6acce147ca1ccc0e4616d2c7fed73659ea02cd83ce11da71df99a1ad36234f57

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-03-2024 07:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

drw_trial_installer.1701.exe
Size

2.5MB
MD5

c90d8cca094f99d58aaed9391d0436dc
SHA1

f93c6496f521e2f9332a9da0f0f374b90f09f7de
SHA256

6acce147ca1ccc0e4616d2c7fed73659ea02cd83ce11da71df99a1ad36234f57
SHA512

3f9d486e06f27d33f32e0a6bf4d5f977ac41cf42e3ec3090bb747e8eec157c1ae1ff1ae84d10d73e0abed7eec79d626adce88314b5d48141439b2ce7531c941a
SSDEEP

49152:0/18U67vjsddEhjFGNS9LXQOjOQKK6bxM1vehddPa46JFUxkVxq6ZBcMucAtY:3U67vYUhjjV5OdbOUhDPWTUq9cMPOY

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

Processes:

EDownloader.exeInfoForSetup.exeInfoForSetup.exeAliyunWrapExe.Exe

pid process

2676 EDownloader.exe
2732 InfoForSetup.exe
2708 InfoForSetup.exe
2456 AliyunWrapExe.Exe

pid	process
2676	EDownloader.exe
2732	InfoForSetup.exe
2708	InfoForSetup.exe
2456	AliyunWrapExe.Exe

Loads dropped DLL 7 IoCs

Processes:

drw_trial_installer.1701.exeEDownloader.exeInfoForSetup.exeInfoForSetup.exeAliyunWrapExe.Exe

pid	process
2244	drw_trial_installer.1701.exe
2676	EDownloader.exe
2732	InfoForSetup.exe
2676	EDownloader.exe
2708	InfoForSetup.exe
2708	InfoForSetup.exe
2456	AliyunWrapExe.Exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

EDownloader.exe

pid process

2676 EDownloader.exe
2676 EDownloader.exe

pid	process
2676	EDownloader.exe
2676	EDownloader.exe

Suspicious use of WriteProcessMemory 22 IoCs

Processes:

drw_trial_installer.1701.exeEDownloader.exeInfoForSetup.exe

description	pid	process	target process
PID 2244 wrote to memory of 2676	2244	drw_trial_installer.1701.exe	EDownloader.exe
PID 2244 wrote to memory of 2676	2244	drw_trial_installer.1701.exe	EDownloader.exe
PID 2244 wrote to memory of 2676	2244	drw_trial_installer.1701.exe	EDownloader.exe
PID 2244 wrote to memory of 2676	2244	drw_trial_installer.1701.exe	EDownloader.exe
PID 2676 wrote to memory of 2732	2676	EDownloader.exe	InfoForSetup.exe
PID 2676 wrote to memory of 2732	2676	EDownloader.exe	InfoForSetup.exe
PID 2676 wrote to memory of 2732	2676	EDownloader.exe	InfoForSetup.exe
PID 2676 wrote to memory of 2732	2676	EDownloader.exe	InfoForSetup.exe
PID 2676 wrote to memory of 2732	2676	EDownloader.exe	InfoForSetup.exe
PID 2676 wrote to memory of 2732	2676	EDownloader.exe	InfoForSetup.exe
PID 2676 wrote to memory of 2732	2676	EDownloader.exe	InfoForSetup.exe
PID 2676 wrote to memory of 2708	2676	EDownloader.exe	InfoForSetup.exe
PID 2676 wrote to memory of 2708	2676	EDownloader.exe	InfoForSetup.exe
PID 2676 wrote to memory of 2708	2676	EDownloader.exe	InfoForSetup.exe
PID 2676 wrote to memory of 2708	2676	EDownloader.exe	InfoForSetup.exe
PID 2676 wrote to memory of 2708	2676	EDownloader.exe	InfoForSetup.exe
PID 2676 wrote to memory of 2708	2676	EDownloader.exe	InfoForSetup.exe
PID 2676 wrote to memory of 2708	2676	EDownloader.exe	InfoForSetup.exe
PID 2708 wrote to memory of 2456	2708	InfoForSetup.exe	AliyunWrapExe.Exe
PID 2708 wrote to memory of 2456	2708	InfoForSetup.exe	AliyunWrapExe.Exe
PID 2708 wrote to memory of 2456	2708	InfoForSetup.exe	AliyunWrapExe.Exe
PID 2708 wrote to memory of 2456	2708	InfoForSetup.exe	AliyunWrapExe.Exe

C:\Users\Admin\AppData\Local\Temp\drw_trial_installer.1701.exe
"C:\Users\Admin\AppData\Local\Temp\drw_trial_installer.1701.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2244

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\EDownloader.exe
"C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\EDownloader.exe" EXEDIR=C:\Users\Admin\AppData\Local\Temp ||| EXENAME=drw_trial_installer.1701.exe ||| DOWNLOAD_VERSION=trial ||| PRODUCT_VERSION=2.0.0 ||| INSTALL_TYPE=0
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2676

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe
/Uid "S-1-5-21-330940541-141609230-1670313778-1000"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2732

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe
/SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"United States\",\"Pageid\":\"1701\",\"Timezone\":\"GMT-00:00\"}"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2708

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrapExe.Exe
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrapExe.Exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\EDownloader.exe
Filesize
1.1MB

MD5
952a75680c4210ec3bd0b30741d40ee3

SHA1
cdbd010caf34154fd4b3ae202fc3a06946dde658

SHA256
d041b19c45d508f177530e068d0b85aef8f6bb66732ffdbc11c182c7fd947bb0

SHA512
077323672b20839d490ea5a80a21e7ab10a211487d23b0ceeffc5d104d5ed394525f6b2802a9bbd1423ec3dd656a0b3f36d8de536c4365aef7cfaa157edbd848

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\English.ini
Filesize
3KB

MD5
514c7cfa0101eae70994afd3fa7801c3

SHA1
bd6249fe023542c5be1180b76343e4e220be7148

SHA256
a6237a06959f1bf65fc2b3e77ae509d3bca1713340227b7fbb66e28da4f84404

SHA512
d889ffd4495ec023394d1170b97bf40fad9ff202b36500fe85d6620cc08e3c42580caf6992c09817646a93d253cfece8e94b66b14e6eee5cefce3f91b5fa4919

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\InitConfigure.ini
Filesize
4KB

MD5
b71a433376606884d121f5017d0b58f2

SHA1
338c2eccc9d45aea410650302dc2d6ed5c27b24d

SHA256
3833439cf03c0151a53b05e080878d39c36c28f68cbfcd2b6673a7b4acb3bc0d

SHA512
8b4ac6c2eddcc774eae8224dff2e3a618a041e0dc0241cf8f469ce53e771da28bf9836df46aeead0162172b58b67b71007dfc1bcee05d8bfde5a41f2beacd32a

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\LanguageTransfor.ini
Filesize
325B

MD5
ffe692a67871185785ec705b1cc12c81

SHA1
06a12bffdff33024a7b8798bdcdcda1fd7255bcc

SHA256
373bec6e7976324ff879c2988bab772c69336d7bcb9a32386a6021568350a824

SHA512
7ecdb5a4e625370888fb3a827cb668e934e29ca764177fca04e4eb620bec2b664fe498c0e9e73288bf977006eaba9618a4dc5a169e0fc5588a0874d9e6bb6c50

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\AliyunConfig.ini
Filesize
1KB

MD5
6d448543453764924729b52ff185214c

SHA1
cb9a92fd9d3b8ca5bf764caf7fa9c584b2161acd

SHA256
3a5d99d9e026d7475e76d4f6238f0826bacd8b8c5fdf76efc023e93b89c46be7

SHA512
92f9f5c071cc53ff65c29b787c18279a92fa8720da1ee0b97d7ea03abcb7e142ba5b5ddd33aaa7bc8fd3f917e23dd5f1fd2fe2ac2b73c863db41ea67039e4b5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrap.DLL
Filesize
148KB

MD5
28b6cf800eb90106bcf6c95d92ad2e4f

SHA1
cffa84d709e399bfc7b09afd2c000e43bd7ee67c

SHA256
b83033e8e5197d54476291fccbdad43f6f78c32b35487cf326f03ac346e9d814

SHA512
c9eb6e8f9d42e67379f6220f299a2b86242238e34ffc931e8c19d1104628e5d9d8ce311e3067b6371af27e2f1301af3d3469a7cd1b2f518e6669cea3e05dbf76

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrapExe.exe
Filesize
107KB

MD5
f3b9a2d94682fee26fc079ba1e0fb040

SHA1
ff9e89fbcb6939095ecfa34438d9e6ebf9ad6fb4

SHA256
cdc9ee419589b8e378b030a5180b12cf4e1fc2fa132dbaf0e961adbe3c782e55

SHA512
40baa3d59eb931eeab583ecbd4526031bc8d455192d69c3f87b9220ebaab194a2922e4a3e9e36db3a587f56961c0686b81bcec8382ac02f968f31b566581bbbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\DataFile.ini
Filesize
562B

MD5
2725cbec681dd71a44a27a2860e4cd46

SHA1
2acb4e649e9340ee37fe31c2473e6cbaad7af1e5

SHA256
9c3ee4bc4489ef14e5ad3e54d562734b9e26f542cb8bf49aae722dc75a70151a

SHA512
9090a9180063849141ee5a3cbb85b8295862ccf105c4e1bfe5ea41c171194826eac3114d75b7376528e90fe045d298972a9f41f5fa440dcf615bc10a26b09cfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\DataFile.ini
Filesize
88B

MD5
7f411750d07619f38537e7fd612b8b44

SHA1
cda241a1ce5141288582c8f0ac4850992b427bdc

SHA256
ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87

SHA512
35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\tempInfo.web
Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\downloader.ico
Filesize
65KB

MD5
e7ba7ed202773284c3dd85e4162c38d3

SHA1
7467da2d1455c5af1419da18feae2cb5c3558a3d

SHA256
aa4df8b6f5bc456121eafd03857098e56a4357a2bae7cdd651cafd2cfd78ac7d

SHA512
87dca3bcef8b309a501ffe3eefb5b20194dcf3b9729f024577f3d57dc025643e556c5c01797606483590e5dbd28502425c5f603a0077cc2e4561dddd0322efc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\skin.zip
Filesize
135KB

MD5
eb5f41d4f4f55b841c25133428b3b396

SHA1
46ca344359e6e4a7ec39c296134810b1c4989b42

SHA256
68f2e123d4bfc1464800cb008f368f6f3f8a62b23f77cd73651cdec5776d7872

SHA512
6744c2e4d06b3134bef1d0f84d0451486709dbe4aacb922209da95c3151f024aea186524c17c870cc6b5cef9c043e8ede8774e9152d731cbdc1cb790a184c04e

Download Submit
\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\EDownloader.exe
Filesize
1001KB

MD5
e66eda21af38270b3a89fb8c5afe0378

SHA1
7160898975909ac15203a6bef5d3b11cb486c2ca

SHA256
2b2ec6972f1cfb9ecb6964e70eaaba83a93ff12a95a107c654091013aa57c822

SHA512
73c703352ce80c872c199e213baf448797eb0eb3a93285698dfd945bd590a089e40db5af2ef309578a4219aeac81c228b351040c66e124d78ac1888b882ed80b

Download Submit
\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrap.dll
Filesize
127KB

MD5
2f5a404d78eaded953e58cebc9bd8aee

SHA1
97dfc4ec895335422537bf6eb479f8e34a8795f9

SHA256
f685e32a9eac1262105da09671a55e3b3beab9efa2b02da8a583b0a5388ef5f8

SHA512
cf06abc3e3da3083b0f3fd72bd36a33df376f4e08736e02f3151457dad2a68c56f7beafe634fb7ccd994d4050c072a3fbc09966d93c360d4f20275e1ea230fa9

Download Submit
\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrap.dll
Filesize
482KB

MD5
58968e221f2522d98dbfe7574d0c44aa

SHA1
424b55216f2c832202c01363e013546380f5312a

SHA256
265170e701ec453b13249e7a4e4f401b87fae79442cce77060213ebcd03828c0

SHA512
9bba6ffbec9b6d3de7b530b056098465a54b66494db7e7ca82e8c98802fb5a1cb500f5d505387f2a33fb9a42a533d5838b1125ef14afad11285410652c6f07b5

Download Submit
\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe
Filesize
66KB

MD5
99891aaa0e15b2a514a4ff5c9ec03f4d

SHA1
faf215763908a9a6b8413c7e40293fe4be9bfe7b

SHA256
505ab42f0f376a4d8576bbec9cfdce43deabe168356dee760000319a73e72611

SHA512
36f6d66987506a938faa7503e0fa3a6cf76aa9ca6a30ea7cb7e80d058cf203eae152ef97b2329ba83bb18fc70430a2e00e9aa1f408e94b132813b4bf741697de

Download Submit