File name:

deltaloader (1).exe

Full analysis: https://app.any.run/tasks/80d60645-4be5-478b-ac96-3ce40afc075f
Verdict: Malicious activity
Analysis date: February 22, 2025, 11:04:47
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 7 sections
MD5:

7997FFE3C6A963B6C1B1F2E01A639706

SHA1:

9FDD7A0CD6E671E8F171A74DA156381B3DA82A80

SHA256:

959EF5C190886EF9B51514DAB19E25E7D58FB7F6EB445427336EC5AECB479E32

SSDEEP:

98304:dxltoxS1nJ50pXuNpso9BoxYR/yX9CKgX5gcXpD9gfnwF6aounJW836rVm0zqZ3T:DfTRFqDNTMi1wJKAPZ7L

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • deltaloader (1).exe (PID: 2132)

    • Executable content was dropped or overwritten

      • deltaloader (1).exe (PID: 2132)

    • Reads Internet Explorer settings

      • deltaloader (1).exe (PID: 2132)

    • Reads Microsoft Outlook installation path

      • deltaloader (1).exe (PID: 2132)

    • There is functionality for taking screenshot (YARA)

      • deltaloader (1).exe (PID: 2132)

  • INFO

    • Checks proxy server information

      • deltaloader (1).exe (PID: 2132)

    • Reads the computer name

      • deltaloader (1).exe (PID: 2132)

    • Create files in a temporary directory

      • deltaloader (1).exe (PID: 2132)

    • Checks supported languages

      • deltaloader (1).exe (PID: 2132)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2024:11:16 11:23:01+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.41
CodeSize: 287744
InitializedDataSize: 207872
UninitializedDataSize: -
EntryPoint: 0x327b0
OSVersion: 5.2
ImageVersion: -
SubsystemVersion: 5.2
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
121
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start deltaloader (1).exe

Process information

PID
CMD
Path
Indicators
Parent process
2132"C:\Users\admin\AppData\Local\Temp\deltaloader (1).exe" C:\Users\admin\AppData\Local\Temp\deltaloader (1).exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
9
Modules
Images
c:\users\admin\appdata\local\temp\deltaloader (1).exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
859
Read events
854
Write events
3
Delete events
2

Modification events

(PID) Process:(2132) deltaloader (1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2132) deltaloader (1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2132) deltaloader (1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2132) deltaloader (1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry
Operation:delete valueName:AddToFavoritesInitialSelection
Value:
(PID) Process:(2132) deltaloader (1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry
Operation:delete valueName:AddToFeedsInitialSelection
Value:
Executable files
1
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
2132deltaloader (1).exeC:\Users\admin\AppData\Local\Temp\Delta.exeexecutable
MD5:545CEF0D741D8F9FBBBA7118E3B7875F
SHA256:74D95891041C9C41A5B3ECE774678ABC6FBFF470699C0C783E468221D716EE4F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
32
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
2.16.164.59:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
3732
backgroundTaskHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
5400
SIHClient.exe
GET
200
23.209.214.100:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5004
svchost.exe
GET
200
2.16.164.59:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1176
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5004
svchost.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5064
SearchApp.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5400
SIHClient.exe
GET
200
23.209.214.100:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1476
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
2.16.164.59:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
5004
svchost.exe
2.16.164.59:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
5004
svchost.exe
23.219.150.101:80
www.microsoft.com
AKAMAI-AS
CL
whitelisted
4712
MoUsoCoreWorker.exe
23.219.150.101:80
www.microsoft.com
AKAMAI-AS
CL
whitelisted
4
System
192.168.100.255:138
whitelisted
5004
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
2.19.96.128:443
www.bing.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 2.16.164.59
  • 2.16.164.129
  • 2.16.164.120
  • 2.16.164.130
  • 2.16.164.72
  • 2.16.164.74
  • 2.16.164.107
  • 2.16.164.89
  • 2.16.164.131
whitelisted
www.microsoft.com
  • 23.219.150.101
  • 23.209.214.100
whitelisted
google.com
  • 142.250.185.206
whitelisted
www.bing.com
  • 2.19.96.128
  • 2.19.96.120
whitelisted
login.live.com
  • 20.190.159.4
  • 40.126.31.128
  • 40.126.31.73
  • 20.190.159.71
  • 40.126.31.129
  • 20.190.159.130
  • 40.126.31.131
  • 20.190.159.68
whitelisted
ocsp.digicert.com
  • 2.23.77.188
  • 184.30.131.245
whitelisted
go.microsoft.com
  • 2.19.106.8
whitelisted
arc.msn.com
  • 20.31.169.57
whitelisted
fd.api.iris.microsoft.com
  • 20.103.156.88
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
deltaloader (1).exe