6acce147ca1ccc0e4616d2c7fed73659ea02cd83ce11da71df99a1ad36234f57

Analysis

max time kernel
15s
max time network
20s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
24-05-2024 23:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/downloader_easeus/2.0.0/2trial/EDownloader.exe
Size

1.2MB
MD5

8a250a75859fe52116e706a640e6d77c
SHA1

473c36d9d80173636faeeb0ae4ae9e047e4e9d8b
SHA256

823ab6955052ef34218559b53d4f15224b5a850b532672fa33a7634dc74981dc
SHA512

4b519b1de8f6647a5cbbda11084d096e8bbfe8f694f4fda0e0f244b477f3f15c143254b044b046302ac79b136377894027d9baa2d4ba67ed38f5a55f480a44b4
SSDEEP

24576:JisJdAcuXY/WQjkLxNEl5DYjwuoJ039NzO0lQHoR8lOuLkdNoQv:PjYzhQHou8qkboQv

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

EDownloader.exe

pid process

4192 EDownloader.exe
4192 EDownloader.exe

pid	process
4192	EDownloader.exe
4192	EDownloader.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

EDownloader.exeInfoForSetup.exe

description	pid	process	target process
PID 4192 wrote to memory of 2220	4192	EDownloader.exe	InfoForSetup.exe
PID 4192 wrote to memory of 2220	4192	EDownloader.exe	InfoForSetup.exe
PID 4192 wrote to memory of 2220	4192	EDownloader.exe	InfoForSetup.exe
PID 4192 wrote to memory of 772	4192	EDownloader.exe	InfoForSetup.exe
PID 4192 wrote to memory of 772	4192	EDownloader.exe	InfoForSetup.exe
PID 4192 wrote to memory of 772	4192	EDownloader.exe	InfoForSetup.exe
PID 772 wrote to memory of 3688	772	InfoForSetup.exe	AliyunWrapExe.Exe
PID 772 wrote to memory of 3688	772	InfoForSetup.exe	AliyunWrapExe.Exe
PID 772 wrote to memory of 3688	772	InfoForSetup.exe	AliyunWrapExe.Exe

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.0.0\2trial\EDownloader.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.0.0\2trial\EDownloader.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4192
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe
  /Uid "S-1-5-21-1739856679-3467441365-73334005-1000"
  2⤵
  PID:2220
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe
  /SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"United States\",\"Pageid\":\"\",\"Timezone\":\"GMT-00:00\"}"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:772
- - C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrapExe.Exe
    C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrapExe.Exe
    3⤵
    PID:3688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.0.0\2trial\aliyun\AliyunConfig.ini

Filesize
1KB

MD5
9bc141dcf18406299f64271952535b7b

SHA1
dcca8d16415e8a569690a36c3eb33a6487c1189e

SHA256
e44822d8e3c41313b6ab947c6afd8441ff2aa282cad390684d679f211b7bc7f9

SHA512
fdc3f1ad9eceaff51fafe1640c492ad50f62945cc91e580b986238f089079f991445cbc2a9aa8ee3af6639b9a38c32589fa2e2bc62e014dcd61b0b5928d8aa8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.0.0\2trial\aliyun\DataFile.ini

Filesize
554B

MD5
90ca4e8a8c700834ab92248bb7cb8581

SHA1
360970d5af60ec29824fe8eaa881cbb5c523d587

SHA256
2909282332713891a467ec389c01778af3dfc0d5f9f586de0a3c2e15ff4205d5

SHA512
2ee7cb8c5d6bd0dc4de22af68586016f3d408d145a11eeec479e876645df0c959465dac50ad5708cd93a23e239ccc766e357ee20e540ba6002f85c593e50f985

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.0.0\2trial\aliyun\DataFile.ini

Filesize
88B

MD5
7f411750d07619f38537e7fd612b8b44

SHA1
cda241a1ce5141288582c8f0ac4850992b427bdc

SHA256
ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87

SHA512
35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.0.0\2trial\aliyun\tempInfo.web

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit