Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Delta V3.61.zip

windows10-2004-x64

7

Delta V3.61.zip

windows10-ltsc 2021-x64

1

Delta V3.61/Delta.exe

windows10-2004-x64

6

Delta V3.61/Delta.exe

windows10-ltsc 2021-x64

6

Delta V3.6...it.dll

windows10-2004-x64

1

Delta V3.6...it.dll

windows10-ltsc 2021-x64

1

Delta V3.6...on.dll

windows10-2004-x64

1

Delta V3.6...on.dll

windows10-ltsc 2021-x64

1

Delta V3.6...90.dll

windows10-2004-x64

3

Delta V3.6...90.dll

windows10-ltsc 2021-x64

3

Delta V3.6...92.dll

windows10-2004-x64

3

Delta V3.6...92.dll

windows10-ltsc 2021-x64

3

Delta V3.6...PI.dll

windows10-2004-x64

3

Delta V3.6...PI.dll

windows10-ltsc 2021-x64

3

Delta V3.6...ua.xml

windows10-2004-x64

1

Delta V3.6...ua.xml

windows10-ltsc 2021-x64

3

Delta V3.6...s.json

windows10-2004-x64

3

Delta V3.6...s.json

windows10-ltsc 2021-x64

3

Delta V3.6...rs.txt

windows10-2004-x64

1

Delta V3.6...rs.txt

windows10-ltsc 2021-x64

1

Delta V3.6...re.txt

windows10-2004-x64

1

Delta V3.6...re.txt

windows10-ltsc 2021-x64

1

Resubmissions

07/11/2024, 21:24 UTC

241107-z8z12ayfnb 8

07/11/2024, 21:23 UTC

241107-z8jdaa1pdl 6

07/11/2024, 21:21 UTC

241107-z7ptnsyjdx 7

Analysis

  • max time kernel
    1375s
  • max time network
    1436s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    07/11/2024, 21:21 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Delta V3.61/bin/vers.txt

  • Size

    5B

  • MD5

    8ec516f474a8e25c087b7046e5ce5fa5

  • SHA1

    47e4e5e5db6430b04cc2b2047c0059540c03075a

  • SHA256

    9ef2074444610f6b60ee6c9bc840ae83b0dcf1669ce282abf7aecb74d2dfc8b3

  • SHA512

    e26db8507f89eaf5c689174dd30d2b02e26a120370217a058e28602ce1c92b3469174a98396f37526b44c3d3be7744ec189f2f32e4930d758c765962f5aff0f1

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\vers.txt"
    1⤵
      PID:2472

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      196.249.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      196.249.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      0.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      77.190.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      77.190.18.2.in-addr.arpa
      IN PTR
      Response
      77.190.18.2.in-addr.arpa
      IN PTR
      a2-18-190-77deploystaticakamaitechnologiescom
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      217.106.137.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.106.137.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      212.20.149.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      212.20.149.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      71.209.201.84.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      71.209.201.84.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      43.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      24.73.42.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      24.73.42.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      fd.api.iris.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      fd.api.iris.microsoft.com
      IN A
      Response
      fd.api.iris.microsoft.com
      IN CNAME
      fd-api-iris.trafficmanager.net
      fd-api-iris.trafficmanager.net
      IN CNAME
      iris-de-ppe-azsc-v2-frc.francecentral.cloudapp.azure.com
      iris-de-ppe-azsc-v2-frc.francecentral.cloudapp.azure.com
      IN A
      20.74.19.45
    • flag-fr
      GET
      https://fd.api.iris.microsoft.com/v4/api/selection?&asid=D1F3EF040E0C4BA1BE315FA90567F9EC&nct=1&placement=88000677&bcnt=30&country=US&locale=en-US&poptin=0&fmt=json&clr=cdmlite&arch=AMD64&concp=0&d3dfl=D3D_FEATURE_LEVEL_12_1&devfam=Windows.Desktop&devosver=10.0.19044.4529&dinst=1729692971&dmret=0&drgng=244&flightbranch=&flightring=Retail&localid=w%3A11E14D59-6FBC-662D-AFD4-9FD69C7CEDC9&osbranch=vb_release&oslocale=en-US&osret=1&ossku=EnterpriseS&osskuid=125&prccn=2&prccs=4192&prcmf=AuthenticAMD&procm=Intel%20Core%20Processor%20%28Broadwell%29&ram=4095&tinst=Client&tl=1&pat=0&smc=0&sac=0&disphorzres=1280&dispsize=14.7&dispvertres=720&ldisphorzres=1280&ldispvertres=720&moncnt=1&cpdsk=241361&frdsk=209783&lo=22048&tsu=22048
      Remote address:
      20.74.19.45:443
      Request
      GET /v4/api/selection?&asid=D1F3EF040E0C4BA1BE315FA90567F9EC&nct=1&placement=88000677&bcnt=30&country=US&locale=en-US&poptin=0&fmt=json&clr=cdmlite&arch=AMD64&concp=0&d3dfl=D3D_FEATURE_LEVEL_12_1&devfam=Windows.Desktop&devosver=10.0.19044.4529&dinst=1729692971&dmret=0&drgng=244&flightbranch=&flightring=Retail&localid=w%3A11E14D59-6FBC-662D-AFD4-9FD69C7CEDC9&osbranch=vb_release&oslocale=en-US&osret=1&ossku=EnterpriseS&osskuid=125&prccn=2&prccs=4192&prcmf=AuthenticAMD&procm=Intel%20Core%20Processor%20%28Broadwell%29&ram=4095&tinst=Client&tl=1&pat=0&smc=0&sac=0&disphorzres=1280&dispsize=14.7&dispvertres=720&ldisphorzres=1280&ldispvertres=720&moncnt=1&cpdsk=241361&frdsk=209783&lo=22048&tsu=22048 HTTP/2.0
      host: fd.api.iris.microsoft.com
      accept-encoding: gzip, deflate
      x-sdk-hw-token: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAc4dv1FuWXAgdLYUN+OpLtNrvazvzUekFQ5WFyFqpy7u8yqvxP3WHtud6lta12zUFuoQ9CTEn3Z08Qa7JwS/BDUx/5AG/5HWlLCe/7ca8vgJy+q3SRvxXqgnhyRI5jJynNBSk42yEgCF/taa9t36mXWYwEzbiTW0lTE+P+RVB6U0PUg+Ii9jzSCMsGpHaywSJ18qOZnc/GQ9bXes9I2M28am1PHFMXIyoEk7Cd7WIr3u21SHdYUEJJyFCmDAZPghSFBhk9ngU6BDv0HvB95YG+byZq4Vp977mBMfjGpobiQb0vYVDhf+y1aUp6u7Sb5TyWkMkRZ2DW11D57OXUjcKGAQZgAAEJexqS5uJCxOJjJLXNVaoZWwAYeAE+JuAzcBrAlOtA2UDdKV0qciZluW/hynM/C76ur/Uv3jCw2wcfdP7SledXhoMx6Bztf5w75ZoWPiLiw+Lvbgj96fR8YcChfhfopi8nMG3V8WHqeRpRGZZgjXdzh3pKhjjohYvpPCReB1rxXdjCgbG22h7qJvh7h2z/XHcuYnMFXPRgLzlmvlHgliX9gvhMLuGHSGd7yTh3E8b+yQF0r0QHqN9RgMgU3zUw7bdmzfWq07/yhXGTqWhA2ffvudvLBx4mk+X23ZSmVTsqZEdicOHLe/fcv7kKdejgvrgqcKZ7XA3Amd6CdqkZ8+VwYntd27/qyFNNrB/MxdX8HFJTIuMVP8zmzpO0ZkrduRyJBWj8PdvMri0gUuN51u1lUJJnbsroJm3X7fvTPCLpN/Rt2VIQjJbUX+WjtZN/xXB+bqfbNMjCK/5TaZibUAFqrropFwAQhce8F3koQhrg1vnFghURiCExYKvTnMDpZlZBytEe69kY81Ow8GXkLXWMNDiqqKJcZPsiq2Beo5AhEJJ5yYGM8L7tm9YaRoaXcX8eZCUg/Sb5fU2Lw9Stv8n39xndkB&p=
      Response
      HTTP/2.0 200
      cache-control: no-store, no-cache
      pragma: no-cache
      content-length: 131
      content-type: application/json; charset=utf-8
      expires: Mon, 01 Jan 0001 00:00:00 GMT
      server: Microsoft-IIS/10.0
      arc-rsp-dbg: [{"DcoPlusDebug":"Status: Ok"},{"OPTOUTSTATE":"256"},{"REGIONALPOLICY":"0"}]
      accept-ch: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version
      x-aspnet-version: 4.0.30319
      x-powered-by: ASP.NET
      strict-transport-security: max-age=31536000; includeSubDomains
      date: Thu, 07 Nov 2024 21:45:16 GMT
    • flag-us
      DNS
      45.19.74.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      45.19.74.20.in-addr.arpa
      IN PTR
      Response
    • 20.74.19.45:443
      https://fd.api.iris.microsoft.com/v4/api/selection?&asid=D1F3EF040E0C4BA1BE315FA90567F9EC&nct=1&placement=88000677&bcnt=30&country=US&locale=en-US&poptin=0&fmt=json&clr=cdmlite&arch=AMD64&concp=0&d3dfl=D3D_FEATURE_LEVEL_12_1&devfam=Windows.Desktop&devosver=10.0.19044.4529&dinst=1729692971&dmret=0&drgng=244&flightbranch=&flightring=Retail&localid=w%3A11E14D59-6FBC-662D-AFD4-9FD69C7CEDC9&osbranch=vb_release&oslocale=en-US&osret=1&ossku=EnterpriseS&osskuid=125&prccn=2&prccs=4192&prcmf=AuthenticAMD&procm=Intel%20Core%20Processor%20%28Broadwell%29&ram=4095&tinst=Client&tl=1&pat=0&smc=0&sac=0&disphorzres=1280&dispsize=14.7&dispvertres=720&ldisphorzres=1280&ldispvertres=720&moncnt=1&cpdsk=241361&frdsk=209783&lo=22048&tsu=22048
      tls, http2
      2.7kB
       7.5kB
       18
      13

      HTTP Request

      GET https://fd.api.iris.microsoft.com/v4/api/selection?&asid=D1F3EF040E0C4BA1BE315FA90567F9EC&nct=1&placement=88000677&bcnt=30&country=US&locale=en-US&poptin=0&fmt=json&clr=cdmlite&arch=AMD64&concp=0&d3dfl=D3D_FEATURE_LEVEL_12_1&devfam=Windows.Desktop&devosver=10.0.19044.4529&dinst=1729692971&dmret=0&drgng=244&flightbranch=&flightring=Retail&localid=w%3A11E14D59-6FBC-662D-AFD4-9FD69C7CEDC9&osbranch=vb_release&oslocale=en-US&osret=1&ossku=EnterpriseS&osskuid=125&prccn=2&prccs=4192&prcmf=AuthenticAMD&procm=Intel%20Core%20Processor%20%28Broadwell%29&ram=4095&tinst=Client&tl=1&pat=0&smc=0&sac=0&disphorzres=1280&dispsize=14.7&dispvertres=720&ldisphorzres=1280&ldispvertres=720&moncnt=1&cpdsk=241361&frdsk=209783&lo=22048&tsu=22048

      HTTP Response

      200
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      196.249.167.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      196.249.167.52.in-addr.arpa

    • 8.8.8.8:53
      0.159.190.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      0.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      77.190.18.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      77.190.18.2.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      217.106.137.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      217.106.137.52.in-addr.arpa

    • 8.8.8.8:53
      212.20.149.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      212.20.149.52.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      71.209.201.84.in-addr.arpa
      dns
      72 B
       132 B
       1
      1

      DNS Request

      71.209.201.84.in-addr.arpa

    • 8.8.8.8:53
      43.229.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      43.229.111.52.in-addr.arpa

    • 8.8.8.8:53
      24.73.42.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      24.73.42.20.in-addr.arpa

    • 8.8.8.8:53
      fd.api.iris.microsoft.com
      dns
      71 B
       198 B
       1
      1

      DNS Request

      fd.api.iris.microsoft.com

      DNS Response

      20.74.19.45

    • 8.8.8.8:53
      45.19.74.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      45.19.74.20.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.