eb228a9622c7950696e0422694aad00a38db86a9b102a1cbe5481eb935c5dfe1

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 21:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

videodownloader_trial_Installer_20240530.695504.exe
Size

1.8MB
MD5

943e86d7b455251cb4a877b7ad4bc752
SHA1

6cfea2a3469bee70277a7fd9f98ac3dec2d4ca6c
SHA256

eb228a9622c7950696e0422694aad00a38db86a9b102a1cbe5481eb935c5dfe1
SHA512

e38f7f828ce8c8ebcc131983a5f625484335c143a3cf15981563f209e61e2c313c404e4e56e46ad33e17bc011bb8822da1ec50cf2c672337b28c566db8dbc574
SSDEEP

49152:GUTc20KFvo3No3gYOfv1AMfkMY1kYKvxpi0Vpc7pW:GZu3gnfDfkMxN/i0VpctW

Score

6^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 8 IoCs

pid	Process
312	EDownloader.exe
1228	InfoForSetup.exe
544	InfoForSetup.exe
4648	InfoForSetup.exe
3612	InfoForSetup.exe
4368	AliyunWrapExe.Exe
4488	AliyunWrapExe.Exe
2492	AliyunWrapExe.Exe

Loads dropped DLL 7 IoCs

pid	Process
1228	InfoForSetup.exe
544	InfoForSetup.exe
4648	InfoForSetup.exe
3612	InfoForSetup.exe
4368	AliyunWrapExe.Exe
4488	AliyunWrapExe.Exe
2492	AliyunWrapExe.Exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
312	EDownloader.exe
312	EDownloader.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 3892 wrote to memory of 312	3892	videodownloader_trial_Installer_20240530.695504.exe	90
PID 3892 wrote to memory of 312	3892	videodownloader_trial_Installer_20240530.695504.exe	90
PID 3892 wrote to memory of 312	3892	videodownloader_trial_Installer_20240530.695504.exe	90
PID 312 wrote to memory of 1228	312	EDownloader.exe	91
PID 312 wrote to memory of 1228	312	EDownloader.exe	91
PID 312 wrote to memory of 1228	312	EDownloader.exe	91
PID 312 wrote to memory of 544	312	EDownloader.exe	92
PID 312 wrote to memory of 544	312	EDownloader.exe	92
PID 312 wrote to memory of 544	312	EDownloader.exe	92
PID 312 wrote to memory of 4648	312	EDownloader.exe	93
PID 312 wrote to memory of 4648	312	EDownloader.exe	93
PID 312 wrote to memory of 4648	312	EDownloader.exe	93
PID 312 wrote to memory of 3612	312	EDownloader.exe	94
PID 312 wrote to memory of 3612	312	EDownloader.exe	94
PID 312 wrote to memory of 3612	312	EDownloader.exe	94
PID 3612 wrote to memory of 4368	3612	InfoForSetup.exe	96
PID 3612 wrote to memory of 4368	3612	InfoForSetup.exe	96
PID 3612 wrote to memory of 4368	3612	InfoForSetup.exe	96
PID 4648 wrote to memory of 2492	4648	InfoForSetup.exe	95
PID 4648 wrote to memory of 2492	4648	InfoForSetup.exe	95
PID 4648 wrote to memory of 2492	4648	InfoForSetup.exe	95
PID 544 wrote to memory of 4488	544	InfoForSetup.exe	97
PID 544 wrote to memory of 4488	544	InfoForSetup.exe	97
PID 544 wrote to memory of 4488	544	InfoForSetup.exe	97

C:\Users\Admin\AppData\Local\Temp\videodownloader_trial_Installer_20240530.695504.exe
"C:\Users\Admin\AppData\Local\Temp\videodownloader_trial_Installer_20240530.695504.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3892
- C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\EDownloader.exe
  "C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\EDownloader.exe" EXEDIR=C:\Users\Admin\AppData\Local\Temp ||| EXENAME=videodownloader_trial_Installer_20240530.695504.exe ||| DOWNLOAD_VERSION=trial ||| RELEASE_TIME=2024-03-20_10_06_43 ||| PRODUCT_VERSION=1.0.0 ||| INSTALL_TYPE=0
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:312
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\aliyun\InfoForSetup.exe
    /Uid "S-1-5-21-3808065738-1666277613-1125846146-1000"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1228
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\aliyun\InfoForSetup.exe
    /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"6\",\"Errorinfo\":\"0\",\"Result\":\"Success\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:544
  - - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\aliyun\AliyunWrapExe.Exe
      C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\aliyun\AliyunWrapExe.Exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4488
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\aliyun\InfoForSetup.exe
    /SendInfo Window "Install" Activity "Info_Userinfo" Attribute "{\"Country\":\"United States\",\"Language\":\"English\",\"OS\":\"Microsoft Windows 10\",\"Timezone\":\"GMT-00:00\",\"UE\":\"on\",\"Version\":\"trial\",\"Version_Num\":\"2.4.2\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\aliyun\AliyunWrapExe.Exe
      C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\aliyun\AliyunWrapExe.Exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2492
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\aliyun\InfoForSetup.exe
    /SendInfo Window "DownloadInstall_Page" Activity "Info_Finish" Attribute "{\"Country\":\"United States\",\"Language\":\"English\",\"OS\":\"Microsoft Windows 10\",\"Releasetime\":\"2024-03-20_10_06_43\",\"Testid\":\"\",\"Timezone\":\"GMT-00:00\",\"Version\":\"trial\",\"Version_Num\":\"2.4.2\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\aliyun\AliyunWrapExe.Exe
      C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\aliyun\AliyunWrapExe.Exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4240 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
1⤵
PID:1576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\EDownloader.exe

Filesize
1.3MB

MD5
740dfb0c9d1c266b4cf0460c237a1387

SHA1
2107737ea9a42511759fc30f5dd54c7bf09f19d3

SHA256
3645e851f3fd6e9a01ec2e08ac6dcfb439e8c5516a7c2d474bcd5fc71734c69f

SHA512
f65a4cd9a7817be9e54fdcb7ab2d020e1b56aee2ab385a8ad05d48f9923f95a44062cf11c27ea6e9ea6b40b2e2517ed5c2cd11b3bf4dbbefda392f67ac57769a

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\English.ini

Filesize
3KB

MD5
03b66505e67738b4f94f2bba90cdc4fa

SHA1
edbee7e03c52926bbe811469f2f3654baaf76d9b

SHA256
d11ff4f4c7c4e25ef21b0b42e5d517e3eb9a5f39822f95b910e8cb8520a69ce0

SHA512
bfba3cfe15a44baf1a90da9857a1525de89da461517885cec865a07bc4526d228b6e0a86c27ff31d381f9eda1cae442a9ab7b2dbb0b4ad66c279ea911db20aeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\InitConfigure.ini

Filesize
3KB

MD5
6f1b295c2bc031cb75f229d714850bbb

SHA1
8f6196d65b095aa20c13819092024ae2caf09973

SHA256
3a0bf9155fb4070ac9871bd0825d63e9a033822f6bc1414eb91f3bbcb1ea049f

SHA512
97cfeee60dc60441c91d50c5c85bda5e4c0a7046edf80dc45e8f48f4145e8ca557854759bbc669ed9e3e0219e1b71f3ee6fbac16dd6d6d07a24d44678c5ebda2

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\LanguageTransfor.ini

Filesize
224B

MD5
24caee55a9c3a6c3844481729a165849

SHA1
a7699f0c8ad6786bb200422a01628ac716ac6648

SHA256
62c944a6bd61d696a2029cb06180ec2c3051fc85d1ed85918c8ebad573304683

SHA512
31f1b1850f9dedd121f38b28a662b9bb3673198f6fb6819c11e532ca301d30a8ce5a146a8fbf683a54ef4783ce2fd09382061f036ff1a2ee78862d31bc2c383d

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\aliyun\AliyunConfig.ini

Filesize
1KB

MD5
33ef0148496a8570f76c286613c1917f

SHA1
21b122e6509a82c3e898c429a6df9e7d8fbca077

SHA256
37b69656732925d15ecce7d00a1f0f736dd5150f1d08d6752a66253411f29fb3

SHA512
4c0cec5c87cc46fe555613a6a7b166630da35fc5fec1e33150fe6eec0d54dc94bc651351d26fa83071fce20d772700c8eda8106d728b1d83026921109f0e4259

