728e1ac24c9bc5cfea93817c7fbc3f47571b6abfb202ac305b5b1e73efe6da67

Analysis

max time kernel
119s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 19:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/downloader_easeus/1.0.0/9trialB/EDownloader.exe
Size

1.3MB
MD5

20c3a46be949eb79340dd1d9422fe748
SHA1

214490b862de79c8a93c7c174b6be11d6930fea9
SHA256

18ab66502d20d6d49489b892df6f9039854d20552a12cf4850498cbdec81520e
SHA512

2c6aacf75c8fec6ad321fced5f2f45f0cbbf8bbd573cf872ddb7001df66835000bcb74aeca9ea03396789742052284bb9929b5d996e05363e0961a338889a84f
SSDEEP

24576:R6qQCyR2xl7w8nYh40xQPZUTBEvh+VYou+kzr4S:6S7wRBEv0VYoulzrx

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2480	EDownloader.exe
2480	EDownloader.exe

Suspicious use of WriteProcessMemory 58 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 2668	2480	EDownloader.exe	28
PID 2480 wrote to memory of 2668	2480	EDownloader.exe	28
PID 2480 wrote to memory of 2668	2480	EDownloader.exe	28
PID 2480 wrote to memory of 2668	2480	EDownloader.exe	28
PID 2480 wrote to memory of 2668	2480	EDownloader.exe	28
PID 2480 wrote to memory of 2668	2480	EDownloader.exe	28
PID 2480 wrote to memory of 2668	2480	EDownloader.exe	28
PID 2480 wrote to memory of 2664	2480	EDownloader.exe	29
PID 2480 wrote to memory of 2664	2480	EDownloader.exe	29
PID 2480 wrote to memory of 2664	2480	EDownloader.exe	29
PID 2480 wrote to memory of 2664	2480	EDownloader.exe	29
PID 2480 wrote to memory of 2664	2480	EDownloader.exe	29
PID 2480 wrote to memory of 2664	2480	EDownloader.exe	29
PID 2480 wrote to memory of 2664	2480	EDownloader.exe	29
PID 2480 wrote to memory of 2592	2480	EDownloader.exe	30
PID 2480 wrote to memory of 2592	2480	EDownloader.exe	30
PID 2480 wrote to memory of 2592	2480	EDownloader.exe	30
PID 2480 wrote to memory of 2592	2480	EDownloader.exe	30
PID 2480 wrote to memory of 2592	2480	EDownloader.exe	30
PID 2480 wrote to memory of 2592	2480	EDownloader.exe	30
PID 2480 wrote to memory of 2592	2480	EDownloader.exe	30
PID 2480 wrote to memory of 2560	2480	EDownloader.exe	31
PID 2480 wrote to memory of 2560	2480	EDownloader.exe	31
PID 2480 wrote to memory of 2560	2480	EDownloader.exe	31
PID 2480 wrote to memory of 2560	2480	EDownloader.exe	31
PID 2480 wrote to memory of 2560	2480	EDownloader.exe	31
PID 2480 wrote to memory of 2560	2480	EDownloader.exe	31
PID 2480 wrote to memory of 2560	2480	EDownloader.exe	31
PID 2480 wrote to memory of 2088	2480	EDownloader.exe	32
PID 2480 wrote to memory of 2088	2480	EDownloader.exe	32
PID 2480 wrote to memory of 2088	2480	EDownloader.exe	32
PID 2480 wrote to memory of 2088	2480	EDownloader.exe	32
PID 2480 wrote to memory of 2088	2480	EDownloader.exe	32
PID 2480 wrote to memory of 2088	2480	EDownloader.exe	32
PID 2480 wrote to memory of 2088	2480	EDownloader.exe	32
PID 2664 wrote to memory of 2404	2664	InfoForSetup.exe	34
PID 2664 wrote to memory of 2404	2664	InfoForSetup.exe	34
PID 2664 wrote to memory of 2404	2664	InfoForSetup.exe	34
PID 2664 wrote to memory of 2404	2664	InfoForSetup.exe	34
PID 2480 wrote to memory of 2680	2480	EDownloader.exe	33
PID 2480 wrote to memory of 2680	2480	EDownloader.exe	33
PID 2480 wrote to memory of 2680	2480	EDownloader.exe	33
PID 2480 wrote to memory of 2680	2480	EDownloader.exe	33
PID 2480 wrote to memory of 2680	2480	EDownloader.exe	33
PID 2480 wrote to memory of 2680	2480	EDownloader.exe	33
PID 2480 wrote to memory of 2680	2480	EDownloader.exe	33
PID 2592 wrote to memory of 2880	2592	InfoForSetup.exe	35
PID 2592 wrote to memory of 2880	2592	InfoForSetup.exe	35
PID 2592 wrote to memory of 2880	2592	InfoForSetup.exe	35
PID 2592 wrote to memory of 2880	2592	InfoForSetup.exe	35
PID 2088 wrote to memory of 1980	2088	InfoForSetup.exe	36
PID 2088 wrote to memory of 1980	2088	InfoForSetup.exe	36
PID 2088 wrote to memory of 1980	2088	InfoForSetup.exe	36
PID 2088 wrote to memory of 1980	2088	InfoForSetup.exe	36
PID 2560 wrote to memory of 436	2560	InfoForSetup.exe	37
PID 2560 wrote to memory of 436	2560	InfoForSetup.exe	37
PID 2560 wrote to memory of 436	2560	InfoForSetup.exe	37
PID 2560 wrote to memory of 436	2560	InfoForSetup.exe	37

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\EDownloader.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\EDownloader.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\InfoForSetup.exe
  /Uid "S-1-5-21-1658372521-4246568289-2509113762-1000"
  2⤵
  PID:2668
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\InfoForSetup.exe
  /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api/index.php/Home/product/config/\",\"Elapsed\":\"3\",\"Errorinfo\":\"5\",\"Result\":\"Failed\"}"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\AliyunWrapExe.Exe
    C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\AliyunWrapExe.Exe
    3⤵
    PID:2404
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\InfoForSetup.exe
  /SendInfo Window "DownloadInstall_Page" Activity "Info_Start_Download_Program"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2592
- - C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\AliyunWrapExe.Exe
    C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\AliyunWrapExe.Exe
    3⤵
    PID:2880
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\InfoForSetup.exe
  /SendInfo Window "Downloading" Activity "Result_Loading" Attribute "{\"Errorinfo\":\"Create file failed\",\"Result\":\"failed\"}"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2560
- - C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\AliyunWrapExe.Exe
    C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\AliyunWrapExe.Exe
    3⤵
    PID:436
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\InfoForSetup.exe
  /SendInfo Window "Install" Activity "Info_Userinfo" Attribute "{\"Country\":\"United States\",\"Language\":\"English\",\"OS\":\"Microsoft Windows 7\",\"Timezone\":\"GMT-00:00\",\"UE\":\"on\",\"Version\":\"\",\"Version_Num\":\"\"}"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2088
- - C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\AliyunWrapExe.Exe
    C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\AliyunWrapExe.Exe
    3⤵
    PID:1980
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\InfoForSetup.exe
  /SendInfo Window "DownloadInstall_Page" Activity "Info_Finish" Attribute "{\"Country\":\"United States\",\"Language\":\"English\",\"OS\":\"Microsoft Windows 7\",\"Releasetime\":\"\",\"Testid\":\"\",\"Timezone\":\"GMT-00:00\",\"Version\":\"\",\"Version_Num\":\"\"}"
  2⤵
  PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\AliyunConfig.ini

Filesize
1KB

MD5
a2688d1cd95c01425d230024e79bbb25

SHA1
85ecd41cf89e1b74e9ba1cbc839816ed3ddf1e5f

SHA256
470e603d1253d8c5378bead54ae8721d993543cf2c2ad4d3e8587c2ed5baba21

SHA512
f94f9e03f361c6b865850ae45ee864381a4fa63ca5315f8433ec0d24292aed1659e1a492d700c30c9cc1a00ad2ba2e420ae1808a2c1e30fdf42007dcfebb010d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\DataFile.ini

Filesize
2KB

MD5
fe031c93e39ee36cafc6745acea6059d

SHA1
566356c9db416fdb6ac850b563ee52319d82e544

SHA256
08feaf0270c524f7cf0014744c76a6dc13b18d32370575b748899421871ffcb7

SHA512
fb131a3e0cca58d6c5074c6e36983e086c027c3144f01af65a9b41195559a9fbb276f382b2e4238e721207937e99230471b4500587cb92d51083dd8c8422363b

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\DataFile.ini

Filesize
1KB

MD5
d55d664941f2bc7e869ae393d0ed5860

SHA1
d67774505ee27a6853d9d7d57c2b04e4d1001237

SHA256
e2437e599690f8a36a50b0a3d275c69e1acbca16523ce0e342f285f405bfce62

SHA512
94f5e00a546f8164bc2141113c33423138d57fcc18b9be22ba10aa279e6fba6fe811ac7997e4f81259f2ac47348a66b86320a8c7e500c317efc589b8c92e9a01

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\DataFile.ini

Filesize
1KB

MD5
39013e041da4f5db8b44595d1a6bbf63

SHA1
04c58bc0beef6cb88bc54924129e78764063d07b

SHA256
7824e719be56143bffb9f0ca6b788169560bcff5ece5ea880e700196d2089d5d

SHA512
02fb04bd8ff6e95e27152bf620bd4b79c1dac0693ef916c41c57e48a1c29d2902f7bbd2ac7af56ff1bf898f042e17143cb54a85b95de6e3b46a04ac326427808

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\DataFile.ini

Filesize
740B

MD5
917daa385ff0bb5a0de38fd2031f88a1

SHA1
789e5bb4f2e805874160056fb996bc010c9c3f4f

SHA256
0b957acf8c77a41d8f530597dd2e44e1ae5aae8b9c23753c1eaef51eeb0cc2c5

SHA512
b4775478fcd4e1eb38819c9b756fecb5ae6b6e7f9295525b040e84cd42d016e8d94ace15162c13b9156d3d8c5ff6e5f5f570471e579c2d7c53a90d46a61a01b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\DataFile.ini

Filesize
88B

MD5
7f411750d07619f38537e7fd612b8b44

SHA1
cda241a1ce5141288582c8f0ac4850992b427bdc

SHA256
ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87

SHA512
35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\DataFile.ini

Filesize
1KB

MD5
68358c592432900d527555e2ddaef947

SHA1
173abea4eb084421152c71aaf0526e1010581773

SHA256
b654cb9e8b1f6f180f97b78d712878008ce61bfd14b272614304ef8fa5b85da6

SHA512
33b6d03b7a3085b2b08c283d14dab90bf1d97879fb4afc32755fbd315e0713167b4bde27553a87c98fade5610e191f955512579b0835afdb2a62aad3286021ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\DataFile.ini

Filesize
1KB

MD5
6f5d3ddd88f74e5d3b6652afec4442ad

SHA1
deb8d56708afc04c968bc717b095349a548339e4

SHA256
a88035e95de16ad04b945c1f0f17b9fa1bc1d5d594bf28bc459ce128db889994

SHA512
2949ad6fa8825adf5b8422485a5726495bea2065baac5462a7ce7cd0f07dd3ac53bb3337b638b7d0d2ff454235086d28ae8592b4c7b6af721c866a43dfac51c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\DataFile.ini

Filesize
2KB

MD5
a338e25999439c81c872f67981e799fe

SHA1
133ada1007dff2885066163f4b55ed71354a4985

SHA256
04b4d5f97c6931eff94c980bc9b3ce15846cc31dbdb3dbb4f7b0495b43eddb46

SHA512
3f1b62b0aaa5ea55da484205c894dd567ced5c75a749acd1876fe6d8c9777e30ed4e7db2e7ac4699816327ff036ace0902ac782d73c8f4caa3a16a83ba53c3fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\9trialB\aliyun\tempInfo.web

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads