fa303eadc3cce05e0c0758c95d58e37be1ce42218f2a34392cd68eeff8ff487e

Analysis

max time kernel
51s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 05:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

screen_recorder_install_20240620.1-981596.exe
Size

1.3MB
MD5

423b7c6c49a6a71c2e5de8bb30d82a80
SHA1

a8068703372ae00821df45d3d1e83528d5b75530
SHA256

fa303eadc3cce05e0c0758c95d58e37be1ce42218f2a34392cd68eeff8ff487e
SHA512

d313f7546096291a67235fea8bda15521c3d31663680eb2ceeb6d61d77ca48ec089444f3681cb2de00dce3ea1255d82e55829f124f9df890e41378ea9641e031
SSDEEP

24576:lAAbeg/aRWe00Sc72z5ZexkXjoePAL6be7cpzUQP2zk+QLgumxo/hTjPppgepa/G:y00Sec5Z1oePUFsg+U2/hxpPa/NY

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
2576	EDownloader.exe
1660	InfoForSetup.exe
2144	InfoForSetup.exe
3536	AliyunWrapExe.Exe
3696	InfoForSetup.exe
5072	InfoForSetup.exe

Loads dropped DLL 5 IoCs

pid	Process
1660	InfoForSetup.exe
2144	InfoForSetup.exe
3536	AliyunWrapExe.Exe
3696	InfoForSetup.exe
5072	InfoForSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2576	EDownloader.exe
2576	EDownloader.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 3888 wrote to memory of 2576	3888	screen_recorder_install_20240620.1-981596.exe	80
PID 3888 wrote to memory of 2576	3888	screen_recorder_install_20240620.1-981596.exe	80
PID 3888 wrote to memory of 2576	3888	screen_recorder_install_20240620.1-981596.exe	80
PID 2576 wrote to memory of 1660	2576	EDownloader.exe	81
PID 2576 wrote to memory of 1660	2576	EDownloader.exe	81
PID 2576 wrote to memory of 1660	2576	EDownloader.exe	81
PID 2576 wrote to memory of 2144	2576	EDownloader.exe	82
PID 2576 wrote to memory of 2144	2576	EDownloader.exe	82
PID 2576 wrote to memory of 2144	2576	EDownloader.exe	82
PID 2144 wrote to memory of 3536	2144	InfoForSetup.exe	83
PID 2144 wrote to memory of 3536	2144	InfoForSetup.exe	83
PID 2144 wrote to memory of 3536	2144	InfoForSetup.exe	83
PID 2576 wrote to memory of 3696	2576	EDownloader.exe	84
PID 2576 wrote to memory of 3696	2576	EDownloader.exe	84
PID 2576 wrote to memory of 3696	2576	EDownloader.exe	84
PID 2576 wrote to memory of 5072	2576	EDownloader.exe	85
PID 2576 wrote to memory of 5072	2576	EDownloader.exe	85
PID 2576 wrote to memory of 5072	2576	EDownloader.exe	85

C:\Users\Admin\AppData\Local\Temp\screen_recorder_install_20240620.1-981596.exe
"C:\Users\Admin\AppData\Local\Temp\screen_recorder_install_20240620.1-981596.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3888
- C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\EDownloader.exe
  "C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\EDownloader.exe" EXEDIR=C:\Users\Admin\AppData\Local\Temp ||| EXENAME=screen_recorder_install_20240620.1-981596.exe ||| DOWNLOAD_VERSION=free ||| PRODUCT_VERSION=2.0.0 ||| INSTALL_TYPE=0
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2576
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\InfoForSetup.exe
    /Uid "S-1-5-21-4124900551-4068476067-3491212533-1000"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1660
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\InfoForSetup.exe
    /SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"United States\",\"Pageid\":\"1-981596\",\"Timezone\":\"GMT-00:00\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\AliyunWrapExe.Exe
      C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\AliyunWrapExe.Exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3536
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\InfoForSetup.exe
    /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"o\",\"Errorinfo\":\"106\",\"Result\":\"Failed\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3696
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\InfoForSetup.exe
    /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Elapsedtime\":\"24\",\"Errorinfo\":\"1106\",\"Result\":\"result_fail\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\EDownloader.exe

Filesize
1.2MB

MD5
4d915795d41f42e5059ec91ddf20a9de

SHA1
b326fd86cd6a0b6213b9535c79d82489246783c2

SHA256
1222423e82db8893b227833f4d16f1c073057df5b9bacbb3c4174e00a56261e7

SHA512
8e50684c2deac8efd2ec6211028055777317e5ff51f7c9e19d3cd2ad0d359bb2dd4c1163d5b63b2a079b97b2c27d56f9caa89750e8181b6c433fdcf69310025c

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\EasyLog.log

Filesize
1KB

MD5
364b2d78338ba70dbb76e2cdff7facac

SHA1
e96b8109f22bba4c8456f9ea855137d116ff75bd

SHA256
c4b87b089c27b88c7dae1ddf3ffb41c1b9dd3e2b14b128482b7a5dd5514e4458

SHA512
890047d9d0c929463715ba3528d2059c1c34c587e8b425c07e0c29f7026d1356a91cfb1c579ba397b89948dbfd55c5ca04312163b9c78c8397c771abdfb86f2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\English.ini

Filesize
2KB

MD5
a393df1a25c1dbeda0f884c1a593fb29

SHA1
049bb3c63ed94c963a46d4533ae190e49a555cb6

SHA256
51eb72558b002d35cf8039f8c9c2ff843931e52322282000b9430320fb857165

SHA512
eb06935a28ace81a0c5fc314e4faaaafd0b4e9a9a8d2504b9e6653cc4d71d3147606c947ac555356043c49b7659d01b1be6d4620bb4774db5a8f50b41bbbb9f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\InitConfigure.ini

Filesize
3KB

MD5
238b990363ff90929a290b11ef33799c

SHA1
108e52e67d44a03e5097e80307cb6a87f8bf20fd

SHA256
d3b3d86b9a52ff94cba826aa8bc4e4c4c6a04ee05de6248d5e3a972550702d20

SHA512
90fa1a7de81423f47e78953661feb6f7435267635c2daa8f958089e6af4f94e761e088eaad8d54210baeb660e5c2efeefc5bfec4debe024f044b2f45273ff7e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\LanguageTransfor.ini

Filesize
305B

MD5
5b9180ca7b92eaf3fc02c35e78e66cbd

SHA1
14a854b2a08a1a4e0eb1f928f85c2e3fe9d18c05

SHA256
a4433bed3d227249d08d37b84c84a001e443586d5cd2cd63f3fede48d282bae8

SHA512
12dad07a3136f779774ab8ddab08c6dc2d78d184fe282719179a1be5f5c519e32f86065e8d5cca675345f25c121eba333604ea59de6aa60361d68f4a633db1aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\AliyunConfig.ini

Filesize
1KB

MD5
35bc8266ad5d408f1dc61799b0e49ae1

SHA1
fbdfd8d54c58afd5562c3c83262ce4384fa5ff79

SHA256
0ea42eb9726c8eec4c23a85d68f58fff499880ace0e51996c3a819cccc919416

SHA512
0f3d6d5feb2071d4c54cd14280c7658ff03855a24765ba454084b21e73ed2807b67e615d198f60f1357d9e1fed07e720312271c8cce929e7380bc6061d02258d

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\AliyunWrap.DLL

Filesize
476KB

MD5
1ff4ff46834cba11482fb5d0f8c533ab

SHA1
6295fbebf55542839454c1a54c3e00355f020043

SHA256
bc2f1685f7157336027d370718dd2428c8a3883450a6191979d22745c3bca7fc

SHA512
659604861088c164d53d87bad6bbd24ef01c539d63322da541de29b9d14398c484396b16f627d2fb32b6d9b934e7a4b4a25bcfecadf9d13a7db4d9e97086c583

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\AliyunWrapExe.exe

Filesize
101KB

MD5
1b6da142052f6736f7a657149de75bee

SHA1
1affdaa5faaa6844e6f47e5827ff351975be6cd3

SHA256
015b2652280118c2c5016fec99fc542e32fd39ddfc9df513fe49677fc9bf6d42

SHA512
bf4eeff93839045d71115e7b7b79755b0b871ceca221a3eaedcccb19b9492672f04ee166192809ecdaa1575160bf2516fad5f5062520613dcc1f062577ae3555

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\DataFile.ini

Filesize
1KB

MD5
03d76a7efb3c45e0d574686223f5f023

SHA1
9a1450c431278701cdc49d8298d66fe260abb630

SHA256
6807c2744e9d0ca3d9fc8dcceb7259cab3820ae5d39e740143a4dfdc829035a2

SHA512
5521db8e6f438d6cf8bc98130226836cfad8d0f4effd2907750a9395ac7f3c6b2664b70943935175eb917d7f0710d788679468e25c0902316b8445f8338aa293

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\DataFile.ini

Filesize
570B

MD5
70816654c76750afa4c97da797a40a90

SHA1
58c064ce3fb50e36b6e96e901891bd0215799e7c

SHA256
b5cb0ea23ac5d101e9fca67e8c202dfffbef9968d269a63ba35ca8308cfba0a3

SHA512
07458e2a2de14eb820ca8ac0885979a25e4ed10c709a0c61e230c48e72cc83fe943e6925bfd372b1a856575ed3bb4d68bb70525ac9e939c1786444976215d325

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\DataFile.ini

Filesize
1KB

MD5
c7a25a76df8ea4f94eb6dbf215ae9594

SHA1
fbd17447952f32b5e713472db1b69e74507f2552

SHA256
08ff82cf8dfbd6a5953e651b8e1ae92a186923e576c9f7ccc5230cd658769b34

SHA512
218957363a3f23ebe132611281867cd21a7055aa769796ef3e263a202ac3dded60d91be450c654d049e4cc1c5d633aef96804751c298359795585458252da4a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\aliyun\InfoForSetup.exe

Filesize
60KB

MD5
af8a1f5caf9c8411d3eee07007450910

SHA1
5a3c2bd68f6e180920e94319f305f56defb995e0

SHA256
e23e375713ec4d7372dc3fababfaa612ecced4f207e7bd68ce5571a21499e2bd

SHA512
feddc353f9f8ce519f88fe8618c52b30eb6dd9a21391c295b95196183be010bbc03d3b605df72936804fc724b7075bc52af153c0ae477966bb7aac046a9da55e

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\downloader.ico

Filesize
53KB

MD5
a58460ed7a703471d57297fee1fb81ec

SHA1
c9e0f050dc4b30a832809e357173c0901f05954c

SHA256
6f77ea0cd32fd617bf7788432639fbdb1558a36dcbc944660bbed5e880ac0238

SHA512
96291808f017cfe3c68b0e1958f9898e63293033c828f41a437bc8695acd4b5ac3cd4eaaf4804387e1c15d132fda22d7d4bfa6ae7afc915430c8c768e764000f

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\12free\skin.zip

Filesize
287KB

MD5
2dc2bca2aa7418a83d929530acd475a4

SHA1
d5fc5e57905b96ab4550fbf354c7db450ba7e533

SHA256
8d5c06ac00c6f94120fe35d4117ebf432c7634ef5fde6f69f3d440b93ca43761

SHA512
ae3c7b0fd26835e876e7f1cd4c095db2282f8faa67220efb99a92b01cb493ec3297e7c36a23104b1713573125ba76ae1b57f0527b22c93d43f1fdb7c27664bc3

Download Submit