fa303eadc3cce05e0c0758c95d58e37be1ce42218f2a34392cd68eeff8ff487e

Analysis

max time kernel
235s
max time network
258s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 22:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

screen_recorder_install_20240620.1-981596.exe
Size

1.3MB
MD5

423b7c6c49a6a71c2e5de8bb30d82a80
SHA1

a8068703372ae00821df45d3d1e83528d5b75530
SHA256

fa303eadc3cce05e0c0758c95d58e37be1ce42218f2a34392cd68eeff8ff487e
SHA512

d313f7546096291a67235fea8bda15521c3d31663680eb2ceeb6d61d77ca48ec089444f3681cb2de00dce3ea1255d82e55829f124f9df890e41378ea9641e031
SSDEEP

24576:lAAbeg/aRWe00Sc72z5ZexkXjoePAL6be7cpzUQP2zk+QLgumxo/hTjPppgepa/G:y00Sec5Z1oePUFsg+U2/hxpPa/NY

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 5 IoCs

pid	Process
2640	EDownloader.exe
536	InfoForSetup.exe
3844	InfoForSetup.exe
2804	AliyunWrapExe.Exe
4156	InfoForSetup.exe

Loads dropped DLL 4 IoCs

pid	Process
536	InfoForSetup.exe
3844	InfoForSetup.exe
2804	AliyunWrapExe.Exe
4156	InfoForSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2640	EDownloader.exe
2640	EDownloader.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 2640	1920	screen_recorder_install_20240620.1-981596.exe	88
PID 1920 wrote to memory of 2640	1920	screen_recorder_install_20240620.1-981596.exe	88
PID 1920 wrote to memory of 2640	1920	screen_recorder_install_20240620.1-981596.exe	88
PID 2640 wrote to memory of 536	2640	EDownloader.exe	89
PID 2640 wrote to memory of 536	2640	EDownloader.exe	89
PID 2640 wrote to memory of 536	2640	EDownloader.exe	89
PID 2640 wrote to memory of 3844	2640	EDownloader.exe	90
PID 2640 wrote to memory of 3844	2640	EDownloader.exe	90
PID 2640 wrote to memory of 3844	2640	EDownloader.exe	90
PID 3844 wrote to memory of 2804	3844	InfoForSetup.exe	91
PID 3844 wrote to memory of 2804	3844	InfoForSetup.exe	91
PID 3844 wrote to memory of 2804	3844	InfoForSetup.exe	91
PID 2640 wrote to memory of 4156	2640	EDownloader.exe	92
PID 2640 wrote to memory of 4156	2640	EDownloader.exe	92
PID 2640 wrote to memory of 4156	2640	EDownloader.exe	92

C:\Users\Admin\AppData\Local\Temp\screen_recorder_install_20240620.1-981596.exe
"C:\Users\Admin\AppData\Local\Temp\screen_recorder_install_20240620.1-981596.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\EDownloader.exe
  "C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\EDownloader.exe" EXEDIR=C:\Users\Admin\AppData\Local\Temp ||| EXENAME=screen_recorder_install_20240620.1-981596.exe ||| DOWNLOAD_VERSION=free ||| PRODUCT_VERSION=2.0.0 ||| INSTALL_TYPE=0
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2640
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\InfoForSetup.exe
    /Uid "S-1-5-21-1181767204-2009306918-3718769404-1000"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:536
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\InfoForSetup.exe
    /SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"United States\",\"Pageid\":\"1-981596\",\"Timezone\":\"GMT-00:00\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\AliyunWrapExe.Exe
      C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\AliyunWrapExe.Exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2804
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\InfoForSetup.exe
    /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"2\",\"Errorinfo\":\"0\",\"Result\":\"Success\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4212,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=1428 /prefetch:8
1⤵
PID:4824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\EDownloader.exe

Filesize
1.2MB

MD5
4d915795d41f42e5059ec91ddf20a9de

SHA1
b326fd86cd6a0b6213b9535c79d82489246783c2

SHA256
1222423e82db8893b227833f4d16f1c073057df5b9bacbb3c4174e00a56261e7

SHA512
8e50684c2deac8efd2ec6211028055777317e5ff51f7c9e19d3cd2ad0d359bb2dd4c1163d5b63b2a079b97b2c27d56f9caa89750e8181b6c433fdcf69310025c

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\English.ini

Filesize
2KB

MD5
a393df1a25c1dbeda0f884c1a593fb29

SHA1
049bb3c63ed94c963a46d4533ae190e49a555cb6

SHA256
51eb72558b002d35cf8039f8c9c2ff843931e52322282000b9430320fb857165

SHA512
eb06935a28ace81a0c5fc314e4faaaafd0b4e9a9a8d2504b9e6653cc4d71d3147606c947ac555356043c49b7659d01b1be6d4620bb4774db5a8f50b41bbbb9f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\InitConfigure.ini

Filesize
3KB

MD5
238b990363ff90929a290b11ef33799c

SHA1
108e52e67d44a03e5097e80307cb6a87f8bf20fd

SHA256
d3b3d86b9a52ff94cba826aa8bc4e4c4c6a04ee05de6248d5e3a972550702d20

SHA512
90fa1a7de81423f47e78953661feb6f7435267635c2daa8f958089e6af4f94e761e088eaad8d54210baeb660e5c2efeefc5bfec4debe024f044b2f45273ff7e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\LanguageTransfor.ini

Filesize
305B

MD5
5b9180ca7b92eaf3fc02c35e78e66cbd

SHA1
14a854b2a08a1a4e0eb1f928f85c2e3fe9d18c05

SHA256
a4433bed3d227249d08d37b84c84a001e443586d5cd2cd63f3fede48d282bae8

SHA512
12dad07a3136f779774ab8ddab08c6dc2d78d184fe282719179a1be5f5c519e32f86065e8d5cca675345f25c121eba333604ea59de6aa60361d68f4a633db1aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\AliyunConfig.ini

Filesize
1KB

MD5
4caa4322ad4d2560ac8e244c98aa164f

SHA1
4e081bedf901cdc2245bd1afb2a5dcb9b15da454

SHA256
e543127784236c0313ce9a4eca70339a43ac9a16267336c2f1eab6309aba4533

SHA512
a8c9f46559447d1e3bc2b5184af303b130940b54524090a7c382c5b0aa1e3df3e6a663ce65f716201a86cc6817efe46b6c0c29a1c13623464079e5d739dd8f89

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\AliyunConfig.ini

Filesize
1KB

MD5
9f1a7a5278696d572cd2fdeb8d683a42

SHA1
f99473b7842010622bcc1ff8f798b27394798c3a

SHA256
c37817c9a71f988cdf18d950b72330088cb27698f2d60000966f46291e2407db

SHA512
56bdddbfcc3330e81ef58250852382dba4d5ae0bdea58275e9ebb1e771360bd7638e97d0702822fd6d919b6195f4e867e6dab2a842a1cdfb48912c9b9834a1f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\AliyunWrap.DLL

Filesize
476KB

MD5
1ff4ff46834cba11482fb5d0f8c533ab

SHA1
6295fbebf55542839454c1a54c3e00355f020043

SHA256
bc2f1685f7157336027d370718dd2428c8a3883450a6191979d22745c3bca7fc

SHA512
659604861088c164d53d87bad6bbd24ef01c539d63322da541de29b9d14398c484396b16f627d2fb32b6d9b934e7a4b4a25bcfecadf9d13a7db4d9e97086c583

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\AliyunWrapExe.exe

Filesize
101KB

MD5
1b6da142052f6736f7a657149de75bee

SHA1
1affdaa5faaa6844e6f47e5827ff351975be6cd3

SHA256
015b2652280118c2c5016fec99fc542e32fd39ddfc9df513fe49677fc9bf6d42

SHA512
bf4eeff93839045d71115e7b7b79755b0b871ceca221a3eaedcccb19b9492672f04ee166192809ecdaa1575160bf2516fad5f5062520613dcc1f062577ae3555

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\DataFile.ini

Filesize
88B

MD5
7f411750d07619f38537e7fd612b8b44

SHA1
cda241a1ce5141288582c8f0ac4850992b427bdc

SHA256
ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87

SHA512
35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\DataFile.ini

Filesize
570B

MD5
a72bbd8a521c498814405517ceb6a4c7

SHA1
9a0692683880d8884a654111da737b0fc749f31a

SHA256
858bf22c9b07af0fb8013e8663421756634d4361affd76640bdb7a0137ae577a

SHA512
8b5b1ac578f627ee1be604f6bbfd1e76c376c1f1b9c4362b20065569cc787d9c7d1efcd14ae0b732a3283a2c4aac8646c7bdf454f6c0382e741ea14836191e83

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\DataFile.ini

Filesize
692B

MD5
304cb62bfb31739f113ffa53245c69a8

SHA1
3ac3e8d01bc5bec48a2354a5a4755f81c3b752a2

SHA256
1b15a2357fb51dbb74fb9f5982c13cf9e2aa370fb4bead6d45ed249981cd643d

SHA512
2f8bbfb20d7fe5f271454901ca562d1be7e7b95ba0ab16f103ea6368d06cb96148adc471e1ec5e71a6463cc4ae2014742b67ccd8e788e42968a50a83a1ee4c98

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\DataFile.ini

Filesize
1KB

MD5
a3a1b6c9d00f765c55cf8a7e7d9f0301

SHA1
c2a13f644445f90bd2323c8fca1dde89da544ecb

SHA256
4c9b9f821bf81ac764a44a409bbadd48d84f144bcbb8384aa51ba28ff8f49426

SHA512
f52f93a3439720266f21890dfa408215951eaa355695ac75a010db5425f6a278252a35f4897ace50739809ab891d0734910a1629d9279a47292d893aa808f774

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\DataFile.ini

Filesize
700B

MD5
cd7cf6e53f09128cd16f84f0f3ced501

SHA1
9636c33b78e88d6d4b2f7ea327b1a4257de756ca

SHA256
b7dfe060eb221e866a684687b17ebc1968c8d4db602ea79f8bd39d757418a96b

SHA512
14889252a1c1d118a3975bba6e916399f3b00b1149b2bdc1ccb7511df54df452341ad00d6b3b93f74541733f32a39ca9fafb911867cd947d05832e6ea524d74f

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\InfoForSetup.exe

Filesize
60KB

MD5
af8a1f5caf9c8411d3eee07007450910

SHA1
5a3c2bd68f6e180920e94319f305f56defb995e0

SHA256
e23e375713ec4d7372dc3fababfaa612ecced4f207e7bd68ce5571a21499e2bd

SHA512
feddc353f9f8ce519f88fe8618c52b30eb6dd9a21391c295b95196183be010bbc03d3b605df72936804fc724b7075bc52af153c0ae477966bb7aac046a9da55e

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\tempInfo.web

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\downloader.ico

Filesize
53KB

MD5
a58460ed7a703471d57297fee1fb81ec

SHA1
c9e0f050dc4b30a832809e357173c0901f05954c

SHA256
6f77ea0cd32fd617bf7788432639fbdb1558a36dcbc944660bbed5e880ac0238

SHA512
96291808f017cfe3c68b0e1958f9898e63293033c828f41a437bc8695acd4b5ac3cd4eaaf4804387e1c15d132fda22d7d4bfa6ae7afc915430c8c768e764000f

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\skin.zip

Filesize
287KB

MD5
2dc2bca2aa7418a83d929530acd475a4

SHA1
d5fc5e57905b96ab4550fbf354c7db450ba7e533

SHA256
8d5c06ac00c6f94120fe35d4117ebf432c7634ef5fde6f69f3d440b93ca43761

SHA512
ae3c7b0fd26835e876e7f1cd4c095db2282f8faa67220efb99a92b01cb493ec3297e7c36a23104b1713573125ba76ae1b57f0527b22c93d43f1fdb7c27664bc3

Download Submit