728e1ac24c9bc5cfea93817c7fbc3f47571b6abfb202ac305b5b1e73efe6da67

Analysis

max time kernel
93s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 19:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/downloader_easeus/1.0.0/9trialB/EDownloader.exe
Size

1.3MB
MD5

20c3a46be949eb79340dd1d9422fe748
SHA1

214490b862de79c8a93c7c174b6be11d6930fea9
SHA256

18ab66502d20d6d49489b892df6f9039854d20552a12cf4850498cbdec81520e
SHA512

2c6aacf75c8fec6ad321fced5f2f45f0cbbf8bbd573cf872ddb7001df66835000bcb74aeca9ea03396789742052284bb9929b5d996e05363e0961a338889a84f
SSDEEP

24576:R6qQCyR2xl7w8nYh40xQPZUTBEvh+VYou+kzr4S:6S7wRBEv0VYoulzrx

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4780	EDownloader.exe
4780	EDownloader.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 4780 wrote to memory of 4856	4780	EDownloader.exe	90
PID 4780 wrote to memory of 4856	4780	EDownloader.exe	90
PID 4780 wrote to memory of 4856	4780	EDownloader.exe	90
PID 4780 wrote to memory of 3840	4780	EDownloader.exe	94
PID 4780 wrote to memory of 3840	4780	EDownloader.exe	94
PID 4780 wrote to memory of 3840	4780	EDownloader.exe	94
PID 4780 wrote to memory of 2372	4780	EDownloader.exe	95
PID 4780 wrote to memory of 2372	4780	EDownloader.exe	95
PID 4780 wrote to memory of 2372	4780	EDownloader.exe	95
PID 4780 wrote to memory of 440	4780	EDownloader.exe	96
PID 4780 wrote to memory of 440	4780	EDownloader.exe	96
PID 4780 wrote to memory of 440	4780	EDownloader.exe	96
PID 4780 wrote to memory of 3068	4780	EDownloader.exe	97
PID 4780 wrote to memory of 3068	4780	EDownloader.exe	97
PID 4780 wrote to memory of 3068	4780	EDownloader.exe	97
PID 4780 wrote to memory of 2404	4780	EDownloader.exe	98
PID 4780 wrote to memory of 2404	4780	EDownloader.exe	98
PID 4780 wrote to memory of 2404	4780	EDownloader.exe	98
PID 3840 wrote to memory of 3240	3840	InfoForSetup.exe	99
PID 3840 wrote to memory of 3240	3840	InfoForSetup.exe	99
PID 3840 wrote to memory of 3240	3840	InfoForSetup.exe	99

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\EDownloader.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\EDownloader.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4780
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\InfoForSetup.exe
  /Uid "S-1-5-21-2727153400-192325109-1870347593-1000"
  2⤵
  PID:4856
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\InfoForSetup.exe
  /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api/index.php/Home/product/config/\",\"Elapsed\":\"1\",\"Errorinfo\":\"5\",\"Result\":\"Failed\"}"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3840
- - C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\AliyunWrapExe.Exe
    C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\AliyunWrapExe.Exe
    3⤵
    PID:3240
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\InfoForSetup.exe
  /SendInfo Window "DownloadInstall_Page" Activity "Info_Start_Download_Program"
  2⤵
  PID:2372
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\InfoForSetup.exe
  /SendInfo Window "Downloading" Activity "Result_Loading" Attribute "{\"Errorinfo\":\"Create file failed\",\"Result\":\"failed\"}"
  2⤵
  PID:440
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\InfoForSetup.exe
  /SendInfo Window "Install" Activity "Info_Userinfo" Attribute "{\"Country\":\"United States\",\"Language\":\"English\",\"OS\":\"Microsoft Windows 10\",\"Timezone\":\"GMT-00:00\",\"UE\":\"on\",\"Version\":\"\",\"Version_Num\":\"\"}"
  2⤵
  PID:3068
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\InfoForSetup.exe
  /SendInfo Window "DownloadInstall_Page" Activity "Info_Finish" Attribute "{\"Country\":\"United States\",\"Language\":\"English\",\"OS\":\"Microsoft Windows 10\",\"Releasetime\":\"\",\"Testid\":\"\",\"Timezone\":\"GMT-00:00\",\"Version\":\"\",\"Version_Num\":\"\"}"
  2⤵
  PID:2404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\EasyLog.log

