942aad800fd45a2bcdf737460872f13b9d3ffbcbe0e841ffdd16e304d7eb7649

Analysis

max time kernel
107s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 16:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/downloader_easeus/1.0.0/46free/EDownloader.exe
Size

1.2MB
MD5

12aeda75bcb5b9dbd13bd85c0181aca9
SHA1

964d92810d8f42bb16b63a37406a4d9457ca6f27
SHA256

6d2d20f4f89b01d146407f5569aa75758ace2a1796457bc1bc3fe13082c9150c
SHA512

bf53d9b800d0b71c0a5b4305ca0ce661af0af0ab1e4a0c35dbdc6febca219ecf261886831254e592818afa90618a2ce2f8f6050a370ecbcb6a848bc7206434bf
SSDEEP

24576:+0TDvES51nIHFifKcXEp/YV2tlUkLXcYnbqrQBuVvgC3m9Pf:t3bXGllXcYbbBuVvgC3m9Pf

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3196	EDownloader.exe
3196	EDownloader.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 3196 wrote to memory of 2820	3196	EDownloader.exe	84
PID 3196 wrote to memory of 2820	3196	EDownloader.exe	84
PID 3196 wrote to memory of 2820	3196	EDownloader.exe	84
PID 3196 wrote to memory of 3992	3196	EDownloader.exe	85
PID 3196 wrote to memory of 3992	3196	EDownloader.exe	85
PID 3196 wrote to memory of 3992	3196	EDownloader.exe	85
PID 3992 wrote to memory of 1020	3992	InfoForSetup.exe	86
PID 3992 wrote to memory of 1020	3992	InfoForSetup.exe	86
PID 3992 wrote to memory of 1020	3992	InfoForSetup.exe	86
PID 3196 wrote to memory of 4372	3196	EDownloader.exe	89
PID 3196 wrote to memory of 4372	3196	EDownloader.exe	89
PID 3196 wrote to memory of 4372	3196	EDownloader.exe	89
PID 3196 wrote to memory of 4476	3196	EDownloader.exe	90
PID 3196 wrote to memory of 4476	3196	EDownloader.exe	90
PID 3196 wrote to memory of 4476	3196	EDownloader.exe	90
PID 3196 wrote to memory of 4024	3196	EDownloader.exe	102
PID 3196 wrote to memory of 4024	3196	EDownloader.exe	102
PID 3196 wrote to memory of 4024	3196	EDownloader.exe	102
PID 3196 wrote to memory of 4612	3196	EDownloader.exe	103
PID 3196 wrote to memory of 4612	3196	EDownloader.exe	103
PID 3196 wrote to memory of 4612	3196	EDownloader.exe	103
PID 3196 wrote to memory of 1560	3196	EDownloader.exe	104
PID 3196 wrote to memory of 1560	3196	EDownloader.exe	104
PID 3196 wrote to memory of 1560	3196	EDownloader.exe	104

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\EDownloader.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\EDownloader.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3196
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\aliyun\InfoForSetup.exe
  /Uid "S-1-5-21-540404634-651139247-2967210625-1000"
  2⤵
  PID:2820
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\aliyun\InfoForSetup.exe
  /SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"United States\",\"Pageid\":\"\",\"Timezone\":\"GMT-00:00\"}"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3992
- - C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\aliyun\AliyunWrapExe.Exe
    C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\aliyun\AliyunWrapExe.Exe
    3⤵
    PID:1020
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\aliyun\InfoForSetup.exe
  /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"2\",\"Errorinfo\":\"4\",\"Result\":\"Failed\"}"
  2⤵
  PID:4372
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\aliyun\InfoForSetup.exe
  /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Elapsedtime\":\"2\",\"Errorinfo\":\"1004\",\"Result\":\"result_fail\"}"
  2⤵
  PID:4476
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\aliyun\InfoForSetup.exe
  /SendInfo Window "Download_Failed" Activity "Click_Retry"
  2⤵
  PID:4024
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\aliyun\InfoForSetup.exe
  /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"2\",\"Errorinfo\":\"4\",\"Result\":\"Failed\"}"
  2⤵
  PID:4612
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\aliyun\InfoForSetup.exe
  /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Elapsedtime\":\"2\",\"Errorinfo\":\"1004\",\"Result\":\"result_fail\"}"
  2⤵
  PID:1560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\EasyLog.log

Filesize
1KB

MD5
74259f8a85ee1a72345bcdcef3d3cba5

SHA1
767eea66886aae21fc09c5cd5f93c590ea55454f

SHA256
88bc0e7140435ebf0a99a398ad92135a27a23e47568b8241a671b79543028042

SHA512
2bd70534e5f6b04c087946bbb962a7d14c25dc938c2a4bdfafc1723f13a4ccf80427535ec32271f754a60508b4738938fa2bb52314c08b056b4a42dd8e2661d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\aliyun\AliyunConfig.ini

Filesize
1KB

MD5
686ef5b63e53b203b97d83b753234a9a

SHA1
3e9a3deaa7eccce315d93f3a3d4e109d17800a29

SHA256
e1eee8aaecfe45adac29b0381365336ff64258f2aaa3ad8922c45fb89ce8984a

SHA512
3f6ea68929bff6e567bf6433f2aefb360a172e55ce6856bb7e13e6f4aac877448ff181e0035c3a3241596128e644595476d203f2ac119a5cfacb2669794d5d04

