728e1ac24c9bc5cfea93817c7fbc3f47571b6abfb202ac305b5b1e73efe6da67

Analysis

max time kernel
139s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 19:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mobiunlock_installerB_20230717.716906.exe
Size

1.4MB
MD5

cbe4c227d93196e7cee53fe8999bbae1
SHA1

ea53bd426699a12fc9d287dda5280bb28dba7eb6
SHA256

e44ce7eb9297fd92fe866cd653b5c22ec66417703818391874ee666114edf5f6
SHA512

badcd04b166cae6188e839f49df5fb593b2e2abc8feace2832c15e5e06d1cd9bae11c1500bc4b355fce5781f1d8db895cec741ed4eb3859067aeeb9238e84ff4
SSDEEP

24576:izOW0J6jyCC7VzvBi9Dj91qh2oSjJQDLj59FAxd0hBcoxCN6sws+Afq5BtfZgpv:UuCC7VtUj/7/ODP5ydScoMM0+Afq4l

Score

6^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 8 IoCs

pid	Process
1092	EDownloader.exe
3704	InfoForSetup.exe
4104	InfoForSetup.exe
1348	InfoForSetup.exe
4232	InfoForSetup.exe
2996	AliyunWrapExe.Exe
4604	AliyunWrapExe.Exe
3468	AliyunWrapExe.Exe

Loads dropped DLL 7 IoCs

pid	Process
3704	InfoForSetup.exe
4104	InfoForSetup.exe
1348	InfoForSetup.exe
4232	InfoForSetup.exe
2996	AliyunWrapExe.Exe
4604	AliyunWrapExe.Exe
3468	AliyunWrapExe.Exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1092	EDownloader.exe
1092	EDownloader.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 3372 wrote to memory of 1092	3372	mobiunlock_installerB_20230717.716906.exe	89
PID 3372 wrote to memory of 1092	3372	mobiunlock_installerB_20230717.716906.exe	89
PID 3372 wrote to memory of 1092	3372	mobiunlock_installerB_20230717.716906.exe	89
PID 1092 wrote to memory of 3704	1092	EDownloader.exe	90
PID 1092 wrote to memory of 3704	1092	EDownloader.exe	90
PID 1092 wrote to memory of 3704	1092	EDownloader.exe	90
PID 1092 wrote to memory of 4104	1092	EDownloader.exe	94
PID 1092 wrote to memory of 4104	1092	EDownloader.exe	94
PID 1092 wrote to memory of 4104	1092	EDownloader.exe	94
PID 1092 wrote to memory of 1348	1092	EDownloader.exe	95
PID 1092 wrote to memory of 1348	1092	EDownloader.exe	95
PID 1092 wrote to memory of 1348	1092	EDownloader.exe	95
PID 1092 wrote to memory of 4232	1092	EDownloader.exe	96
PID 1092 wrote to memory of 4232	1092	EDownloader.exe	96
PID 1092 wrote to memory of 4232	1092	EDownloader.exe	96
PID 4104 wrote to memory of 2996	4104	InfoForSetup.exe	97
PID 4104 wrote to memory of 2996	4104	InfoForSetup.exe	97
PID 4104 wrote to memory of 2996	4104	InfoForSetup.exe	97
PID 1348 wrote to memory of 4604	1348	InfoForSetup.exe	98
PID 1348 wrote to memory of 4604	1348	InfoForSetup.exe	98
PID 1348 wrote to memory of 4604	1348	InfoForSetup.exe	98
PID 4232 wrote to memory of 3468	4232	InfoForSetup.exe	99
PID 4232 wrote to memory of 3468	4232	InfoForSetup.exe	99
PID 4232 wrote to memory of 3468	4232	InfoForSetup.exe	99

C:\Users\Admin\AppData\Local\Temp\mobiunlock_installerB_20230717.716906.exe
"C:\Users\Admin\AppData\Local\Temp\mobiunlock_installerB_20230717.716906.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3372
- C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\EDownloader.exe
  "C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\EDownloader.exe" EXEDIR=C:\Users\Admin\AppData\Local\Temp ||| EXENAME=mobiunlock_installerB_20230717.716906.exe ||| DOWNLOAD_VERSION=trialB ||| RELEASE_TIME=2022-09-27_15_52_49 ||| PRODUCT_VERSION=1.0.0 ||| INSTALL_TYPE=0
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1092
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\aliyun\InfoForSetup.exe
    /Uid "S-1-5-21-566096764-1992588923-1249862864-1000"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3704
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\aliyun\InfoForSetup.exe
    /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api/index.php/Home/product/config/\",\"Elapsed\":\"5\",\"Errorinfo\":\"0\",\"Result\":\"Success\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\aliyun\AliyunWrapExe.Exe
      C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\aliyun\AliyunWrapExe.Exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2996
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\aliyun\InfoForSetup.exe
    /SendInfo Window "Install" Activity "Info_Userinfo" Attribute "{\"Country\":\"United States\",\"Language\":\"English\",\"OS\":\"Microsoft Windows 10\",\"Timezone\":\"GMT-00:00\",\"UE\":\"on\",\"Version\":\"trialB\",\"Version_Num\":\"3.1.14\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1348
  - - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\aliyun\AliyunWrapExe.Exe
      C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\aliyun\AliyunWrapExe.Exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4604
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\aliyun\InfoForSetup.exe
    /SendInfo Window "DownloadInstall_Page" Activity "Info_Finish" Attribute "{\"Country\":\"United States\",\"Language\":\"English\",\"OS\":\"Microsoft Windows 10\",\"Releasetime\":\"2022-09-27_15_52_49\",\"Testid\":\"\",\"Timezone\":\"GMT-00:00\",\"Version\":\"trialB\",\"Version_Num\":\"3.1.14\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\aliyun\AliyunWrapExe.Exe
      C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\aliyun\AliyunWrapExe.Exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\EDownloader.exe

Filesize
1.3MB

MD5
20c3a46be949eb79340dd1d9422fe748

SHA1
214490b862de79c8a93c7c174b6be11d6930fea9

SHA256
18ab66502d20d6d49489b892df6f9039854d20552a12cf4850498cbdec81520e

SHA512
2c6aacf75c8fec6ad321fced5f2f45f0cbbf8bbd573cf872ddb7001df66835000bcb74aeca9ea03396789742052284bb9929b5d996e05363e0961a338889a84f

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\English.ini

Filesize
2KB

MD5
bac3eaef04900d11e18ea4b17ecbc8ae

SHA1
f5483aa8aa7a974f3409a91314052f68d49dda0d

SHA256
bd72bfe496d24d9121ee22c5eb9b7dc64b951418d6b4397dfb7ec3e52d07aa8f

SHA512
a3003e82119b6aa605b3824b929c208b50775752ec83921faf32ee06e20cb9dcbea907114b9faccfb3d246c31f1009eab5163e69ebbd7759453530a857baaa9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\InitConfigure.ini

Filesize
2KB

MD5
a4584bedf260f905f143835c0ee80de2

SHA1
c7a4f81b5a340004312cc1b47957a1ec64a6c12c

SHA256
ecb3e26d5aeed340ac30d77e2279ba96faf0a4b6ca0279aef40cafde319f4e8f

SHA512
f627f361a5c61ef7405338757c60a87c1964ea550ca785d0f6cd4c10c1b96f6621314ae17adcdfa5064b846d76c00b347152c6666a98548413cbb71078a0a907

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\LanguageTransfor.ini

Filesize
224B

MD5
24caee55a9c3a6c3844481729a165849

SHA1
a7699f0c8ad6786bb200422a01628ac716ac6648

SHA256
62c944a6bd61d696a2029cb06180ec2c3051fc85d1ed85918c8ebad573304683

SHA512
31f1b1850f9dedd121f38b28a662b9bb3673198f6fb6819c11e532ca301d30a8ce5a146a8fbf683a54ef4783ce2fd09382061f036ff1a2ee78862d31bc2c383d

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\aliyun\AliyunConfig.ini

Filesize
1KB

MD5
af810703dd383b8f0bdcc34c99a28ca1

SHA1
642b4592d21b871aee1a1987f48c031ff1277c5a

SHA256
b5df9c4c1a9db6d241cf84ba92cd7f0a807235bbb37949a70c9a9a49e2600f7f

SHA512
4dc516fc53f62bbd044ff9165649b3494b883895072a09a32bfcf34d65fc8a1ace383d283079841e0d8f724bf30dfc7687f93d0bcf17ecba5d045b3a5ae913f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\aliyun\AliyunWrap.DLL

Filesize
481KB

MD5
76bdcc093bcb200d8ab942f9a114fb7b

SHA1
0488180057ccddffe7d011f62aab6a496609189a

SHA256
5f590d47ca8229880b127205980f2ea275af343f619e76afca925f494e8f452b

SHA512
56fe3b133075c826ff5ddbff48bd45f402fd72e2e4b0df88d3e8479e38b6ed8c8d297bdf7afe590a55d7505848e25400cf7ab95b4de200a6b161819e6a58bb42

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\aliyun\AliyunWrapExe.exe

Filesize
106KB

MD5
d319db6698876b0197aad730e6eab56d

SHA1
34e4cc9ed04dae5ca32e02584ef76f2da62e0319

SHA256
5b564911401eb681dc2dd670591499bcaf4969880ebf6c04e74144ffe0f4a598

SHA512
4c6cc43ba56ae5dc26b4cc34b58016e5bdd3cc069c7a6fbb49c474d7e8fae3db47e9403c6a2ca6223de946b5267250a60fec6d70db0e78f4cf3c448bc98b0bda

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\aliyun\DataFile.ini

Filesize
1KB

MD5
5e065efd51fb863bf495d51308fc8d0d

SHA1
715d3d4c4f5bbae9f1ef3c69fdf486ce6bd56e99

SHA256
73fc8fb39d1f9ff75f3414646f1c6e3f077f4e151a96914764707326cd922325

SHA512
aadf7fb978cce8b7418b93ca2a83f162827fae38359528db7b152c1f101a96d5f1445ea7faef4fb4e9205db608849a9de0cac5f10891328ff54c8989e34e2c88

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\aliyun\DataFile.ini

Filesize
804B

MD5
defbbc933ba3fc57bc85d5448336469e

SHA1
9fd47f0f591358a676fd262b9c2203bc10f1c8f5

SHA256
0771f3ac531faf7865c18bdea9bb17b88abdb3f82af2bc533e0c9aa44e4c3b94

SHA512
81ff7f4fbea25dae77b15c2010de29da3bcf0f1cb85a5e8184b3ea51e63f2e57020cf9afe5ef513e96bf7bf660fdb5a052e13b8665fa6b845f78b5c8062c8821

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\aliyun\DataFile.ini

Filesize
88B

MD5
7f411750d07619f38537e7fd612b8b44

SHA1
cda241a1ce5141288582c8f0ac4850992b427bdc

SHA256
ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87

SHA512
35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\aliyun\DataFile.ini

Filesize
1KB

MD5
37ec244469cf5b9710294f8f6ac90b81

SHA1
8321cbb3c9443212f9393d56b426d1c09ecccdaf

SHA256
ac26f8b8f815539875a01964b5883e6d7fc763fe8c0809bbdb5a3caa10f9f6b4

SHA512
b9722f14cb42e94b8897685052dd26fabd3313fb1414ba024aa1a5365844119d6c075d60e1b5477cd893b61470b5b787c54c9db3ff3bddcd7636db810ed34734

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\aliyun\DataFile.ini

Filesize
1KB

MD5
341940b794b53b635c02b459f6b5092e

SHA1
ff268474981993d3e35fa81d9719313f9c66bbe3

SHA256
64c4b179b75bf3ff24e549129524a89ddcf69cc9e4c2d689755dc2d2448b6f7b

SHA512
1c4c8630f6c49fd1ef90cc751bcc130843d27fcf2c310333b8c28baad6f11f6c2e7e1b949f9eb70f26e67d7efde61de96b312b2f1ccc57e48bdcb1710391f2cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\aliyun\InfoForSetup.exe

Filesize
65KB

MD5
3615230e443133ad5b95719886038481

SHA1
0c375444f900a311e0750663c4265e0c7dde0fe1

SHA256
052cbe5d4b955698255e704540060ce2edc91aa4b317d5b196491b5bb2d7a9e5

SHA512
887a43213e739bd86576205d27484aed77219445af387874858b840a79e1aa6343710ce4fdc38ddc6e48e7ea192b25ea2d2b3bbe80c18c0c56e64717c57bae63

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\aliyun\tempInfo.web

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\downloader.ico

Filesize
50KB

MD5
af6b0041eae36b3d98bf72d7175ed22e

SHA1
a0a8877308b676ead7f808430d92bae43342a0b5

SHA256
ac55795cfaa8145cca4fce0a0cf7825c11333039938e33c87424b5f645e255f3

SHA512
0de82389d84a010d5a72417928c35d34301b042ad787a1a1cb9dc29edeac10b527ce4a5f210c2e73956b1911adf8fc2dd2ea7342044dfcd76c5a61ede6c02279

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\9trialB\skin.zip

Filesize
300KB

MD5
a6323c2d0453865e02643bc7360cdb30

SHA1
4863309288eae1992c416159758949d7a65ae645

SHA256
7dd656a555f202b617435e764af971303d1d0474a4584b8964b8baabf490579e

SHA512
f3141e9858e16961018ae5056818eb6b2d54ba94bfffe14124adefb5a37c560032e93fe44ebf5aaed38f5903e9ce959c2716c24cf46775badf06dde9f3691dc1

Download Submit