Overview

overview

6

Static

static

3

Delta V3.61.zip

windows7-x64

1

Delta V3.61.zip

windows10-2004-x64

1

Delta V3.61/Delta.exe

windows7-x64

3

Delta V3.61/Delta.exe

windows10-2004-x64

6

Delta V3.6...it.dll

windows7-x64

1

Delta V3.6...it.dll

windows10-2004-x64

1

Delta V3.6...on.dll

windows7-x64

1

Delta V3.6...on.dll

windows10-2004-x64

1

Delta V3.6...90.dll

windows7-x64

3

Delta V3.6...90.dll

windows10-2004-x64

3

Delta V3.6...92.dll

windows7-x64

3

Delta V3.6...92.dll

windows10-2004-x64

3

Delta V3.6...PI.dll

windows7-x64

3

Delta V3.6...PI.dll

windows10-2004-x64

3

Delta V3.6...ua.xml

windows7-x64

3

Delta V3.6...ua.xml

windows10-2004-x64

1

Delta V3.6...s.json

windows7-x64

3

Delta V3.6...s.json

windows10-2004-x64

3

Delta V3.6...rs.txt

windows7-x64

1

Delta V3.6...rs.txt

windows10-2004-x64

1

Delta V3.6...re.txt

windows7-x64

1

Delta V3.6...re.txt

windows10-2004-x64

1

Resubmissions

07-11-2024 21:24

241107-z8z12ayfnb 8

07-11-2024 21:23

241107-z8jdaa1pdl 6

07-11-2024 21:21

241107-z7ptnsyjdx 7

Analysis

  • max time kernel
    137s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-11-2024 21:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Delta V3.61/Delta.exe

  • Size

    17.0MB

  • MD5

    774ffee84d8e760761b8819edd2bc252

  • SHA1

    74ff2bcc3baf64790181b97dc09ab951d9440379

  • SHA256

    3c2cbcfb0dc0b92e1a0f15e725a1f8c4756a990e298098d94087cdd3fd491758

  • SHA512

    935624fdaa9ae57d4515a456a9383c20240988848046fcab69948450413e573167c0f17a456f0f5120ec13e3215759ad11c4857873900606116c3e495dd69650

  • SSDEEP

    196608:LOM8QZXcqPrn0guhegnueaIN3l4X+yBXeLUpcgwBj9aR:LOM8EmegnBaS1C+yBaUpcgwBj0

Score
6/10
discovery

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Delta.exe
    "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Delta.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5028
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4TfpR6wUUu
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3044
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa3aa46f8,0x7fffa3aa4708,0x7fffa3aa4718
        3⤵
          PID:1376
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9721210304253402260,3954125262762493205,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
          3⤵
            PID:1264
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,9721210304253402260,3954125262762493205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1248
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,9721210304253402260,3954125262762493205,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
            3⤵
              PID:5040
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9721210304253402260,3954125262762493205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
              3⤵
                PID:1800
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9721210304253402260,3954125262762493205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
                3⤵
                  PID:1908
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9721210304253402260,3954125262762493205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
                  3⤵
                    PID:3588
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,9721210304253402260,3954125262762493205,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4164 /prefetch:8
                    3⤵
                      PID:220
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,9721210304253402260,3954125262762493205,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5040 /prefetch:8
                      3⤵
                      • Modifies registry class
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1692
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9721210304253402260,3954125262762493205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
                      3⤵
                        PID:3352
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9721210304253402260,3954125262762493205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
                        3⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3596
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9721210304253402260,3954125262762493205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
                        3⤵
                          PID:2044
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9721210304253402260,3954125262762493205,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
                          3⤵
                            PID:5088
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9721210304253402260,3954125262762493205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
                            3⤵
                              PID:5320
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9721210304253402260,3954125262762493205,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
                              3⤵
                                PID:5328
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9721210304253402260,3954125262762493205,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5232 /prefetch:2
                                3⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:2044
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4960
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2480

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                7de1bbdc1f9cf1a58ae1de4951ce8cb9

                                SHA1

                                010da169e15457c25bd80ef02d76a940c1210301

                                SHA256

                                6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

                                SHA512

                                e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                85ba073d7015b6ce7da19235a275f6da

                                SHA1

                                a23c8c2125e45a0788bac14423ae1f3eab92cf00

                                SHA256

                                5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

                                SHA512

                                eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                480B

                                MD5

                                ef211a4ac389cbbfe2ff395f9150874c

                                SHA1

                                794f5045dc05bbaef57e7659c88ec5ea4a268c31

                                SHA256

                                0c4864391764cb0c30e8be8c239f704b0a2f2a8baa281d3478abb2b8bd658118

                                SHA512

                                c8da76308c606ecb5ca47b21f84ebeca9fef508e9757170ae87dec8d5aa40e14f7b846f4914f8e5c39a53d34737c2552a92c0c173733d110bec8249d28a225b6

