Analysis
-
max time kernel
29s -
max time network
29s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 01:39
Static task
static1
Behavioral task
behavioral1
Sample
Delta V3.61 b_24274870.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Delta V3.61 b_24274870.exe
Resource
win10v2004-20240508-en
General
-
Target
Delta V3.61 b_24274870.exe
-
Size
9.5MB
-
MD5
3d50042e3e3991be509f56a2951a2183
-
SHA1
f027790afe9d7ce2ddf17973f0778fb9e983ded1
-
SHA256
76eee256f1223082e8396611baca498542c656edd0fac5fe903e06e6cb5677e2
-
SHA512
120c6a7778bd9f65f469d3335987b780e736bd895ed944d0988372f891b48f9ba09b50ed9dcffd0bf1fa23a12e215ed1f1ffe75d11c925ff4c08d3e48259a873
-
SSDEEP
196608:xoEToOU9+86NdnrqNnHmQ3bKfIiaNPFHNRsiK:xLTtU/QxrqNHL3bIIiEHMn
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
setup24274870.exepid process 2832 setup24274870.exe -
Loads dropped DLL 2 IoCs
Processes:
Delta V3.61 b_24274870.exesetup24274870.exepid process 1424 Delta V3.61 b_24274870.exe 2832 setup24274870.exe -
Modifies registry class 2 IoCs
Processes:
Delta V3.61 b_24274870.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_CLASSES\Opera GXStable Delta V3.61 b_24274870.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable Delta V3.61 b_24274870.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
Delta V3.61 b_24274870.exepid process 1424 Delta V3.61 b_24274870.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
Delta V3.61 b_24274870.exedescription pid process target process PID 1424 wrote to memory of 2832 1424 Delta V3.61 b_24274870.exe setup24274870.exe PID 1424 wrote to memory of 2832 1424 Delta V3.61 b_24274870.exe setup24274870.exe PID 1424 wrote to memory of 2832 1424 Delta V3.61 b_24274870.exe setup24274870.exe PID 1424 wrote to memory of 2832 1424 Delta V3.61 b_24274870.exe setup24274870.exe PID 1424 wrote to memory of 2832 1424 Delta V3.61 b_24274870.exe setup24274870.exe PID 1424 wrote to memory of 2832 1424 Delta V3.61 b_24274870.exe setup24274870.exe PID 1424 wrote to memory of 2832 1424 Delta V3.61 b_24274870.exe setup24274870.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_24274870.exe"C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_24274870.exe"1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1424 -
C:\Users\Admin\AppData\Local\setup24274870.exeC:\Users\Admin\AppData\Local\setup24274870.exe hhwnd=459042 hreturntoinstaller hextras=id:--2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2832
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
151KB
MD572990c7e32ee6c811ea3d2ea64523234
SHA1a7fcbf83ec6eefb2235d40f51d0d6172d364b822
SHA256e77e0b4f2762f76a3eaaadf5a3138a35ec06ece80edc4b3396de7a601f8da1b3
SHA5122908b8c387d46b6329f027bc1e21a230e5b5c32460f8667db32746bc5f12f86927faa10866961cb2c45f6d594941f6828f9078ae7209a27053f6d11586fd2682
-
Filesize
47KB
MD59b50825dc7a3a4206d5030a4327bd7d8
SHA1fa094ae461e7780b72f657710a8a74c12f7e6a55
SHA2563782162141cbc9b367c13856e05baf07338e44257160d905712b9abaf09eef3d
SHA512f671cd738760ecd63c25a4a2798b982e134178d488a4f0e80e4f535d575b21a496d5d195ce72b3d91e4d4fd94e9c79cf864bf6a0f01b7dcf46f7b295f1b5d88e
-
Filesize
3.8MB
MD529d3a70cec060614e1691e64162a6c1e
SHA1ce4daf2b1d39a1a881635b393450e435bfb7f7d1
SHA256cc70b093a19610e9752794d757aec9ef07ca862ea9267ec6f9cc92b2aa882c72
SHA51269d07437714259536373872e8b086fc4548f586e389f67e50f56d343e980546f92b8a13f28c853fc1daf187261087a9dceb33769ba2031c42382742d86c60e4b