Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

ea4561607c...a4.exe

windows7-x64

10

ea4561607c...a4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    44s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    22/11/2022, 13:17 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea4561607c00687ea82b3365de26959f1adb98b6a9ba64fa6d47a6c19f22daa4.exe

  • Size

    444KB

  • MD5

    73695fc3868f541995b3d1cc4dfc1350

  • SHA1

    158c7382c88e10ab0208c9a3c72d5f579b614947

  • SHA256

    ea4561607c00687ea82b3365de26959f1adb98b6a9ba64fa6d47a6c19f22daa4

  • SHA512

    e662c2cfa651f8b080c8c0b6650a60565ba3d93130ce7c68a927454e5bef11400b495de5512bcc62d530c9243a450c9c2252f789c5b2911b2913ea163502dbfc

  • SSDEEP

    6144:FAv4cqcUtBUmm60Lo6Dje6lNPPvKspCgOU7ApITDs4aiIjT+WhB:yrqhtBUmm6bQe6f/Ks4gj7AVuO

Score
10/10
windealerstealertrojan

Malware Config

Signatures

  • Detect WinDealer information stealer 2 IoCs
    stealer
  • WinDealer

    WinDealer is an info stealer used by LuoYu group.

    stealertrojanwindealer
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ea4561607c00687ea82b3365de26959f1adb98b6a9ba64fa6d47a6c19f22daa4.exe
    "C:\Users\Admin\AppData\Local\Temp\ea4561607c00687ea82b3365de26959f1adb98b6a9ba64fa6d47a6c19f22daa4.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of SetWindowsHookEx
    PID:1388

Network

    No results found
No results found
  • 113.63.56.96:6999
    ea4561607c00687ea82b3365de26959f1adb98b6a9ba64fa6d47a6c19f22daa4.exe
    172 B
     1

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1388-54-0x0000000075711000-0x0000000075713000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1388-55-0x0000000010000000-0x000000001003B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/1388-56-0x0000000010000000-0x000000001003B000-memory.dmp

    Filesize

    236KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.