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                537B

                                MD5

                                40d28bdacb3c484a534babbb7c427c5f

                                SHA1

                                ea1e9106402bd8a187142f24131f7e41b67f8980

                                SHA256

                                c9fb081a0f04376089fb05dbaa97025cba5071054932d30fdcfd9cf99c9ebe56

                                SHA512

                                562f1dce4ff20d1c8a2b4d968fcae4f16a73040b5cc7e8202961e7b2c6af8872d0c85acc0c8aa3d4a75d824e4d69f33c7efaefa0e4281e2eca9b32703e8ccca8

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                5KB

                                MD5

                                16f00174949a25342df7060d94f317b8

                                SHA1

                                33e9039a0ece6f73981cc58b92c4fe9fa0ad1481

                                SHA256

                                c192ad8c9a4613c876bc223fc079ea51182ea3180eff0dd5822a86a51329b661

                                SHA512

                                55df5446773133431cd4af66aac4c3f5c1e6d39fb965bd88565c87300236133364813af033facebdf2b2e17067fcc7d1f8f630f18b6becb053fcd6fc308b9917

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                3bd9fa38becfbeb2b2b5f608f4330500

                                SHA1

                                f6ab97b3e74f7ac4ab20f596d0347ec5c96e670d

                                SHA256

                                f3cb6c2ec7a566f65ac0a51373c940ef559022414d99066da0af5976ac633bc1

                                SHA512

                                004de71be6afe7503ff6ff6bf298755e556e27488084cab7f476d0b691fa86f5955c796a8bf4fb499cc5d9591dbb8d2de357c88b3a5ab6b3b0b8b8f666e02c06

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                46295cac801e5d4857d09837238a6394

                                SHA1

                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                SHA256

                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                SHA512

                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                206702161f94c5cd39fadd03f4014d98

                                SHA1

                                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                SHA256

                                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                SHA512

                                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                10KB

                                MD5

                                4ce8ea33e44bff2c638f114043db030f

                                SHA1

                                20d8eed346b422406c5c0db40b22317f86f2572e

                                SHA256

                                a827fd3254da98b00b1e30bd0e3a131685c5cf1da96653c93fbc13e3e274f692

                                SHA512

                                8028cc99acc64cd8272be55083e24994b1b6e0b52678fe3fc5a56604b919d8e96db46faf4fd40640f80c27cb147fcecfdf7474f987258327dfb8621dd16196e5

                                Download Submit

                              • memory/5028-6-0x0000000006C30000-0x0000000006CE0000-memory.dmp

                                Filesize

                                704KB

                                Download

                              • memory/5028-93-0x0000000074EBE000-0x0000000074EBF000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/5028-14-0x0000000074EB0000-0x0000000075660000-memory.dmp

                                Filesize

                                7.7MB

                                Download

                              • memory/5028-15-0x0000000074EB0000-0x0000000075660000-memory.dmp

                                Filesize

                                7.7MB

                                Download

                              • memory/5028-16-0x000000000C720000-0x000000000C728000-memory.dmp

                                Filesize

                                32KB

                                Download

                              • memory/5028-12-0x00000000075D0000-0x0000000007924000-memory.dmp

                                Filesize

                                3.3MB

                                Download

                              • memory/5028-11-0x0000000007120000-0x000000000713E000-memory.dmp

                                Filesize

                                120KB

                                Download

                              • memory/5028-10-0x0000000007050000-0x0000000007072000-memory.dmp

                                Filesize

                                136KB

                                Download

                              • memory/5028-7-0x00000000070A0000-0x0000000007116000-memory.dmp

                                Filesize

                                472KB

                                Download

                              • memory/5028-13-0x0000000007A40000-0x0000000007ADC000-memory.dmp

                                Filesize

                                624KB

                                Download

                              • memory/5028-142-0x0000000074EB0000-0x0000000075660000-memory.dmp

                                Filesize

                                7.7MB

                                Download

                              • memory/5028-0-0x0000000074EBE000-0x0000000074EBF000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/5028-5-0x0000000006A00000-0x0000000006A0E000-memory.dmp

                                Filesize

                                56KB

                                Download

                              • memory/5028-4-0x0000000006A40000-0x0000000006A78000-memory.dmp

                                Filesize

                                224KB

                                Download

                              • memory/5028-3-0x00000000067A0000-0x00000000067A8000-memory.dmp

                                Filesize

                                32KB

                                Download

                              • memory/5028-2-0x0000000074EB0000-0x0000000075660000-memory.dmp

                                Filesize

                                7.7MB

                                Download

                              • memory/5028-1-0x0000000000BD0000-0x0000000001CD6000-memory.dmp

                                Filesize

                                17.0MB

                                Download