eb228a9622c7950696e0422694aad00a38db86a9b102a1cbe5481eb935c5dfe1

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 21:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/downloader_easeus/1.0.0/17trial/EDownloader.exe
Size

1.3MB
MD5

740dfb0c9d1c266b4cf0460c237a1387
SHA1

2107737ea9a42511759fc30f5dd54c7bf09f19d3
SHA256

3645e851f3fd6e9a01ec2e08ac6dcfb439e8c5516a7c2d474bcd5fc71734c69f
SHA512

f65a4cd9a7817be9e54fdcb7ab2d020e1b56aee2ab385a8ad05d48f9923f95a44062cf11c27ea6e9ea6b40b2e2517ed5c2cd11b3bf4dbbefda392f67ac57769a
SSDEEP

24576:AiAOhfZtv2ucSW09ZsLreTy4GAbolsCaxMpxf4zZdj2qD:jvPOlsCbf4zZdj2qD

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1340	EDownloader.exe
1340	EDownloader.exe

Suspicious use of WriteProcessMemory 53 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 2984	1340	EDownloader.exe	28
PID 1340 wrote to memory of 2984	1340	EDownloader.exe	28
PID 1340 wrote to memory of 2984	1340	EDownloader.exe	28
PID 1340 wrote to memory of 2984	1340	EDownloader.exe	28
PID 1340 wrote to memory of 2984	1340	EDownloader.exe	28
PID 1340 wrote to memory of 2984	1340	EDownloader.exe	28
PID 1340 wrote to memory of 2984	1340	EDownloader.exe	28
PID 1340 wrote to memory of 2656	1340	EDownloader.exe	29
PID 1340 wrote to memory of 2656	1340	EDownloader.exe	29
PID 1340 wrote to memory of 2656	1340	EDownloader.exe	29
PID 1340 wrote to memory of 2656	1340	EDownloader.exe	29
PID 1340 wrote to memory of 2656	1340	EDownloader.exe	29
PID 1340 wrote to memory of 2656	1340	EDownloader.exe	29
PID 1340 wrote to memory of 2656	1340	EDownloader.exe	29
PID 1340 wrote to memory of 2432	1340	EDownloader.exe	30
PID 1340 wrote to memory of 2432	1340	EDownloader.exe	30
PID 1340 wrote to memory of 2432	1340	EDownloader.exe	30
PID 1340 wrote to memory of 2432	1340	EDownloader.exe	30
PID 1340 wrote to memory of 2432	1340	EDownloader.exe	30
PID 1340 wrote to memory of 2432	1340	EDownloader.exe	30
PID 1340 wrote to memory of 2432	1340	EDownloader.exe	30
PID 1340 wrote to memory of 2464	1340	EDownloader.exe	31
PID 1340 wrote to memory of 2464	1340	EDownloader.exe	31
PID 1340 wrote to memory of 2464	1340	EDownloader.exe	31
PID 1340 wrote to memory of 2464	1340	EDownloader.exe	31
PID 1340 wrote to memory of 2464	1340	EDownloader.exe	31
PID 1340 wrote to memory of 2464	1340	EDownloader.exe	31
PID 1340 wrote to memory of 2464	1340	EDownloader.exe	31
PID 1340 wrote to memory of 1808	1340	EDownloader.exe	32
PID 1340 wrote to memory of 1808	1340	EDownloader.exe	32
PID 1340 wrote to memory of 1808	1340	EDownloader.exe	32
PID 1340 wrote to memory of 1808	1340	EDownloader.exe	32
PID 1340 wrote to memory of 1808	1340	EDownloader.exe	32
PID 1340 wrote to memory of 1808	1340	EDownloader.exe	32
PID 1340 wrote to memory of 1808	1340	EDownloader.exe	32
PID 1340 wrote to memory of 2536	1340	EDownloader.exe	33
PID 1340 wrote to memory of 2536	1340	EDownloader.exe	33
PID 1340 wrote to memory of 2536	1340	EDownloader.exe	33
PID 1340 wrote to memory of 2536	1340	EDownloader.exe	33
PID 1340 wrote to memory of 2536	1340	EDownloader.exe	33
PID 1340 wrote to memory of 2536	1340	EDownloader.exe	33
PID 1340 wrote to memory of 2536	1340	EDownloader.exe	33
PID 1340 wrote to memory of 2428	1340	EDownloader.exe	34
PID 1340 wrote to memory of 2428	1340	EDownloader.exe	34
PID 1340 wrote to memory of 2428	1340	EDownloader.exe	34
PID 1340 wrote to memory of 2428	1340	EDownloader.exe	34
PID 1340 wrote to memory of 2428	1340	EDownloader.exe	34
PID 1340 wrote to memory of 2428	1340	EDownloader.exe	34
PID 1340 wrote to memory of 2428	1340	EDownloader.exe	34
PID 2656 wrote to memory of 2440	2656	InfoForSetup.exe	35
PID 2656 wrote to memory of 2440	2656	InfoForSetup.exe	35
PID 2656 wrote to memory of 2440	2656	InfoForSetup.exe	35
PID 2656 wrote to memory of 2440	2656	InfoForSetup.exe	35

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\EDownloader.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\EDownloader.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\InfoForSetup.exe
  /Uid "S-1-5-21-330940541-141609230-1670313778-1000"
  2⤵
  PID:2984
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\InfoForSetup.exe
  /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"1\",\"Errorinfo\":\"4\",\"Result\":\"Failed\"}"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2656
- - C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\AliyunWrapExe.Exe
    C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\AliyunWrapExe.Exe
    3⤵
    PID:2440
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\InfoForSetup.exe
  /SendInfo Window "DownloadInstall_Page" Activity "Info_Start_Download_Program" Attribute "{\"Pageid\":\"100000\"}"
  2⤵
  PID:2432
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\InfoForSetup.exe
  /SendInfo Window "DownloadInstall_Page" SourceFrom "Downloading" Activity "Trigger_Download_Failed" Attribute "{\"Reason\":\"1004\"}"
  2⤵
  PID:2464
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\InfoForSetup.exe
  /SendInfo Window "Home_Installer" Activity "Result_Download_Program" Attribute "{\"Errorinfo\":\"Download file size wrong\",\"Result\":\"failed\"}"
  2⤵
  PID:1808
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\InfoForSetup.exe
  /SendInfo Window "Install" Activity "Info_Userinfo" Attribute "{\"Country\":\"United States\",\"Language\":\"English\",\"OS\":\"Microsoft Windows 7\",\"Timezone\":\"GMT-00:00\",\"UE\":\"on\",\"Version\":\"\",\"Version_Num\":\"\"}"
  2⤵
  PID:2536
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\InfoForSetup.exe
  /SendInfo Window "DownloadInstall_Page" Activity "Info_Finish" Attribute "{\"Country\":\"United States\",\"Language\":\"English\",\"OS\":\"Microsoft Windows 7\",\"Releasetime\":\"\",\"Testid\":\"\",\"Timezone\":\"GMT-00:00\",\"Version\":\"\",\"Version_Num\":\"\"}"
  2⤵
  PID:2428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\EasyLog.log

Filesize
706B

MD5
57186ebaa827ae6277102cde89c69fa9

SHA1
550f0857309ed9dd259026579c3e008a8c3daf2e

SHA256
dcab20cfb034fcce5b4d84750c10ff70a158e6b57ef539118c4996c9515f4cc7

SHA512
50e9f2748b511d11c0ce0912f96547a81f2b5cb2b9a737ebf596ecf0b5aceab0d8b20517381333170aacf43a10a983290de279da1a2d2616da0c4713191124f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\AliyunConfig.ini

Filesize
1KB

MD5
781bf4f99f3e79b1f3884de83396b09f

SHA1
7ffedf26e2ea3abb66ab13dea1cb640dc3e602a3

SHA256
38e952f192e7050a611f920428784e3298d1ea588db59ae287d123c555db4938

SHA512
43702ac79fdcc8df314cbcf481346c8f25a0dff76da3403c2d7e93c73caa232cafd1b6ff1edae3973ceb096bd9209499c1c508e4603a2898bd42e7bc1f398ab7

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\DataFile.ini

Filesize
2KB

MD5
40bfd89171f3a81425783b441d3edcfe

SHA1
dccd957ec3cd2e1654141d4de07a41070928fa82

SHA256
077245083d713fac7b3970395c153bd1b9590750ba98664d7113cfd8bd71398b

SHA512
699a6444a674f662e4438ae6c7817c19d9a71c86dba6a0ab59f735c5448f87c2853ebf9bbb8f062c935abba18360948768aad70e3882574dbddb90f91283b1f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\DataFile.ini

Filesize
2KB

MD5
c1e5e4bacffe4ce0b899630f660e5b1d

SHA1
8633b56fcb75f7295037b8b336a6cb5f3aa39cd2

SHA256
f4749eb65bdf77c8fee5746065a41a20baee984b6016a487251a47030d5bccac

SHA512
12127dfbbd2d998831890d3e70a9aa73dc62d0560660ffc8c5e068817c0235e60aa0238e3cab5270161fd046685369464c365c37ed32d061f266049e3e3c96c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\DataFile.ini

Filesize
1KB

MD5
92f61b115488664943b885ec4de82dff

SHA1
41bca2b4c53bad15709688e73f277086ef9a3f82

SHA256
7c48f33f4c39d3683dbad9e04c9863d30d87925ecb77965abc7abc8b3fd84f29

SHA512
95af21b824df65cbe339c941d62a6de713bc0bc3fe0890d5afafb8de2d3504dd315df6dd016c66c053aa7cee148e958edf4569e8cd302492dd6a0cc251a8f1c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\DataFile.ini

Filesize
1KB

MD5
afa03dacb626c557902e8ce1760564b7

SHA1
56071e50234e970e7e0bcdda965a6511a6b86931

SHA256
47b9d55426b90d934d05d3d94f339147500e6635fbddeadafdf659fa49e00d66

SHA512
123e980e59739ee3668c63d0221d08f393503d987454504b8361b769dbbb6c00b3127865ee18799e96707ac456560b4c300012161d090d3425cc5bfd5ed64ae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\DataFile.ini

Filesize
680B

MD5
06ee080a78e62a394dcc7f04f05bcf58

SHA1
8327c065695057ff91f589e5ad7963b64b833952

SHA256
56d33fc34b0f8b1570a93aebafe7fa792a441798cee799a154a784908f3d8171

SHA512
01be313b3f36c6c845788f47a78dec0b2261645f40ef8a61cd6b019a711fec2cfe8e2cda00652f2bd5a6b2322b7f7fa3e26a2e51b9e2de3f73becb144c0b6bde

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\DataFile.ini

Filesize
88B

MD5
7f411750d07619f38537e7fd612b8b44

SHA1
cda241a1ce5141288582c8f0ac4850992b427bdc

SHA256
ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87

SHA512
35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\DataFile.ini

Filesize
698B

MD5
834efc0a82c702e6935bf96b99301eb7

SHA1
f43a7e95e08c90a454e8c356fbc2aaa0ffc0f88f

SHA256
14498f7b1b9618662f113c8f210a4925c9b1e29f243c06e2e064e9f9e274df4d

SHA512
47fd2aaaeb2d975d74fb04eaf9e69fc5f4d368f181f004f0f70d690ac58bee2e7c0760ddc006be2ec9d07c2ae0202ae23bc5bb89c70c57293bef33b3d7ed324b

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\DataFile.ini

Filesize
3KB

MD5
30a59c8569b48094b47d14b2cba48881

SHA1
d4c6f1a543a4941e8ebe951816feaddff612329c

SHA256
38a3761679712ae20b76b0c61c56bd20920709ec561e59d5715c8d53ca37969b

SHA512
2e0d1f789fc0e319e9630600c4f135ad926bef0d8d8a2eca836b3abfd288d443c3b8e5a92dfd16b847d2552b406a3a0b57600274dec78ba26a0191989ea9c93b

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\tempInfo.web

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads