Overview

overview

10

Static

static

3

ea4561607c...a4.exe

windows7-x64

10

ea4561607c...a4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    92s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-04-2024 14:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea4561607c00687ea82b3365de26959f1adb98b6a9ba64fa6d47a6c19f22daa4.exe

  • Size

    444KB

  • MD5

    73695fc3868f541995b3d1cc4dfc1350

  • SHA1

    158c7382c88e10ab0208c9a3c72d5f579b614947

  • SHA256

    ea4561607c00687ea82b3365de26959f1adb98b6a9ba64fa6d47a6c19f22daa4

  • SHA512

    e662c2cfa651f8b080c8c0b6650a60565ba3d93130ce7c68a927454e5bef11400b495de5512bcc62d530c9243a450c9c2252f789c5b2911b2913ea163502dbfc

  • SSDEEP

    6144:FAv4cqcUtBUmm60Lo6Dje6lNPPvKspCgOU7ApITDs4aiIjT+WhB:yrqhtBUmm6bQe6f/Ks4gj7AVuO

Score
10/10
windealerstealertrojan

Malware Config

Signatures

  • Detect WinDealer information stealer 6 IoCs
    stealer
  • WinDealer

    WinDealer is an info stealer used by LuoYu group.

    stealertrojanwindealer
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ea4561607c00687ea82b3365de26959f1adb98b6a9ba64fa6d47a6c19f22daa4.exe
    "C:\Users\Admin\AppData\Local\Temp\ea4561607c00687ea82b3365de26959f1adb98b6a9ba64fa6d47a6c19f22daa4.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of SetWindowsHookEx
    PID:4420

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8e98-fb8010fb\F_tmp
    Filesize

    121B

    MD5

    3da7e84462ad29cd00355f55dbb3f575

    SHA1

    6f93b6d7e6ec2915111f2888885bdd72d011e8e6

    SHA256

    58b081d186b0e49a28647e36fd9e6ac31bdf9b98dbf9b23c6d0b7dc58701818a

    SHA512

    30bb35370d4a2259f6a420a0486964d278ae3f8a6153c7fef85109ce2e7ece52510d531fc9dbd94fc3ab29b49081e42698ddc31cade5d271696d30f17dc41115

    Download Submit

  • memory/4420-0-0x0000000010000000-0x000000001003B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/4420-1-0x0000000010000000-0x000000001003B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/4420-3-0x0000000010000000-0x000000001003B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/4420-4-0x0000000010000000-0x000000001003B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/4420-18-0x0000000010000000-0x000000001003B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/4420-19-0x0000000010000000-0x000000001003B000-memory.dmp

    Filesize

    236KB

    Download