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\aliyun\AliyunWrap.DLL

Filesize
789KB

MD5
faa5bfe41fa009ebfdeda7eead76b89e

SHA1
4799b258e68a51992ba45349590a4c62d5cc17b7

SHA256
ed406ef69809cd4ffca6381aa84c3bcb20819bee8844fb619312bdd80d1499a0

SHA512
dbb941c8a22b16384efb9e05db087497babbf3c4d8a08baf22e3958cc59b38b2d5f44d977acb295aaba54f4bf62d1a9d8a0188a843b75f5876d0e1bde7e68137

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\aliyun\AliyunWrapExe.Exe

Filesize
414KB

MD5
036349b548361d61927ee025914fcf56

SHA1
ffad984d3e73db04bfa9a254a5da9637e14b5265

SHA256
f3e575526163714d815f9f2a6ee0343df8f43753396c7f017d1bab0e094985df

SHA512
c2612f30a05c4745256b61e4179420199fd24fba359744468b3ac1efefb392132b44581baaae414c56cef0f0dba7cc20b51de3d6f8fdb3af5e5eb994b229fb56

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\aliyun\DataFile.ini

Filesize
1KB

MD5
e14cc2622a548fcdb88c61acca915701

SHA1
197fa9d37ca4c1567dfedbeec84a4d5bd6961ff7

SHA256
6ded586daf6b7fc85738dda2abe5ce55d4b73b56f2cee448e6b11aa86932ae2e

SHA512
aaedf5e391ce8344c3dbe5f679c7dc8e1b501b54f958acfe6a52c649fa9f3acdf695d97161e73b8273c517704c06a9581adc333f182a1c11ce8100fe3ce745d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\aliyun\DataFile.ini

Filesize
700B

MD5
9c66ad5a073481ecc6f64958934d0eee

SHA1
fc52d1a1955779fbce463a0a66b94b439c02a05b

SHA256
f0a0cbf1bfd8653d89695c3f1f9a12fb425eaf31c331338f0a17f88f87ecb9fd

SHA512
c9682cf1daf9d9c47c56e74072f8661fe3c1a51f0895e6498bb46d224c2baf096218d0ddf7314d7f0136c372a1bf12d1c19d638e4d335e31ca3d1393d07ce6f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\aliyun\DataFile.ini

Filesize
1KB

MD5
2acc2d221c43a7a54ef1baed0b79638c

SHA1
1e1b8009cfbb813b901fec72b56cb31e6dbe2c45

SHA256
708d5ad85b022ecdecd4a7710e6e487c29320bb9ffbcb05cd1c4fe31de5f2681

SHA512
ff03806a3206e851d9c60581175bf80b2b5c1ce47d68d01528147fa4e4e1b95028427df80307a933837e2ba9b999410a9048c2dcbb3b693c20f1b88fe66bf157

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\aliyun\InfoForSetup.exe

Filesize
372KB

MD5
0ef50aa89bc8454f93952b7a1150392d

SHA1
5a1f13d3459a83c8ad85f3ae763b8c7369bee522

SHA256
c5c90aaa9d3d3a73adf98e9cdbc90456595c7284c93c8864fa0c8043a103db59

SHA512
addb3f78083e5f0cf7dcfc78234ef6a63025861d9f5efc9caa0ae6c64b7a51614d31abab32e9e2e7b7d633f52d6f50e317ae7453889aa64c5e94f0f28e1ccf84

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\aliyun\tempInfo.web

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\downloader.ico

Filesize
53KB

MD5
11453aa7214e90b8b556eff1d82da653

SHA1
98046f8cf32f937a37e36e59f18a02450a4d291e

SHA256
e0f35e80985ff285a8b3fc3fa3dfbe894eedcf9b2957378287ed831ece02e67f

SHA512
4780c509d233fead014efe4d9276ca359750d7e42ace1b3d089879f93a5b27180e79db80e6bd2f457b9b5a22209af459bc6a9b6ed37f6654a773ca0171e1b39a

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\1.0.0\17trial\skin.zip

Filesize
670KB

MD5
a1e5e84f3b620c3436b128572a1bc124

SHA1
9fecba2933c2c790d0a6453dc48e262ae5926061

SHA256
1d7def7a302b490b21b02c0941e695fe4a1bc1ccdf0ecb29ad7d1075afda5a7b

SHA512
70514784db4d04cf660fd318f5bfde975b4580718c9fbf0a394477f52facf72d1c13f84751628aa97a045d8b74115da0e51de7e4a6f9051f6e2b77023c1af50e

Download Submit