7898acfcc553e78206fa6ef705bf1f1eabe04f3a37f774b03ea57d11163d669e

Analysis

max time kernel
42s
max time network
72s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/02/2024, 20:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

TB_Free_Installer_20240227.767656.exe
Size

2.6MB
MD5

b9a625522b3dbde8b3daf4cda02aa696
SHA1

a9d8cf95d8bb989ffae0f9b07fea292ca16d7a93
SHA256

7898acfcc553e78206fa6ef705bf1f1eabe04f3a37f774b03ea57d11163d669e
SHA512

fcd75d4353d8ff5c924b53bde34f0d9860e3ce9bf045629ea2570f138cef4351fe92c1de142d2efe05ec86f1012ed06c4f19a17863a878d869da3c3892406b72
SSDEEP

49152:RF2sJqUNF0kmCPO5YWJuNOwOGD+1UEYqhxpPa/NA:XhkomC4JAOzGD+1UEYqNyVA

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 5 IoCs

pid	Process
1852	EDownloader.exe
3668	InfoForSetup.exe
4476	InfoForSetup.exe
5072	AliyunWrapExe.Exe
2012	InfoForSetup.exe

Loads dropped DLL 4 IoCs

pid	Process
3668	InfoForSetup.exe
4476	InfoForSetup.exe
5072	AliyunWrapExe.Exe
2012	InfoForSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1852	EDownloader.exe
1852	EDownloader.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 1852	1364	TB_Free_Installer_20240227.767656.exe	89
PID 1364 wrote to memory of 1852	1364	TB_Free_Installer_20240227.767656.exe	89
PID 1364 wrote to memory of 1852	1364	TB_Free_Installer_20240227.767656.exe	89
PID 1852 wrote to memory of 3668	1852	EDownloader.exe	90
PID 1852 wrote to memory of 3668	1852	EDownloader.exe	90
PID 1852 wrote to memory of 3668	1852	EDownloader.exe	90
PID 1852 wrote to memory of 4476	1852	EDownloader.exe	93
PID 1852 wrote to memory of 4476	1852	EDownloader.exe	93
PID 1852 wrote to memory of 4476	1852	EDownloader.exe	93
PID 4476 wrote to memory of 5072	4476	InfoForSetup.exe	94
PID 4476 wrote to memory of 5072	4476	InfoForSetup.exe	94
PID 4476 wrote to memory of 5072	4476	InfoForSetup.exe	94
PID 1852 wrote to memory of 2012	1852	EDownloader.exe	97
PID 1852 wrote to memory of 2012	1852	EDownloader.exe	97
PID 1852 wrote to memory of 2012	1852	EDownloader.exe	97

C:\Users\Admin\AppData\Local\Temp\TB_Free_Installer_20240227.767656.exe
"C:\Users\Admin\AppData\Local\Temp\TB_Free_Installer_20240227.767656.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\3free\EDownloader.exe
  "C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\3free\EDownloader.exe" EXEDIR=C:\Users\Admin\AppData\Local\Temp ||| EXENAME=TB_Free_Installer_20240227.767656.exe ||| DOWNLOAD_VERSION=free ||| PRODUCT_VERSION=1.0.0 ||| INSTALL_TYPE=0
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1852
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\3free\aliyun\InfoForSetup.exe
    /Uid "S-1-5-21-557049126-2506969350-2798870634-1000"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3668
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\3free\aliyun\InfoForSetup.exe
    /SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"United States\",\"Timezone\":\"GMT-00:00\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\3free\aliyun\AliyunWrapExe.Exe
      C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\3free\aliyun\AliyunWrapExe.Exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5072
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\3free\aliyun\InfoForSetup.exe
    /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"2\",\"Errorinfo\":\"0\",\"PostURL\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/?exeNumber=767656&lang=English&pcVersion=home&pid=3&tid=1&version=free\",\"ResponseJson\":\"{\\"check\\":1,\\"msg\\":\\"\\u6210\\u529f\\",\\"data\\":{\\"pid\\":\\"3\\",\\"version\\":\\"free\\",\\"tj_download\\":\\"test\\",\\"referNumber\\":\\"1000000\\",\\"killSwitch\\":\\"true\\",\\"WriteLogSwitch\\":\\"false\\",\\"curNum\\":\\"2024\\",\\"testid\\":\\"123\\",\\"configid\\":\\"\\",\\"md5\\":\\"F2D926A1DA6CC48D4F5E56092CD10043\\",\\"download\\":\\"https:\\/\\/d1.easeus.com\\/tb\\/free\\/TodoBackup16.1_free.exe\\",\\"download2\\":\\"https:\\/\\/d2.easeus.com\\/tb\\/free\\/TodoBackup16.1_free.exe\\",\\"download3\\":\\"https:\\/\\/d3.easeus.com\\/tb\\/free\\/TodoBackup16.1_free.exe\\",\\"url\\":[]},\\"time\\":1709065475}\",\"Result\":\"Success\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\3free\EDownloader.exe

Filesize
3.6MB

MD5
53832e0d7970b48218429c20777d3965

SHA1
3b489a18627b40c821b44af6837123c31f6a0635

SHA256
472b7d98b11719a38a097b64d24b4703fb12d9f70da71c5087ae9f84911ac106

SHA512
190e6b76dfd51fdc5700e56358f7f721c2e1a510d5466813945e75d4847298b8f4d973e7c5262d7437a50caa8314e68461948ea3512fa3cb2a83f4a7d7b935d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\3free\English.ini

Filesize
3KB

MD5
ddaf4e9f7e89d3ad8ac541cc7c82888e

SHA1
ae28878806f57b8df83db38094386f0d047798fb

SHA256
a82964b0605b60eed9997ea9f3d7bc23c5ad9ff95f083d51f4ebbdb137b88c94

SHA512
93c8abfdc383bf34fba13ecf1acbfa01e1e5fc88de7e1f3c6976347307ea4a3e445438477a28655180aaf6cca42567806a75145fe4407cbf0ff641f5ca61eccb

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\3free\InitConfigure.ini

Filesize
5KB

MD5
a85f9acc64df19c2295a51eabe505ac5

SHA1
98df21d469964503e5484c588ca14b4be99a7e76

SHA256
211a2504c0cfe8e28bc32de9fc6065150e1d94b24573a96b43684cb0a1a6d258

SHA512
e10eb26f6167e1cb8299482f00f76bd3ac4f38d35197403f9a644789292bdcd6268710d7a3db0fc0b71e79598ad8af28d457fc94af205a280cce10bb07af715d

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\3free\LanguageTransfor.ini

Filesize
261B

MD5
008516fb41014eee340ff4b4ab030cbc

SHA1
199b8bd1af5436f4cb7e86f590525121d43243ec

SHA256
80193c8d307d982cf45fbf62f0eee3b7ec5522deca8a027155875d610c63657c

SHA512
8033c2be1721b13a4785f817eaee76f4c39387751611d09641792935906dcf52bd6accded96bd12abcf2be067e3b8a7cccab5124ab709c41b120ef0440043c33

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\3free\aliyun\AliyunConfig.ini

Filesize
1KB

MD5
ec9bb337e56669cfcfbcc90cfe34d5ac

SHA1
9cc9ac7541003527a3e427ea8ab9a6dc20f4b2e2

SHA256
2dd2665e98de719f374097efe85076be8fae8dd6fa4977ecb5e55d827529f562

SHA512
b9c3df9c6aff657a9b6d511822ef84834db5e19d53b64086b943e0d4a090406ba655bd9c5ea00933e2da4b864fe5cd2378c59833ea7571277f66eed4f37a202d

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\3free\aliyun\AliyunWrap.DLL

Filesize
476KB

MD5
1ff4ff46834cba11482fb5d0f8c533ab

SHA1
6295fbebf55542839454c1a54c3e00355f020043

SHA256
bc2f1685f7157336027d370718dd2428c8a3883450a6191979d22745c3bca7fc

SHA512
659604861088c164d53d87bad6bbd24ef01c539d63322da541de29b9d14398c484396b16f627d2fb32b6d9b934e7a4b4a25bcfecadf9d13a7db4d9e97086c583

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\3free\aliyun\AliyunWrapExe.Exe

Filesize
101KB

MD5
1b6da142052f6736f7a657149de75bee

SHA1
1affdaa5faaa6844e6f47e5827ff351975be6cd3

SHA256
015b2652280118c2c5016fec99fc542e32fd39ddfc9df513fe49677fc9bf6d42

SHA512
bf4eeff93839045d71115e7b7b79755b0b871ceca221a3eaedcccb19b9492672f04ee166192809ecdaa1575160bf2516fad5f5062520613dcc1f062577ae3555

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\3free\aliyun\DataFile.ini

Filesize
530B

MD5
3807752833c5b04b5ea50a643653f5c8

SHA1
c0df33759993c152bd8195b05ad8159561b085df

SHA256
6bfad9305a94ade65e580c7f686a0cb108f0f7817225e5699af74858329cd9cc

SHA512
be91d0fd822a5fa6397be531a2f638c39b474ab278cc1a3661b1964eed22ba39e40e6e16ee5de860f2252a005d5c22fc6e980ae323848666915fc8db346bd873

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\3free\aliyun\DataFile.ini

Filesize
2KB

MD5
1fd83c3dbb0d62ab54083371f5f3c089

SHA1
de0b8f5f5d6b64b5863c3dfd24744e8d105094c8

SHA256
933916aa0f79953dd6878fcb1db30b19cea06ef99f9ad5a6b40d29c53fe637d9

SHA512
81a8c34696951bcf196ba641df7f5593224754485fe067d014393aedbc608ba69f29192517cb85d383913f9a72d386a8e8e5fa76273155d434613d1607a6886f

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\3free\aliyun\DataFile.ini

Filesize
1KB

MD5
9ceaa82cbcbf627fd816c19a6686ea8b

SHA1
582bce00d199f4ad9ac0378c4b788ffb89d8c6cb

SHA256
b057f38c3a0c759fc21be74e15f6e5c9c72b468c4de964adb3011cc38bc59e15

SHA512
1ab277ac2c5c7e86ed4477360922165844a814b32ce29c39b190ec059cd3d031842e6d390d080ebf92b28835cb71436b8fa7b47f36d6f3b0d10c0d5eee75b0cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\3free\aliyun\InfoForSetup.exe

Filesize
60KB

MD5
af8a1f5caf9c8411d3eee07007450910

SHA1
5a3c2bd68f6e180920e94319f305f56defb995e0

SHA256
e23e375713ec4d7372dc3fababfaa612ecced4f207e7bd68ce5571a21499e2bd

SHA512
feddc353f9f8ce519f88fe8618c52b30eb6dd9a21391c295b95196183be010bbc03d3b605df72936804fc724b7075bc52af153c0ae477966bb7aac046a9da55e

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\3free\aliyun\tempInfo.web

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\3free\downloader.ico

Filesize
61KB

MD5
894ba3dde651d465dba83d1d1ea8c47f

SHA1
37b4d2077e76509ab57c278fee11b91ce1b85d56

SHA256
7c027c7444f9c584f9a382b3b20d1357e4b91b4018d9c723e6cf170b35ca08bb

SHA512
ccccbd75fb8f06924b7f6ba79d6f26825565248d1be19e8b358347200607d586481afaf06ba7575bab42840f288157118175daa299d192fab1a706ec0d55382e

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\3free\skin.zip

Filesize
263KB

MD5
6128c00bd164d955181b086094e5fc71

SHA1
e90884ddda960ae9998644b2080f78667528b43f

SHA256
93f8192af82712df7eeeadbbc8ddcbdd4f8338af96015e4ed11ef7fc9ab09696

SHA512
19a01e7ebce2ec55796cb6529cc696e4e70fa743348ae6cafe614463b01b8f2f29bb200fb28ab7d0e0f5ff26665720f8343fc008fce6741253912ad7a347df6b

Download Submit