Filesize
1KB

MD5
fce27ea3e2609ad095243d61bc71ba97

SHA1
116aa1e0c24465e8e4ac0bfdcb60a23a06103d71

SHA256
dbbefe69827a5c0711bb05754cee385045e364087c8fac1406e794f1b7fa0701

SHA512
9bcf4a26cdfef6fadd892eb14ddad1844e4e1ea74d4427f4c4b4b833cf3bf82716167e0cc651f2b6ecfff88aa7324ffbb8595ced0759d96748adf29b80683e96

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\AliyunConfig.ini

Filesize
1KB

MD5
b23f94c6b1dfa72f34e8f349874918d8

SHA1
75b960363f27b6249f82b3c65575dd31bfb48ab3

SHA256
46f003ae127fe733ad3af9fa36feda3eec99386ba16589dbd28d82b1b1f2c8b2

SHA512
a48a2bd6e087ff6f2a5b5170f867999c7c7b8e2e2df5004ba2f5c0d2b76c6fdb8f8a07a08562b0dbd0bb2d0a3bc5a88f2f304e9ec5ca66852c931e49ff439ad5

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\DataFile.ini

Filesize
2KB

MD5
1d6f6bee5be187962f20f1320265bfee

SHA1
2ea5fac985a098f90c82b98f0fecd544778fab79

SHA256
b7f46db76598f60a7c09065dd3c212d7e91d699055a75218eab64a2b11386488

SHA512
ada93e445c95c3be8c28b3cedcaaa895926fde36e576b66d8ece0872a76cb6fbfb212f070a195ef713bca5f37546cd41bb79afa32a6500918d044e7545e4d55d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\DataFile.ini

Filesize
1KB

MD5
1132be630787af23d89e52d35e8bb7da

SHA1
77f967ba348a0fca29e337423f6d44595bd23b13

SHA256
139d5843a1aab9d36ab76a119b75b1c078c0e4d1c0789e3e936150c2519dee4b

SHA512
ad09a25bf0f48bd8b3bb957a65a4870880486542770bb3dc133f84abcbf05a444e9ede8dfaeeb1e0878d369573b4e193cc64cb8d12214e991a1cbc8b9367396a

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\DataFile.ini

Filesize
998B

MD5
c1e19938d69cd65e46d90b3426193b90

SHA1
ba599febf9485851889620feeb7f78567264305f

SHA256
f01ce24c92efed1d4fc63650916df266c86d94fd5195312a7b22c803987e8c0d

SHA512
6dbe0f8fefb3953feb16c4fdfad00c6684301bc825a4ba0f0891f90f965d0b4194e619d4484ea92a5b31cadfadb44337eb24831ccc3cbc23cfd8156ee188ae78

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\DataFile.ini

Filesize
682B

MD5
5ca976f28a266ab2ebdfc8505574005d

SHA1
d92e978dd020e527ae60986e4fc7a2ae34f935f9

SHA256
eb11d2e0238a0280c4fe0b7c661dc7ea84755d3efe1e4803875354ac0bfc33f2

SHA512
bba7fc1d45dc09bfc6418168480aeabf6d5b3183cd016a17a9d59049acca0f4549ecabad249f4340a8ad88c0463af8c6ac6bc3c618b02768e6bcfdada87e8d19

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\DataFile.ini

Filesize
88B

MD5
7f411750d07619f38537e7fd612b8b44

SHA1
cda241a1ce5141288582c8f0ac4850992b427bdc

SHA256
ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87

SHA512
35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\DataFile.ini

Filesize
2KB

MD5
4dd48cd690163f2a101c44901e623fed

SHA1
6a2a57456fe865ef0fdc4da3fbf7e4a7d812dc16

SHA256
bb70c74fea231b9c8b9af07805d91806c602256f84fe8e65ba6cb318ff50b5e8

SHA512
2b47011e35499535eb95371315ceece7c9931eda9a251ec87acca5fa89a6e7d0563c51b686c4fb7e15b14b1ac5fbed52a72b7418aea0c1e7669b77458a7da7b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\DataFile.ini

Filesize
2KB

MD5
49c95572493428179893e206eb6a8ddc

SHA1
3a00f578ec06c5894f197b1792507b1638d7e131

SHA256
8faed09904d005fa38dfc0f326114c1d0c21b5bcc1cf2fe661dc55dc302b8430

SHA512
e8a47b1a40b423f073802b15e92b6e3ca771d9fb56b30ba9bc5c5027e2bf34cead6058e723ee12fb72b773c083286258fccd6992438f87a5a151b71cb77a86f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\tempInfo.web

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads