Overview
overview
7Static
static
7EA Crypto ...T4.rar
windows10-2004-x64
7EA Crypto ...r .ex4
windows10-2004-x64
3EA Crypto ...eX.jpg
windows10-2004-x64
3EA Crypto ...eX.txt
windows10-2004-x64
1EA Crypto ...or.jpg
windows10-2004-x64
3EA Crypto ...32.zip
windows10-2004-x64
1msimg32.dll
windows10-2004-x64
7EA Crypto ...32.dll
windows10-2004-x64
7Analysis
-
max time kernel
148s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
01-04-2024 01:50
Behavioral task
behavioral1
Sample
EA Crypto Hunter v4.0 MT4.rar
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
EA Crypto Hunter v4.0 MT4/Experts/EA Crypto Hunter .ex4
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
EA Crypto Hunter v4.0 MT4/GNR-ForeX.jpg
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
EA Crypto Hunter v4.0 MT4/GNR-ForeX.txt
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
EA Crypto Hunter v4.0 MT4/Gendor.jpg
Resource
win10v2004-20240226-en
Behavioral task
behavioral6
Sample
EA Crypto Hunter v4.0 MT4/msimg32.dll - Build 1335-1350/msimg32.zip
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
msimg32.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral8
Sample
EA Crypto Hunter v4.0 MT4/msimg32.dll - Build 1335-1350/msimg32/msimg32.dll
Resource
win10v2004-20240226-en
General
-
Target
EA Crypto Hunter v4.0 MT4/msimg32.dll - Build 1335-1350/msimg32/msimg32.dll
-
Size
5.4MB
-
MD5
229cbe613f201f8dcbc83ee7624bcd46
-
SHA1
e80dbd2e0b8da3fb298c2b18090a83d113747c55
-
SHA256
0a43970711f968e2e733994a78052481ce7f9a6d0036d97b337a298352f5d089
-
SHA512
2faad3273da3cedcf682dce0306f3e01b6ad72a0efb5ecf7bd5c22d492022f5a53a29a661c096613c603227d8e817237412e97dd9faa740f47a7b24944217474
-
SSDEEP
98304:UXNseb8ajq86XShgsYb4dWgS8KOesO0KC/dYrLXYZ00fk6ouIbOC+:U3zOJYS4c4OdadYrUZ09eE
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral8/memory/2300-0-0x00000000744C0000-0x0000000074D78000-memory.dmp vmprotect behavioral8/memory/2300-3-0x00000000744C0000-0x0000000074D78000-memory.dmp vmprotect behavioral8/memory/2300-4-0x00000000744C0000-0x0000000074D78000-memory.dmp vmprotect -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
rundll32.exepid process 2300 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
rundll32.exepid process 2300 rundll32.exe 2300 rundll32.exe 2300 rundll32.exe 2300 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4972 wrote to memory of 2300 4972 rundll32.exe rundll32.exe PID 4972 wrote to memory of 2300 4972 rundll32.exe rundll32.exe PID 4972 wrote to memory of 2300 4972 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\EA Crypto Hunter v4.0 MT4\msimg32.dll - Build 1335-1350\msimg32\msimg32.dll",#11⤵
- Suspicious use of WriteProcessMemory
PID:4972 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\EA Crypto Hunter v4.0 MT4\msimg32.dll - Build 1335-1350\msimg32\msimg32.dll",#12⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:2300