Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
27/09/2024, 17:49
240927-wea82atajr 1Analysis
-
max time kernel
78s -
max time network
79s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
27/09/2024, 17:49
Static task
static1
Behavioral task
behavioral1
Sample
ckid dlc/deltacrack.bat
Resource
win11-20240802-en
2 signatures
150 seconds
General
-
Target
ckid dlc/deltacrack.bat
-
Size
123B
-
MD5
96eb649c4244d58c86d59f065033e2b9
-
SHA1
ebe22fd7302925c977efd60548839893e6371861
-
SHA256
5a237a3cf4cbce8b78ad5a7d59f22230bc9d668d9aec141c0caee16741157115
-
SHA512
89410d2a0d392feb1dd5a0fe3d983a01a1d54e0f9b7bb02a38056da9169e98e5a69c7f79877be9300105dd0fae91115ca0befe403013e562f9b907f9b09eb91f
Score
1/10
Malware Config
Signatures
-
Modifies registry key 1 TTPs 1 IoCs
pid Process 4088 reg.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 2544 wrote to memory of 4088 2544 cmd.exe 79 PID 2544 wrote to memory of 4088 2544 cmd.exe 79
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ckid dlc\deltacrack.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:2544 -
C:\Windows\system32\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop /t REG_DWORD /d 1 /f2⤵
- Modifies registry key
PID:4088
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2964