1800s -
max time network
1567s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
01-05-2024 11:29
Static task
static1
Behavioral task
behavioral1
Sample
Delta.zip
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Delta.zip
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Delta.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
Delta.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
ICSharpCode.AvalonEdit.dll
Resource
win7-20240419-en
Behavioral task
behavioral6
Sample
ICSharpCode.AvalonEdit.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral7
Sample
Newtonsoft.Json.dll
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
Newtonsoft.Json.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
bin/590.dll
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
bin/590.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
bin/592.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
bin/592.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral13
Sample
bin/Fluxteam_net_API.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
bin/Fluxteam_net_API.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral15
Sample
bin/lua.xml
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
bin/lua.xml
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
bin/modules.json
Resource
win7-20240215-en
Behavioral task
behavioral18
Sample
bin/modules.json
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
bin/vers.txt
Resource
win7-20240419-en
Behavioral task
behavioral20
Sample
bin/vers.txt
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
scripts/Put your own scripts in here.txt
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
scripts/Put your own scripts in here.txt
Resource
win10v2004-20240419-en
General
-
Target
Delta.zip
-
Size
22.3MB
-
MD5
6b64a2f7831e6cf0117a8d6a4cea6ae2
-
SHA1
04a7e65a2620902db72474eb701d1acc97d3af24
-
SHA256
083cda81a6a7f3e61278ecdde6bc97c1d910499413a15624cfcbe6a93053bea3
-
SHA512
35e96558eb4bb2c8c8c217735e61a84aeeb832540016d0b87ea7b46570c61473eb88c2ebc2157aab1e49244f8d4508a0b422df4c906c515dc7cbd111ea2fbdc0
-
SSDEEP
393216:DWMxngsjcPthN4cUiU/nVMX0Of/qetTEff7ixNk+y2OEMMF5ICvzKKJChMoLX:DzUNiaE4/qeNq7ifk/iMMrGqChb7
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1956 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1956 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe 1956 taskmgr.exe
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Delta.zip1⤵PID:1692
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2412
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1956