eb228a9622c7950696e0422694aad00a38db86a9b102a1cbe5481eb935c5dfe1

Analysis

max time kernel
93s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 21:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/downloader_easeus/1.0.0/17trial/EDownloader.exe
Size

1.3MB
MD5

740dfb0c9d1c266b4cf0460c237a1387
SHA1

2107737ea9a42511759fc30f5dd54c7bf09f19d3
SHA256

3645e851f3fd6e9a01ec2e08ac6dcfb439e8c5516a7c2d474bcd5fc71734c69f
SHA512

f65a4cd9a7817be9e54fdcb7ab2d020e1b56aee2ab385a8ad05d48f9923f95a44062cf11c27ea6e9ea6b40b2e2517ed5c2cd11b3bf4dbbefda392f67ac57769a
SSDEEP

24576:AiAOhfZtv2ucSW09ZsLreTy4GAbolsCaxMpxf4zZdj2qD:jvPOlsCbf4zZdj2qD

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3860	EDownloader.exe
3860	EDownloader.exe

Suspicious use of WriteProcessMemory 39 IoCs

description	pid	Process	procid_target
PID 3860 wrote to memory of 4496	3860	EDownloader.exe	81
PID 3860 wrote to memory of 4496	3860	EDownloader.exe	81
PID 3860 wrote to memory of 4496	3860	EDownloader.exe	81
PID 3860 wrote to memory of 4060	3860	EDownloader.exe	85
PID 3860 wrote to memory of 4060	3860	EDownloader.exe	85
PID 3860 wrote to memory of 4060	3860	EDownloader.exe	85
PID 3860 wrote to memory of 836	3860	EDownloader.exe	86
PID 3860 wrote to memory of 836	3860	EDownloader.exe	86
PID 3860 wrote to memory of 836	3860	EDownloader.exe	86
PID 3860 wrote to memory of 4820	3860	EDownloader.exe	87
PID 3860 wrote to memory of 4820	3860	EDownloader.exe	87
PID 3860 wrote to memory of 4820	3860	EDownloader.exe	87
PID 3860 wrote to memory of 2568	3860	EDownloader.exe	88
PID 3860 wrote to memory of 2568	3860	EDownloader.exe	88
PID 3860 wrote to memory of 2568	3860	EDownloader.exe	88
PID 3860 wrote to memory of 4056	3860	EDownloader.exe	89
PID 3860 wrote to memory of 4056	3860	EDownloader.exe	89
PID 3860 wrote to memory of 4056	3860	EDownloader.exe	89
PID 3860 wrote to memory of 1080	3860	EDownloader.exe	90
PID 3860 wrote to memory of 1080	3860	EDownloader.exe	90
PID 3860 wrote to memory of 1080	3860	EDownloader.exe	90
PID 4060 wrote to memory of 392	4060	InfoForSetup.exe	91
PID 4060 wrote to memory of 392	4060	InfoForSetup.exe	91
PID 4060 wrote to memory of 392	4060	InfoForSetup.exe	91
PID 4820 wrote to memory of 4268	4820	InfoForSetup.exe	92
PID 4820 wrote to memory of 4268	4820	InfoForSetup.exe	92
PID 4820 wrote to memory of 4268	4820	InfoForSetup.exe	92
PID 1080 wrote to memory of 3884	1080	InfoForSetup.exe	93
PID 1080 wrote to memory of 3884	1080	InfoForSetup.exe	93
PID 1080 wrote to memory of 3884	1080	InfoForSetup.exe	93
PID 836 wrote to memory of 3436	836	InfoForSetup.exe	94
PID 836 wrote to memory of 3436	836	InfoForSetup.exe	94
PID 836 wrote to memory of 3436	836	InfoForSetup.exe	94
PID 2568 wrote to memory of 4100	2568	InfoForSetup.exe	95
PID 2568 wrote to memory of 4100	2568	InfoForSetup.exe	95
PID 2568 wrote to memory of 4100	2568	InfoForSetup.exe	95
PID 4056 wrote to memory of 1224	4056	InfoForSetup.exe	96
PID 4056 wrote to memory of 1224	4056	InfoForSetup.exe	96
PID 4056 wrote to memory of 1224	4056	InfoForSetup.exe	96

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\EDownloader.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\EDownloader.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3860
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\InfoForSetup.exe
  /Uid "S-1-5-21-3906287020-2915474608-1755617787-1000"
  2⤵
  PID:4496
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\InfoForSetup.exe
  /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"2\",\"Errorinfo\":\"4\",\"Result\":\"Failed\"}"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4060
- - C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\AliyunWrapExe.Exe
    C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\AliyunWrapExe.Exe
    3⤵
    PID:392
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\InfoForSetup.exe
  /SendInfo Window "DownloadInstall_Page" Activity "Info_Start_Download_Program" Attribute "{\"Pageid\":\"100000\"}"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:836
- - C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\AliyunWrapExe.Exe
    C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\AliyunWrapExe.Exe
    3⤵
    PID:3436
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\InfoForSetup.exe
  /SendInfo Window "DownloadInstall_Page" SourceFrom "Downloading" Activity "Trigger_Download_Failed" Attribute "{\"Reason\":\"1004\"}"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4820
- - C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\AliyunWrapExe.Exe
    C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\AliyunWrapExe.Exe
    3⤵
    PID:4268
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\InfoForSetup.exe
  /SendInfo Window "Home_Installer" Activity "Result_Download_Program" Attribute "{\"Errorinfo\":\"Download file size wrong\",\"Result\":\"failed\"}"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2568
- - C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\AliyunWrapExe.Exe
    C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\AliyunWrapExe.Exe
    3⤵
    PID:4100
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\InfoForSetup.exe
  /SendInfo Window "Install" Activity "Info_Userinfo" Attribute "{\"Country\":\"United States\",\"Language\":\"English\",\"OS\":\"Microsoft Windows 10\",\"Timezone\":\"GMT-00:00\",\"UE\":\"on\",\"Version\":\"\",\"Version_Num\":\"\"}"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4056
- - C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\AliyunWrapExe.Exe
    C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\AliyunWrapExe.Exe
    3⤵
    PID:1224
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\InfoForSetup.exe
  /SendInfo Window "DownloadInstall_Page" Activity "Info_Finish" Attribute "{\"Country\":\"United States\",\"Language\":\"English\",\"OS\":\"Microsoft Windows 10\",\"Releasetime\":\"\",\"Testid\":\"\",\"Timezone\":\"GMT-00:00\",\"Version\":\"\",\"Version_Num\":\"\"}"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1080
- - C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\AliyunWrapExe.Exe
    C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\AliyunWrapExe.Exe
    3⤵
    PID:3884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\EasyLog.log

Filesize
1KB

MD5
4e66e4c1026fb3e3318934c4f3cbd995

SHA1
b7c19058205445c55af6d6aa041431330f302699

SHA256
1aab9a12be68797aceef5d66a9640b3bc94503c8efb8fc8a16d34c0c5a6be18e

SHA512
6cd53a294d5357f25fae7b5f6e725e6ada10ed031728b6c7a808bfb409ccfa10910bdd0b3960d387ef061f2eb0118ecf12668c91055f3c29b3947cc1ca80c9d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\AliyunConfig.ini

Filesize
1KB

MD5
55bfe2a529dd2251f2f33a13fd05d545

SHA1
a11dd2054b5865056f3ca8ba85f7f6e1de6a9f33

SHA256
c09f6544123c70a5412cbc1c5d8265d6551733ee1d005086d418177494d409a9

SHA512
235cc8d8214ed4faae4bb3218282f885f1a05ee35c9c159724f5331a4639941bbe4c0961d6718127722b4df12f5b1cb97dbfae48f85850fe89e2c064eeeacc0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\DataFile.ini

Filesize
2KB

MD5
38baeaaa64457a35ca12ec1e0e2a26a6

SHA1
9dd2f44b14a34d0ce2ed927b870168169b1aa022

SHA256
7131513c4c23641294f40c68a2dc966955cf554ed03f655a053c4cdf4bf8e206

SHA512
8373573fe8bb40ed0e81f6e3ca4c18d8fa05dc9079bbfcec61d9faadfc2e6845ca9f094f2f1546fb0ed416bf0d850801ff2402715b8eb03e320202cfd54f5ba3

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\DataFile.ini

Filesize
2KB

MD5
4c58c8b68a4613c4681eb62a1e2fe207

SHA1
4de1376558fe7466d7b4e153e533b804e0f17908

SHA256
ae42a3d466558291425aa786e7390c57502107b420a78784b8841b681fa5343d

SHA512
bced2f33f9a5f0b8521e1501ce9c4e20a28fc396ce8173befff97da467a59d754018ff015a2a824f22ab76d9ffdc90840e9be6c82b9ac10180968d9655bc6003

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\DataFile.ini

Filesize
1KB

MD5
744b2c874a97ebf16a600b2ac3125e59

SHA1
0ea5e5a8d7746ef3a21a8c40129ad6b6e9bbc686

SHA256
bd410b29564813c0588e41b7e1dc763f23724c8a6e423f0827c107dd5f6d4b22

SHA512
36cd6b85d713678edd7053f8ed240dcaf49fb6511fb864a2787f1a76ad9b12904c0ec62e1db5f0c385fd674ef7bfa16b6763b57ef0560a0eaf2e402cc3d2e3be

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\DataFile.ini

Filesize
1KB

MD5
b314136cbacd7884688a588e39bda070

SHA1
7587da70b6f88ce0294fbb22a96ca8ea8a473d97

SHA256
8a4ca5a21973e5cb5ebcd2786fdcd032171fb07a17fe9d9ca5da8876e84258ce

SHA512
d94e99f2808348dbb19f67db0b82d98a1afbff358376d49bea8421536c91d9d2ec8a16b9731321a3c98ab92eb4f1d9c37909680942322022307cf45860beec03

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\DataFile.ini

Filesize
682B

MD5
93a42bd96e416d477bce2dd416bc5f17

SHA1
b99394de33f96940727817e869c7f0ca344d02b4

SHA256
05951599b1fc39c587050733edb07702889468ee52777007724435262bdedc11

SHA512
80431dbd15595f3f32c0ab6dac1154cdcf13428046d156584443f6cb343419764fc0329d22767430f70c2381ee949d8ab9ec7015064e9a26726d359eae5e9087

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\DataFile.ini

Filesize
88B

MD5
7f411750d07619f38537e7fd612b8b44

SHA1
cda241a1ce5141288582c8f0ac4850992b427bdc

SHA256
ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87

SHA512
35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\DataFile.ini

Filesize
2KB

MD5
6463a50adfba993090d6e91b3a66e0ee

SHA1
a1503f00d54dc38cee3064df02f884533c59e73d

SHA256
bf179f196da8a3d9570410503ade6ecdd77ed136b0d26f65a9d398e61bd93308

SHA512
2fccfbadfacaccf0ae95d4eae9505c81b8879a6d979cc6dd7c7c2a029c49592dfaebf043b7620ca58c513974ff03b66aafec551017c86886abfc447d851defed

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\DataFile.ini

Filesize
3KB

MD5
ad742054bd0e56e8341cb3e906d1c3ec

SHA1
2dba20f3c946dd1106f77fb3d57ea489df94c037

SHA256
6e9798d4f9d4e8d453ac803efa752ca7eaf9dde7f1c8bb5be0b359dbd0c21e23

SHA512
317d477d32b0f92e0b63d3dec38d84014aec73e9fd708cae8faa5f34b51873677a4ae8e99d2c704895e69cbce26ebf7404d57c7d1b0ba3c3ba4c9045d2cbbeef

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\1.0.0\17trial\aliyun\tempInfo.web

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads