6acce147ca1ccc0e4616d2c7fed73659ea02cd83ce11da71df99a1ad36234f57

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-03-2024 07:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/downloader_easeus/2.0.0/2trial/EDownloader.exe
Size

1.2MB
MD5

8a250a75859fe52116e706a640e6d77c
SHA1

473c36d9d80173636faeeb0ae4ae9e047e4e9d8b
SHA256

823ab6955052ef34218559b53d4f15224b5a850b532672fa33a7634dc74981dc
SHA512

4b519b1de8f6647a5cbbda11084d096e8bbfe8f694f4fda0e0f244b477f3f15c143254b044b046302ac79b136377894027d9baa2d4ba67ed38f5a55f480a44b4
SSDEEP

24576:JisJdAcuXY/WQjkLxNEl5DYjwuoJ039NzO0lQHoR8lOuLkdNoQv:PjYzhQHou8qkboQv

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

EDownloader.exe

pid process

1492 EDownloader.exe
1492 EDownloader.exe

pid	process
1492	EDownloader.exe
1492	EDownloader.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

EDownloader.exeInfoForSetup.exe

description	pid	process	target process
PID 1492 wrote to memory of 1612	1492	EDownloader.exe	InfoForSetup.exe
PID 1492 wrote to memory of 1612	1492	EDownloader.exe	InfoForSetup.exe
PID 1492 wrote to memory of 1612	1492	EDownloader.exe	InfoForSetup.exe
PID 1492 wrote to memory of 4472	1492	EDownloader.exe	InfoForSetup.exe
PID 1492 wrote to memory of 4472	1492	EDownloader.exe	InfoForSetup.exe
PID 1492 wrote to memory of 4472	1492	EDownloader.exe	InfoForSetup.exe
PID 4472 wrote to memory of 4924	4472	InfoForSetup.exe	AliyunWrapExe.Exe
PID 4472 wrote to memory of 4924	4472	InfoForSetup.exe	AliyunWrapExe.Exe
PID 4472 wrote to memory of 4924	4472	InfoForSetup.exe	AliyunWrapExe.Exe

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.0.0\2trial\EDownloader.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.0.0\2trial\EDownloader.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe
  /Uid "S-1-5-21-609813121-2907144057-1731107329-1000"
  2⤵
  PID:1612
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe
  /SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"United States\",\"Pageid\":\"\",\"Timezone\":\"GMT-00:00\"}"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4472
- - C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrapExe.Exe
    C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrapExe.Exe
    3⤵
    PID:4924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.0.0\2trial\aliyun\AliyunConfig.ini

Filesize
1KB

MD5
f5fc47f667530d7aa5b482e0f275d683

SHA1
ed51531fd42f21df8f4324ff267586319d07416c

SHA256
49ae0a2603c3732b28109543b3513e90d3d998b106e5a5f9082c398814988a15

SHA512
e78f2d8feb5d81344d5cecd7f1734b3342af7bbc6ea371c8113d16fa324d9504d3f0c48246376ead986c8d64dc2c4aaed1a57c43e7cc6760eba7cc61d4793169

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.0.0\2trial\aliyun\DataFile.ini

Filesize
554B

MD5
6ab69f33c8b7a21fe352dbf762e3c104

SHA1
0f236c0d55070c41439deb98069dc44887ebb6fd

SHA256
6f137853ca4bbe02fdf9679921cef8eede9c0b1ac94b67c2a2be12418cb7a3e8

SHA512
13376675ff7566961823fb2f4de348cbec64b0b5e49133f81a8b3875a95156dc600bb0d13a7913502dfd18c1c2ebe85d84d765e8d44d708d9afabd21a048684f

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.0.0\2trial\aliyun\DataFile.ini

Filesize
88B

MD5
7f411750d07619f38537e7fd612b8b44

SHA1
cda241a1ce5141288582c8f0ac4850992b427bdc

SHA256
ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87

SHA512
35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.0.0\2trial\aliyun\tempInfo.web

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit