6acce147ca1ccc0e4616d2c7fed73659ea02cd83ce11da71df99a1ad36234f57

Analysis

max time kernel
145s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02-05-2024 17:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

drw_trial_installer.17146652176883b238686.exe
Size

2.5MB
MD5

c90d8cca094f99d58aaed9391d0436dc
SHA1

f93c6496f521e2f9332a9da0f0f374b90f09f7de
SHA256

6acce147ca1ccc0e4616d2c7fed73659ea02cd83ce11da71df99a1ad36234f57
SHA512

3f9d486e06f27d33f32e0a6bf4d5f977ac41cf42e3ec3090bb747e8eec157c1ae1ff1ae84d10d73e0abed7eec79d626adce88314b5d48141439b2ce7531c941a
SSDEEP

49152:0/18U67vjsddEhjFGNS9LXQOjOQKK6bxM1vehddPa46JFUxkVxq6ZBcMucAtY:3U67vYUhjjV5OdbOUhDPWTUq9cMPOY

Score

6^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 8 IoCs

Processes:

EDownloader.exeInfoForSetup.exeInfoForSetup.exeAliyunWrapExe.ExeInfoForSetup.exeInfoForSetup.exeInfoForSetup.exeInfoForSetup.exe

pid	process
4612	EDownloader.exe
3036	InfoForSetup.exe
2572	InfoForSetup.exe
3404	AliyunWrapExe.Exe
4852	InfoForSetup.exe
2392	InfoForSetup.exe
1856	InfoForSetup.exe
4716	InfoForSetup.exe

Loads dropped DLL 7 IoCs

Processes:

InfoForSetup.exeInfoForSetup.exeAliyunWrapExe.ExeInfoForSetup.exeInfoForSetup.exeInfoForSetup.exeInfoForSetup.exe

pid	process
3036	InfoForSetup.exe
2572	InfoForSetup.exe
3404	AliyunWrapExe.Exe
4852	InfoForSetup.exe
2392	InfoForSetup.exe
1856	InfoForSetup.exe
4716	InfoForSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

EDownloader.exe

pid process

4612 EDownloader.exe
4612 EDownloader.exe

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

drw_trial_installer.17146652176883b238686.exeEDownloader.exeInfoForSetup.exe

description	pid	process	target process
PID 1600 wrote to memory of 4612	1600	drw_trial_installer.17146652176883b238686.exe	EDownloader.exe
PID 1600 wrote to memory of 4612	1600	drw_trial_installer.17146652176883b238686.exe	EDownloader.exe
PID 1600 wrote to memory of 4612	1600	drw_trial_installer.17146652176883b238686.exe	EDownloader.exe
PID 4612 wrote to memory of 3036	4612	EDownloader.exe	InfoForSetup.exe
PID 4612 wrote to memory of 3036	4612	EDownloader.exe	InfoForSetup.exe
PID 4612 wrote to memory of 3036	4612	EDownloader.exe	InfoForSetup.exe
PID 4612 wrote to memory of 2572	4612	EDownloader.exe	InfoForSetup.exe
PID 4612 wrote to memory of 2572	4612	EDownloader.exe	InfoForSetup.exe
PID 4612 wrote to memory of 2572	4612	EDownloader.exe	InfoForSetup.exe
PID 2572 wrote to memory of 3404	2572	InfoForSetup.exe	AliyunWrapExe.Exe
PID 2572 wrote to memory of 3404	2572	InfoForSetup.exe	AliyunWrapExe.Exe
PID 2572 wrote to memory of 3404	2572	InfoForSetup.exe	AliyunWrapExe.Exe
PID 4612 wrote to memory of 4852	4612	EDownloader.exe	InfoForSetup.exe
PID 4612 wrote to memory of 4852	4612	EDownloader.exe	InfoForSetup.exe
PID 4612 wrote to memory of 4852	4612	EDownloader.exe	InfoForSetup.exe
PID 4612 wrote to memory of 2392	4612	EDownloader.exe	InfoForSetup.exe
PID 4612 wrote to memory of 2392	4612	EDownloader.exe	InfoForSetup.exe
PID 4612 wrote to memory of 2392	4612	EDownloader.exe	InfoForSetup.exe
PID 4612 wrote to memory of 1856	4612	EDownloader.exe	InfoForSetup.exe
PID 4612 wrote to memory of 1856	4612	EDownloader.exe	InfoForSetup.exe
PID 4612 wrote to memory of 1856	4612	EDownloader.exe	InfoForSetup.exe
PID 4612 wrote to memory of 4716	4612	EDownloader.exe	InfoForSetup.exe
PID 4612 wrote to memory of 4716	4612	EDownloader.exe	InfoForSetup.exe
PID 4612 wrote to memory of 4716	4612	EDownloader.exe	InfoForSetup.exe

C:\Users\Admin\AppData\Local\Temp\drw_trial_installer.17146652176883b238686.exe
"C:\Users\Admin\AppData\Local\Temp\drw_trial_installer.17146652176883b238686.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\EDownloader.exe
  "C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\EDownloader.exe" EXEDIR=C:\Users\Admin\AppData\Local\Temp ||| EXENAME=drw_trial_installer.17146652176883b238686.exe ||| DOWNLOAD_VERSION=trial ||| PRODUCT_VERSION=2.0.0 ||| INSTALL_TYPE=0
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4612
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe
    /Uid "S-1-5-21-3808065738-1666277613-1125846146-1000"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3036
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe
    /SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"United States\",\"Pageid\":\"17146652176883b238686\",\"Timezone\":\"GMT-00:00\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrapExe.Exe
      C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrapExe.Exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3404
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe
    /SendInfo Window "Home_Installer" Activity "Click_Fold_Custom"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4852
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe
    /SendInfo Window "Home_Installer" Activity "Click_Install" Attribute "{\"Country\":\"United States\",\"Install_Path\":\"C:/Program Files/EaseUS/EaseUS Data Recovery Wizard\",\"Language\":\"English\",\"Os\":\"Microsoft Windows 10\",\"Pageid\":\"17146652176883b238686\",\"Timezone\":\"GMT-00:00\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2392
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe
    /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"2\",\"Errorinfo\":\"0\",\"PostURL\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/?exeNumber=17146652176883b238686&lang=English&pcVersion=home&pid=2&tid=1&version=trial\",\"ResponseJson\":\"{\\"check\\":1,\\"msg\\":\\"\\u6210\\u529f\\",\\"data\\":{\\"pid\\":\\"2\\",\\"download\\":\\"https:\\/\\/d1.easeus.com\\/drw\\/trial\\/drw18.0.0.0_trial.exe\\",\\"download2\\":\\"https:\\/\\/d2.easeus.com\\/drw\\/trial\\/drw18.0.0.0_trial.exe\\",\\"download3\\":\\"https:\\/\\/d3.easeus.com\\/drw\\/trial\\/drw18.0.0.0_trial.exe\\",\\"version\\":\\"trial\\",\\"curNum\\":\\"18.0\\",\\"testid\\":\\"TR180_2024424release-04232\\",\\"url\\":[],\\"md5\\":\\"CD32F43E5691B4943649E47292697B02\\",\\"tj_download\\":\\"test\\",\\"referNumber\\":\\"1000000\\",\\"killSwitch\\":\\"true\\",\\"WriteLogSwitch\\":\\"false\\",\\"configid\\":\\"\\"},\\"time\\":1714672596}\",\"Result\":\"Success\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1856
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe
    /SendInfo Window "Downloading" Activity "Info_Start_Download_Program" Attribute "{\"Downloadfrom\":\"https://d1.easeus.com/drw/trial/drw18.0.0.0_trial.exe\",\"Pageid\":\"17146652176883b238686\",\"Testid\":\"TR180_2024424release-04232\",\"Version\":\"trial\",\"Versionnumber\":\"18.0\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1348 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:4204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\EDownloader.exe

Filesize
1.2MB

MD5
8a250a75859fe52116e706a640e6d77c

SHA1
473c36d9d80173636faeeb0ae4ae9e047e4e9d8b

SHA256
823ab6955052ef34218559b53d4f15224b5a850b532672fa33a7634dc74981dc

SHA512
4b519b1de8f6647a5cbbda11084d096e8bbfe8f694f4fda0e0f244b477f3f15c143254b044b046302ac79b136377894027d9baa2d4ba67ed38f5a55f480a44b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\EasyLog.log

Filesize
1KB

MD5
b21f6d08284c296d2968a51625a562cb

SHA1
78bd7494eef2a17b199e31604a05fb6ef4466b27

SHA256
8ed7e70d84da09cc7d6fdbba80cda25b4404daecb35a80c51b1b6573a4bd89bd

SHA512
0e64fecc75fa652020c16f8539d018867401f27edeae5faf4951f395df688e3384e1924480388271e2ace6037999cfb50c499851cced0ef8765c88bc78487012

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\English.ini

Filesize
3KB

MD5
514c7cfa0101eae70994afd3fa7801c3

SHA1
bd6249fe023542c5be1180b76343e4e220be7148

SHA256
a6237a06959f1bf65fc2b3e77ae509d3bca1713340227b7fbb66e28da4f84404

SHA512
d889ffd4495ec023394d1170b97bf40fad9ff202b36500fe85d6620cc08e3c42580caf6992c09817646a93d253cfece8e94b66b14e6eee5cefce3f91b5fa4919

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\InitConfigure.ini

Filesize
4KB

MD5
b71a433376606884d121f5017d0b58f2

SHA1
338c2eccc9d45aea410650302dc2d6ed5c27b24d

SHA256
3833439cf03c0151a53b05e080878d39c36c28f68cbfcd2b6673a7b4acb3bc0d

SHA512
8b4ac6c2eddcc774eae8224dff2e3a618a041e0dc0241cf8f469ce53e771da28bf9836df46aeead0162172b58b67b71007dfc1bcee05d8bfde5a41f2beacd32a

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\LanguageTransfor.ini

Filesize
325B

MD5
ffe692a67871185785ec705b1cc12c81

SHA1
06a12bffdff33024a7b8798bdcdcda1fd7255bcc

SHA256
373bec6e7976324ff879c2988bab772c69336d7bcb9a32386a6021568350a824

SHA512
7ecdb5a4e625370888fb3a827cb668e934e29ca764177fca04e4eb620bec2b664fe498c0e9e73288bf977006eaba9618a4dc5a169e0fc5588a0874d9e6bb6c50

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\AliyunConfig.ini

Filesize
1KB

MD5
bcb41c6ef65d74e037d7ad4f4df1e463

SHA1
da763efbe6da852c5c8561c5821d73dfeeb9c4eb

SHA256
4df55438eab622ae71e8c8bbfdad68170cd2c9aa4ba1d9a17c4c284bb3160e13

SHA512
669150fb63045420a412be79a0ce65b78283ebdb557d53231f16255da7b4fd48ad636d837417190407a07e7cfb4dc94779bcde7d73e73e59121a5156f672c292

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrap.DLL

Filesize
482KB

MD5
58968e221f2522d98dbfe7574d0c44aa

SHA1
424b55216f2c832202c01363e013546380f5312a

SHA256
265170e701ec453b13249e7a4e4f401b87fae79442cce77060213ebcd03828c0

SHA512
9bba6ffbec9b6d3de7b530b056098465a54b66494db7e7ca82e8c98802fb5a1cb500f5d505387f2a33fb9a42a533d5838b1125ef14afad11285410652c6f07b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrapExe.exe

Filesize
107KB

MD5
f3b9a2d94682fee26fc079ba1e0fb040

SHA1
ff9e89fbcb6939095ecfa34438d9e6ebf9ad6fb4

SHA256
cdc9ee419589b8e378b030a5180b12cf4e1fc2fa132dbaf0e961adbe3c782e55

SHA512
40baa3d59eb931eeab583ecbd4526031bc8d455192d69c3f87b9220ebaab194a2922e4a3e9e36db3a587f56961c0686b81bcec8382ac02f968f31b566581bbbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\DataFile.ini

Filesize
820B

MD5
635481e68ac41fd5dc3c561766dbfbfe

SHA1
485613f586ad331c797335a350cd9e1934ce3ce8

SHA256
22397021b42491421d684610ab2089146fc895ccc2882c7831187066804734d0

SHA512
b2bcba958d26a5b6ff2305c779acf75ab201b7ba469b9f60b3479a9b6429128d571442bd6f72d88f2b41382d3259a27ccf5d6218f7801bfd35414dab18dda663

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\DataFile.ini

Filesize
2KB

MD5
8d6b554048d7767aebf5c72cd4ff5cba

SHA1
6246cd66aa4a69297c47160d2cc1074f24721047

SHA256
549a7a27b13e4c7af30113aa38f25cfdf079be1c1c72fb9a2da4f5e2432bd684

SHA512
738077a1f9b553fbba87eb83a26410cabc524a32e2d90ff35b440266438eaeb7262b6a3bc38ad01ce140ddca39d742ffbe68708cf9a743ad8e98398369dff25b

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\DataFile.ini

Filesize
808B

MD5
bf84a6c4aa0211921a244ffafc7c345c

SHA1
7bd02c394ada52918e78ec50532d0305e0a8f96d

SHA256
8255b943da9db00e99f182f2b9a88314a4a0f002be323665795e221dbe85f403

SHA512
9125d3e2aeaad3f55cb97f80745f4b2558788c16048bc192f5c895a2fe6f8e62391d56de15f3d20a4724618e9f643613871052e9ca2b4d799593075e46fd8a75

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\DataFile.ini

Filesize
596B

MD5
51fb204f3fdf01e37f67f4ce70e75041

SHA1
9f0f2fc10bdce46dda96b770c437e9d4105ea1ea

SHA256
797e26abcdd9915a98296f27911b656a2e3846992be67932e20c55ba575e86ce

SHA512
90fb3ecc35858d211cc913e8ecc65f6fb798f3182e4ea6a2e15444f1eb693cdf15c015b9099023959b377430c3750bca73b3b02cd0abd5046f4a820e99d4b48f

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\DataFile.ini

Filesize
88B

MD5
7f411750d07619f38537e7fd612b8b44

SHA1
cda241a1ce5141288582c8f0ac4850992b427bdc

SHA256
ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87

SHA512
35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\DataFile.ini

Filesize
1KB

MD5
984ddb9cf86671d46a0ebd634b3b6d09

SHA1
bac00f8b64e9dc9006e1b8930e062a8e72e368e2

SHA256
f4785efbbf32b676504cab1af5137fa8c4cc05d64b62478c76b91b6114bb8d35

SHA512
c98238a671faed2ac441344692c2c89a61100dcc80751397f17bdb709cedceccfaa5a973c21eb7fe7adfc84ee3ad7f87d53ff0b713e6e1c19d214636ba13a91e

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe

Filesize
66KB

MD5
99891aaa0e15b2a514a4ff5c9ec03f4d

SHA1
faf215763908a9a6b8413c7e40293fe4be9bfe7b

SHA256
505ab42f0f376a4d8576bbec9cfdce43deabe168356dee760000319a73e72611

SHA512
36f6d66987506a938faa7503e0fa3a6cf76aa9ca6a30ea7cb7e80d058cf203eae152ef97b2329ba83bb18fc70430a2e00e9aa1f408e94b132813b4bf741697de

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\tempInfo.web

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\downloader.ico

Filesize
65KB

MD5
e7ba7ed202773284c3dd85e4162c38d3

SHA1
7467da2d1455c5af1419da18feae2cb5c3558a3d

SHA256
aa4df8b6f5bc456121eafd03857098e56a4357a2bae7cdd651cafd2cfd78ac7d

SHA512
87dca3bcef8b309a501ffe3eefb5b20194dcf3b9729f024577f3d57dc025643e556c5c01797606483590e5dbd28502425c5f603a0077cc2e4561dddd0322efc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\skin.zip

Filesize
1.4MB

MD5
784c6f9b53521f4cb115532f49b67a36

SHA1
7dcd0e24b7940156fc5be4edb185a57a030b45ef

SHA256
a0951464134e2af94ecd389ea9c0f3d784bae909f60eb2f45d7764b4dbde7a73

SHA512
88851e60a1ec3974558b45e422b2a6b412a2a87603e9a1a61ba5491d2c8475c269f29164dd25ac7a3c72d0ad190437e0dc93c02c6a9f2c85ba599c89ed315f21

Download Submit