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\aliyun\DataFile.ini

Filesize
554B

MD5
b5e1f47d5619f10e5cb8562d793fb29a

SHA1
4989d0f703d1e8a0b48371688c895c9f8234f2e6

SHA256
2f0e6f448c3d766ae0ec8d6a5406f1768a260edb4be3a02f06533c80fb0aa48f

SHA512
4d05bc33fc306222b08d0e7255dae48b7e553c7ddd6b28aaa7b022c30628c512eca362f2026b1378c590d988492d278220387be704acbacfb81d24c739ccbbb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\aliyun\DataFile.ini

Filesize
362B

MD5
b7335c4f99403babd7a78f13bbc802e8

SHA1
123296d58910f8271d5e86c846d48b51a9f4aa9c

SHA256
f170ced7cf6c9f0bf94e28ea00818b67d43779a131a01dcb1bd2405bfa10da4d

SHA512
43d973d3492a0af2da5840644050e527d03b3ab40a3ff888c734e5de8fadaa336e5129a00e191e13981367a4703160e68bc6d8e77ed1b86a88f2495cc8686699

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\aliyun\DataFile.ini

Filesize
362B

MD5
f6b4ac58d17292d49bb4731030675747

SHA1
c9d19d209595bee38ad4cdeb1e2ce07c6bc2c486

SHA256
58235fecb555f89b80c7c0a70eef86d76e965f7b367a5f9d69c77bbeca6f2dc0

SHA512
d4f72d481468d5644095e767b2366427335e9ed7f7fb6ba86b1e1c7c9b631aac8222df89d0f486c9fd173103846df0a5b40d76cee47b3060bc12b0ea0d936145

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\aliyun\DataFile.ini

Filesize
88B

MD5
7f411750d07619f38537e7fd612b8b44

SHA1
cda241a1ce5141288582c8f0ac4850992b427bdc

SHA256
ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87

SHA512
35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\aliyun\DataFile.ini

Filesize
1KB

MD5
c4a0b057e2e34191d448900840b729b4

SHA1
f1235b9c651ee31180ec21e57fc63f70967cb2e5

SHA256
206cd7822ceda0146118ef2b35adba54346d1537578ae5d6b3a09419863b8a5b

SHA512
26aefecb413bab8c742179d50972fa2dce34fc574deeabdfa5244e6e6aebce45e8afae544d6c35906661dce6a4205b63600e32fddbebf78b2075e5ad858cf5d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\aliyun\DataFile.ini

Filesize
616B

MD5
a8e605a2731a22b62ea0f91b67b52cd4

SHA1
ea52e6c7faafbd5967a5af085e9c141efbff0278

SHA256
dbce4dd9b8a497f38a2eefd9c552cbabb598db79aab66f1432c90c3be01f7f5e

SHA512
bc9f254cee9ae68388a82d3cba6cdc2f756fc4e501247746f23f5bdbf6ad5d2422a5765d92bbdbe7e8784da917fa77598a53a97a9cb7eb83409973aa5d2fd129

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\aliyun\DataFile.ini

Filesize
1KB

MD5
37bd5a28621504e815d23caf60ad2853

SHA1
2aa594b0eaf2b160537d5fe8992b481bcd9da81e

SHA256
e6425946a3c35c986657ce8d310dbfead601de1e4b3c867a1f67ddc08eb4f7bc

SHA512
88d60d4d16c9f39923aa461ba9312cd20dac75cc2cf3176d018bcfe1900a8218a82c14959e4a777228ec2387556c2ff060deb060d450cdaf44ab47599a41a8ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\aliyun\DataFile.ini

Filesize
1KB

MD5
57459599c4a06d3fa32216d2e9ea7206

SHA1
363441504dff93aa169036cd516f3a1adb4d0534

SHA256
8668b7d05342fb0ce62fc71c943261a9df527ea09aca1439d8e8376babfd558b

SHA512
44ec6f16e1431993de7b3fab41525762b8aaf1945fdd282e4ea191d93883b6132c291321c44f2b9f47e153099e0bcb4e13fe6123a0099dab00ef27a99ff50026

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\aliyun\DataFile.ini

Filesize
1KB

MD5
701f8e8cc4eef4fc57d5542953d5540b

SHA1
79406104fce1b7a502ce465b18cd8df14bbf1623

SHA256
71ea9e4986d75e2348213e71fbb94946f1af231cd4dd68becf3b2cbfd218379c

SHA512
f8cfc3cb98bf9eaabbf28d58f33c8556d498d8cd1062b900d983c5435813e495ee8c43d215d33a46f6a183a61699c4329b741a7de12f5d2042c5e38ff6f98601

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\aliyun\DataFile.ini

Filesize
616B

MD5
830a0ea86cfcfa09e771f34f1ccc3579

SHA1
8faae7fa075a84aa20bb5f64ee8aaeb9efa240ae

SHA256
e6e57d7020bc8d930f96553aaa3e9379b87ae9d3606ec11cdac2d297b3e48c3e

SHA512
970d5462611cdbf91a4e60ac1b70e057a41ae89f200ae22c88396e62c543d361c982d4a57ea571e0d92aeb57a161eb6826aec5dd5635841c054c4ad048d57b32

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\46free\aliyun\tempInfo.web

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads