Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

Delta V3.61.zip

windows10-2004-x64

8

Delta V3.61.zip

windows10-ltsc 2021-x64

8

Resubmissions

07/11/2024, 21:24 UTC

241107-z8z12ayfnb 8

07/11/2024, 21:23 UTC

241107-z8jdaa1pdl 6

07/11/2024, 21:21 UTC

241107-z7ptnsyjdx 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Delta V3.61.zip

  • Size

    22.2MB

  • Sample

    241107-z8z12ayfnb

  • MD5

    2692ff99a5f94520b6caa33bbd0cf05e

  • SHA1

    0bf675fad129bc61f7c2763177a4314288cce4cd

  • SHA256

    507641e3047216809af93a127af70a266e273cd95c1cfaa06605a753b9166388

  • SHA512

    65d9665d29684325ca27a33ec187be8ccb142f98f662f888b944750ffcfcea43c496403331ab00e5e408dc5b1c3d39d7fc2defdecb1133a41dcc5d00c7c0392c

  • SSDEEP

    393216:p1DbvOskyq5reDYwFpIgDDLB3IwuZcnO7BjOOPhQEFu9QZay7qPF4zjop3Lr:zDbvOPADJpIelBnO7B6OPhjFu9eaDPFj

Score
8/10
adwarediscoveryevasionpersistencephishingprivilege_escalationstealertrojan

Malware Config

Targets

    • Target

      Delta V3.61.zip

    • Size

      22.2MB

    • MD5

      2692ff99a5f94520b6caa33bbd0cf05e

    • SHA1

      0bf675fad129bc61f7c2763177a4314288cce4cd

    • SHA256

      507641e3047216809af93a127af70a266e273cd95c1cfaa06605a753b9166388

    • SHA512

      65d9665d29684325ca27a33ec187be8ccb142f98f662f888b944750ffcfcea43c496403331ab00e5e408dc5b1c3d39d7fc2defdecb1133a41dcc5d00c7c0392c

    • SSDEEP

      393216:p1DbvOskyq5reDYwFpIgDDLB3IwuZcnO7BjOOPhQEFu9QZay7qPF4zjop3Lr:zDbvOPADJpIelBnO7B6OPhjFu9eaDPFj

    Score
    8/10
    adwarediscoveryevasionpersistencephishingprivilege_escalationstealertrojan

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • A potential corporate email address has been identified in the URL: rrf@0.66

      phishing

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Legitimate hosting services abused for malware hosting/C2

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Active Setup

1
T1547.014

Browser Extensions

1
T1176

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Active Setup

1
T1547.014

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Defense Evasion

Modify Registry

4
T1112

Credential Access

Discovery

Browser Information Discovery

1
T1217

Query Registry

5
T1012

System Information Discovery

5
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.