6acce147ca1ccc0e4616d2c7fed73659ea02cd83ce11da71df99a1ad36234f57

Analysis

max time kernel
11s
max time network
14s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
21-04-2024 11:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

drw_trial_installer.6936.exe
Size

2.5MB
MD5

c90d8cca094f99d58aaed9391d0436dc
SHA1

f93c6496f521e2f9332a9da0f0f374b90f09f7de
SHA256

6acce147ca1ccc0e4616d2c7fed73659ea02cd83ce11da71df99a1ad36234f57
SHA512

3f9d486e06f27d33f32e0a6bf4d5f977ac41cf42e3ec3090bb747e8eec157c1ae1ff1ae84d10d73e0abed7eec79d626adce88314b5d48141439b2ce7531c941a
SSDEEP

49152:0/18U67vjsddEhjFGNS9LXQOjOQKK6bxM1vehddPa46JFUxkVxq6ZBcMucAtY:3U67vYUhjjV5OdbOUhDPWTUq9cMPOY

Score

6^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 8 IoCs

Processes:

EDownloader.exeInfoForSetup.exeInfoForSetup.exeAliyunWrapExe.ExeInfoForSetup.exeInfoForSetup.exeInfoForSetup.exeInfoForSetup.exe

pid	process
2148	EDownloader.exe
4204	InfoForSetup.exe
3696	InfoForSetup.exe
3628	AliyunWrapExe.Exe
2832	InfoForSetup.exe
3736	InfoForSetup.exe
1436	InfoForSetup.exe
3600	InfoForSetup.exe

Loads dropped DLL 7 IoCs

Processes:

InfoForSetup.exeInfoForSetup.exeAliyunWrapExe.ExeInfoForSetup.exeInfoForSetup.exeInfoForSetup.exeInfoForSetup.exe

pid	process
4204	InfoForSetup.exe
3696	InfoForSetup.exe
3628	AliyunWrapExe.Exe
2832	InfoForSetup.exe
3736	InfoForSetup.exe
1436	InfoForSetup.exe
3600	InfoForSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

EDownloader.exe

pid process

2148 EDownloader.exe
2148 EDownloader.exe

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

drw_trial_installer.6936.exeEDownloader.exeInfoForSetup.exe

description	pid	process	target process
PID 4632 wrote to memory of 2148	4632	drw_trial_installer.6936.exe	EDownloader.exe
PID 4632 wrote to memory of 2148	4632	drw_trial_installer.6936.exe	EDownloader.exe
PID 4632 wrote to memory of 2148	4632	drw_trial_installer.6936.exe	EDownloader.exe
PID 2148 wrote to memory of 4204	2148	EDownloader.exe	InfoForSetup.exe
PID 2148 wrote to memory of 4204	2148	EDownloader.exe	InfoForSetup.exe
PID 2148 wrote to memory of 4204	2148	EDownloader.exe	InfoForSetup.exe
PID 2148 wrote to memory of 3696	2148	EDownloader.exe	InfoForSetup.exe
PID 2148 wrote to memory of 3696	2148	EDownloader.exe	InfoForSetup.exe
PID 2148 wrote to memory of 3696	2148	EDownloader.exe	InfoForSetup.exe
PID 3696 wrote to memory of 3628	3696	InfoForSetup.exe	AliyunWrapExe.Exe
PID 3696 wrote to memory of 3628	3696	InfoForSetup.exe	AliyunWrapExe.Exe
PID 3696 wrote to memory of 3628	3696	InfoForSetup.exe	AliyunWrapExe.Exe
PID 2148 wrote to memory of 2832	2148	EDownloader.exe	InfoForSetup.exe
PID 2148 wrote to memory of 2832	2148	EDownloader.exe	InfoForSetup.exe
PID 2148 wrote to memory of 2832	2148	EDownloader.exe	InfoForSetup.exe
PID 2148 wrote to memory of 3736	2148	EDownloader.exe	InfoForSetup.exe
PID 2148 wrote to memory of 3736	2148	EDownloader.exe	InfoForSetup.exe
PID 2148 wrote to memory of 3736	2148	EDownloader.exe	InfoForSetup.exe
PID 2148 wrote to memory of 1436	2148	EDownloader.exe	InfoForSetup.exe
PID 2148 wrote to memory of 1436	2148	EDownloader.exe	InfoForSetup.exe
PID 2148 wrote to memory of 1436	2148	EDownloader.exe	InfoForSetup.exe
PID 2148 wrote to memory of 3600	2148	EDownloader.exe	InfoForSetup.exe
PID 2148 wrote to memory of 3600	2148	EDownloader.exe	InfoForSetup.exe
PID 2148 wrote to memory of 3600	2148	EDownloader.exe	InfoForSetup.exe

C:\Users\Admin\AppData\Local\Temp\drw_trial_installer.6936.exe
"C:\Users\Admin\AppData\Local\Temp\drw_trial_installer.6936.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4632
- C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\EDownloader.exe
  "C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\EDownloader.exe" EXEDIR=C:\Users\Admin\AppData\Local\Temp ||| EXENAME=drw_trial_installer.6936.exe ||| DOWNLOAD_VERSION=trial ||| PRODUCT_VERSION=2.0.0 ||| INSTALL_TYPE=0
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2148
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe
    /Uid "S-1-5-21-834482027-582050234-2368284635-1000"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4204
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe
    /SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"United States\",\"Pageid\":\"6936\",\"Timezone\":\"GMT-00:00\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrapExe.Exe
      C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrapExe.Exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3628
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe
    /SendInfo Window "Home_Installer" Activity "Click_Fold_Custom"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2832
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe
    /SendInfo Window "Home_Installer" Activity "Click_Install" Attribute "{\"Country\":\"United States\",\"Install_Path\":\"C:/Program Files/EaseUS/EaseUS Data Recovery Wizard\",\"Language\":\"English\",\"Os\":\"Microsoft Windows 10\",\"Pageid\":\"6936\",\"Timezone\":\"GMT-00:00\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3736
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe
    /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"1\",\"Errorinfo\":\"0\",\"PostURL\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/?exeNumber=6936&lang=English&pcVersion=home&pid=2&tid=1&version=trial\",\"ResponseJson\":\"{\\"check\\":1,\\"msg\\":\\"\\u6210\\u529f\\",\\"data\\":{\\"pid\\":\\"2\\",\\"download\\":\\"https:\\/\\/d1.easeus.com\\/drw\\/trial\\/drw18.0.0.0_trial.exe\\",\\"download2\\":\\"https:\\/\\/d2.easeus.com\\/drw\\/trial\\/drw18.0.0.0_trial.exe\\",\\"download3\\":\\"https:\\/\\/d3.easeus.com\\/drw\\/trial\\/drw18.0.0.0_trial.exe\\",\\"version\\":\\"trial\\",\\"curNum\\":\\"18.0\\",\\"testid\\":\\"TR180_2024419abend-04172\\",\\"url\\":[],\\"md5\\":\\"A97AC21694708E08A2A8D5C8FE9E756C\\",\\"tj_download\\":\\"test\\",\\"referNumber\\":\\"1000000\\",\\"killSwitch\\":\\"true\\",\\"WriteLogSwitch\\":\\"false\\",\\"configid\\":\\"\\"},\\"time\\":1713698429}\",\"Result\":\"Success\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1436
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe
    /SendInfo Window "Downloading" Activity "Info_Start_Download_Program" Attribute "{\"Downloadfrom\":\"https://d1.easeus.com/drw/trial/drw18.0.0.0_trial.exe\",\"Pageid\":\"6936\",\"Testid\":\"TR180_2024419abend-04172\",\"Version\":\"trial\",\"Versionnumber\":\"18.0\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\EDownloader.exe

Filesize
1.2MB

MD5
8a250a75859fe52116e706a640e6d77c

SHA1
473c36d9d80173636faeeb0ae4ae9e047e4e9d8b

SHA256
823ab6955052ef34218559b53d4f15224b5a850b532672fa33a7634dc74981dc

SHA512
4b519b1de8f6647a5cbbda11084d096e8bbfe8f694f4fda0e0f244b477f3f15c143254b044b046302ac79b136377894027d9baa2d4ba67ed38f5a55f480a44b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\EasyLog.log

Filesize
1KB

MD5
7529f5a4b399dccd7f681f861a77be25

SHA1
d51cf2b3664c45d94f4502be1e3748cd840b3bd5

SHA256
68915679453c1bc264106e8ed63e164ea3fcbc3d3605170fbcd21d29f669d8c0

SHA512
deefff21f01bdb0906d4f1ee80e37273657f4c327501d8d1a802b040a3d38a176e8646380c5e25e4001f06a1c4f3ca07570cf4addb7c135356c015596879da51

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\English.ini

Filesize
3KB

MD5
514c7cfa0101eae70994afd3fa7801c3

SHA1
bd6249fe023542c5be1180b76343e4e220be7148

SHA256
a6237a06959f1bf65fc2b3e77ae509d3bca1713340227b7fbb66e28da4f84404

SHA512
d889ffd4495ec023394d1170b97bf40fad9ff202b36500fe85d6620cc08e3c42580caf6992c09817646a93d253cfece8e94b66b14e6eee5cefce3f91b5fa4919

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\InitConfigure.ini

Filesize
4KB

MD5
b71a433376606884d121f5017d0b58f2

SHA1
338c2eccc9d45aea410650302dc2d6ed5c27b24d

SHA256
3833439cf03c0151a53b05e080878d39c36c28f68cbfcd2b6673a7b4acb3bc0d

SHA512
8b4ac6c2eddcc774eae8224dff2e3a618a041e0dc0241cf8f469ce53e771da28bf9836df46aeead0162172b58b67b71007dfc1bcee05d8bfde5a41f2beacd32a

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\LanguageTransfor.ini

Filesize
325B

MD5
ffe692a67871185785ec705b1cc12c81

SHA1
06a12bffdff33024a7b8798bdcdcda1fd7255bcc

SHA256
373bec6e7976324ff879c2988bab772c69336d7bcb9a32386a6021568350a824

SHA512
7ecdb5a4e625370888fb3a827cb668e934e29ca764177fca04e4eb620bec2b664fe498c0e9e73288bf977006eaba9618a4dc5a169e0fc5588a0874d9e6bb6c50

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\AliyunConfig.ini

Filesize
1KB

MD5
3bf2c98e751d0799c2607e6875f0d565

SHA1
842086288d74eeb6bb0ca24767c8fb9f5f7a73a4

SHA256
494fca17384b9db96a30b9283343811dce3eaae4e0ee93583d8e1b11ba03c081

SHA512
067963b392b4c8fe9e5541884ae2f9314113e3f2393bee73bff7623314b5bd055d8ad215eba4194de6887130751779cb36dd4d2fd4cc2ba678e9a35c39400b05

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrap.DLL

Filesize
482KB

MD5
58968e221f2522d98dbfe7574d0c44aa

SHA1
424b55216f2c832202c01363e013546380f5312a

SHA256
265170e701ec453b13249e7a4e4f401b87fae79442cce77060213ebcd03828c0

SHA512
9bba6ffbec9b6d3de7b530b056098465a54b66494db7e7ca82e8c98802fb5a1cb500f5d505387f2a33fb9a42a533d5838b1125ef14afad11285410652c6f07b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrapExe.Exe

Filesize
107KB

MD5
f3b9a2d94682fee26fc079ba1e0fb040

SHA1
ff9e89fbcb6939095ecfa34438d9e6ebf9ad6fb4

SHA256
cdc9ee419589b8e378b030a5180b12cf4e1fc2fa132dbaf0e961adbe3c782e55

SHA512
40baa3d59eb931eeab583ecbd4526031bc8d455192d69c3f87b9220ebaab194a2922e4a3e9e36db3a587f56961c0686b81bcec8382ac02f968f31b566581bbbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\DataFile.ini

Filesize
1KB

MD5
f02b22d57068926184ecfbdf6f99994e

SHA1
f6d32b385059e2784425679fee121d52bdcd8c32

SHA256
f693766abe98f53208d5b8b7e61c8233bc28b7a6a171f4e5f36db8893c8a35f0

SHA512
b9276690fa9dedf974aba5ffd6d7bbfe2cef9d6e9fda1a30ddc2d1289fe2da098aa070aa6ef9c1ee8d0b9af56553fbd5601881704cab9d43e197bca3549ded50

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\DataFile.ini

Filesize
786B

MD5
108be74d5792dca4ed138b5b494d6cc5

SHA1
2be997f08dccd0bfe070cfde9af47bd62d3f03b8

SHA256
d6f3c0bcdad488cbe746bce206eafd4dc19980e4f49b9e865cd5aadbd9e6700c

SHA512
085c04841a1fe02eb85826df56743abe23513f8f51ee34992c1867b7a116afcfc10c682f1f902c84700ffdb606581f1f4e32fd9e611a3b3283abf6efc9ad00c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\DataFile.ini

Filesize
2KB

MD5
aecab312425755a1fb3033a094f6b8a5

SHA1
8c49aac0f2cd7fb00ac5cf2d4e3743d7796f13b6

SHA256
eeaad69324e2d97a099730d8371cec0bf400f539b6d922a709e4ad71f5bc49cb

SHA512
0630d93e849b68bdf3b7a26940ecb78d258194d645c718c1f44fd52b5dcae3ab8c4424708606cbf21a99281aebfb74f2f38f8cf7d31467029767feb8ae94e1cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\DataFile.ini

Filesize
770B

MD5
9b9f0ce73645dfe5a49f44ee5cb48f14

SHA1
50b2a5b09cdc80e549a7ca028333e66a0a44e580

SHA256
d9e61e2debb09683a3f30a8092143d63bc6713e39a1bde21a13d3842eab1caa7

SHA512
5a7dab8de102c6a0495685e5696be12f8564a81a08d1d0c2c4aa28de866202c4a663fcece367c78552a0d1a01979a651c0aac105fbc13f1082b8dc2644fa512e

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\DataFile.ini

Filesize
770B

MD5
60162f17aa3891b1e4443bae6e329d9c

SHA1
2802edba7dea97b0855c258f167b5ce80136bc42

SHA256
c98fc5c01ac0ccac9875be2a4d2ea0dcfe7742a111a0e377c25899ba20152480

SHA512
fcb343782c60e24a0e903d05341de728ca339e534c38dcbdcb36b6d2eaedf5b51f71b3ba32dc19dbad81d584eed898cd91f5cdb00f630bd4a96c9ef7516617d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\DataFile.ini

Filesize
88B

MD5
7f411750d07619f38537e7fd612b8b44

SHA1
cda241a1ce5141288582c8f0ac4850992b427bdc

SHA256
ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87

SHA512
35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\DataFile.ini

Filesize
562B

MD5
2be243afd709ea0aebb695ec2fa8e094

SHA1
9f242a01e2d440984a712853adb302863b2a80ba

SHA256
fc308c09927bd0e89bae3724542b41c852f56891fca97bc84befa1a3d02c023f

SHA512
4c393467140cdb8114fdbcf3e87709004be6d93dcc2c487705af4d53f49cf3ff93d8111f984162ab5f3a712d3456112d2d0d8e64c403ee7f39cb8bf3c9ca858d

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\DataFile.ini

Filesize
1KB

MD5
700120890a06bdd1047b1fa4a80ddcf7

SHA1
301c09d2421a19fdcba5c3458662baa456b323ff

SHA256
9afb04495aa301101d2a5460a354c16a07e02574286ef0d741ea5a9df9290f6b

SHA512
cf5dd2de25d9855e711c6be3be94d5582782242a18f85140c50f28d9a1a2e465917bee4776129d3ebf6e506b18fd0889b89a61e4a34722da50386d636f8e1382

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe

Filesize
66KB

MD5
99891aaa0e15b2a514a4ff5c9ec03f4d

SHA1
faf215763908a9a6b8413c7e40293fe4be9bfe7b

SHA256
505ab42f0f376a4d8576bbec9cfdce43deabe168356dee760000319a73e72611

SHA512
36f6d66987506a938faa7503e0fa3a6cf76aa9ca6a30ea7cb7e80d058cf203eae152ef97b2329ba83bb18fc70430a2e00e9aa1f408e94b132813b4bf741697de

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\tempInfo.web

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\downloader.ico

Filesize
65KB

MD5
e7ba7ed202773284c3dd85e4162c38d3

SHA1
7467da2d1455c5af1419da18feae2cb5c3558a3d

SHA256
aa4df8b6f5bc456121eafd03857098e56a4357a2bae7cdd651cafd2cfd78ac7d

SHA512
87dca3bcef8b309a501ffe3eefb5b20194dcf3b9729f024577f3d57dc025643e556c5c01797606483590e5dbd28502425c5f603a0077cc2e4561dddd0322efc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\skin.zip

Filesize
1.4MB

MD5
784c6f9b53521f4cb115532f49b67a36

SHA1
7dcd0e24b7940156fc5be4edb185a57a030b45ef

SHA256
a0951464134e2af94ecd389ea9c0f3d784bae909f60eb2f45d7764b4dbde7a73

SHA512
88851e60a1ec3974558b45e422b2a6b412a2a87603e9a1a61ba5491d2c8475c269f29164dd25ac7a3c72d0ad190437e0dc93c02c6a9f2c85ba599c89ed315f21

Download Submit