Overview

overview

8

Static

static

3

DeltaExecutor.exe

windows7-x64

8

Resubmissions

01-01-2025 20:08

250101-yw3eystrcl 8

01-01-2025 20:04

250101-ytbt8a1qe1 8

01-01-2025 20:01

250101-yrhvra1pgx 8

01-01-2025 14:10

250101-rgpf8axnaw 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DeltaExecutor.zip

  • Size

    8.7MB

  • Sample

    250101-ytbt8a1qe1

  • MD5

    0fe9527ce6a6464c8417949dca101972

  • SHA1

    92e3d746ef23e80ecdee68910b64030bddaa7a9a

  • SHA256

    d9029d87aae61f32f6ea1f9bace4b63671b89d07ff8173e376d4054078c19669

  • SHA512

    39914909702417bfae6e411d2c59acc294961e8a722a87862301f997dcf3ae3a535681045b68e5b79bd970bdae428ca5c1aa33c5115195a919622e6265c6163d

  • SSDEEP

    196608:E0kiwudGHZV4uYmFg7zf2yEC3axVsqFckd1/r81uMRZKI81oeI:EGA56u1G7wCKLzd1/rORZKId

Score
8/10
discoveryexecutionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      DeltaExecutor.exe

    • Size

      169KB

    • MD5

      a614a895161a44b174f8b0c5e0d94adf

    • SHA1

      1594a374c81ee36ce6dcff56f13169c4400b8714

    • SHA256

      d6f67c596a3017fab0f6908f38de0f996fe8742dc7131d491343d128d96564f6

    • SHA512

      3e7f9116b528ff8a2aef56f006f8f5c231dcd0fd3e951ce4b3a0582a4429836bcded1469ba7c3ff41d59bafcee05d77150ced675c8b9fe69f17ff734de5ee981

    • SSDEEP

      3072:nczkitvo4BpYN/6mBPry8TXROLdW5m4mUR59OOGJ0kA30165M1fSV:nA4NCmBPry/N2lOOYg0kWE

    Score
    8/10
    discoveryexecutionpersistenceprivilege_escalation

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Downloads MZ/PE file

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks