4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55

Analysis

max time kernel
141s
max time network
147s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/09/2024, 05:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe
Size

2.3MB
MD5

91a21c1d08884e53cd6ddc5cb930fc49
SHA1

1ad3cc1e99573b145bc956417c26249b2041aada
SHA256

4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55
SHA512

d5fb68e5b9f045e0e775e81ec69ea58c09cb1eb2fcbca54f0395e1ce07799fe93901e40eb06fe45ab4662a9b3edab89e1ebff226b55522f0e3b8702aa11e3227
SSDEEP

49152:VcL+sgYt+1txi8vgR85eAZXmx/e7G+EpcII6v/SvnESvRknqKwoRnsToO5S:++sJt+1eYgS5z7G+EpcIIAyQRnCns

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 5 IoCs

pid	Process
2240	EDownloader.exe
2112	InfoForSetup.exe
2756	InfoForSetup.exe
2624	AliyunWrapExe.Exe
2960	InfoForSetup.exe

Loads dropped DLL 9 IoCs

pid	Process
1576	4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe
2240	EDownloader.exe
2112	InfoForSetup.exe
2240	EDownloader.exe
2756	InfoForSetup.exe
2756	InfoForSetup.exe
2624	AliyunWrapExe.Exe
2240	EDownloader.exe
2960	InfoForSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EDownloader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfoForSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfoForSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AliyunWrapExe.Exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfoForSetup.exe

Suspicious use of WriteProcessMemory 29 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 2240	1576	4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe	31
PID 1576 wrote to memory of 2240	1576	4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe	31
PID 1576 wrote to memory of 2240	1576	4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe	31
PID 1576 wrote to memory of 2240	1576	4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe	31
PID 2240 wrote to memory of 2112	2240	EDownloader.exe	32
PID 2240 wrote to memory of 2112	2240	EDownloader.exe	32
PID 2240 wrote to memory of 2112	2240	EDownloader.exe	32
PID 2240 wrote to memory of 2112	2240	EDownloader.exe	32
PID 2240 wrote to memory of 2112	2240	EDownloader.exe	32
PID 2240 wrote to memory of 2112	2240	EDownloader.exe	32
PID 2240 wrote to memory of 2112	2240	EDownloader.exe	32
PID 2240 wrote to memory of 2756	2240	EDownloader.exe	33
PID 2240 wrote to memory of 2756	2240	EDownloader.exe	33
PID 2240 wrote to memory of 2756	2240	EDownloader.exe	33
PID 2240 wrote to memory of 2756	2240	EDownloader.exe	33
PID 2240 wrote to memory of 2756	2240	EDownloader.exe	33
PID 2240 wrote to memory of 2756	2240	EDownloader.exe	33
PID 2240 wrote to memory of 2756	2240	EDownloader.exe	33
PID 2756 wrote to memory of 2624	2756	InfoForSetup.exe	34
PID 2756 wrote to memory of 2624	2756	InfoForSetup.exe	34
PID 2756 wrote to memory of 2624	2756	InfoForSetup.exe	34
PID 2756 wrote to memory of 2624	2756	InfoForSetup.exe	34
PID 2240 wrote to memory of 2960	2240	EDownloader.exe	35
PID 2240 wrote to memory of 2960	2240	EDownloader.exe	35
PID 2240 wrote to memory of 2960	2240	EDownloader.exe	35
PID 2240 wrote to memory of 2960	2240	EDownloader.exe	35
PID 2240 wrote to memory of 2960	2240	EDownloader.exe	35
PID 2240 wrote to memory of 2960	2240	EDownloader.exe	35
PID 2240 wrote to memory of 2960	2240	EDownloader.exe	35

C:\Users\Admin\AppData\Local\Temp\4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe
"C:\Users\Admin\AppData\Local\Temp\4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\EDownloader.exe
  "C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\EDownloader.exe" EXEDIR=C:\Users\Admin\AppData\Local\Temp ||| EXENAME=4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe ||| DOWNLOAD_VERSION=free ||| PRODUCT_VERSION=2.2.0 ||| INSTALL_TYPE=0
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2240
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
    /Uid "S-1-5-21-312935884-697965778-3955649944-1000"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2112
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
    /SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"United States\",\"Pageid\":\"999999\",\"Timezone\":\"GMT-00:00\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\AliyunWrapExe.Exe
      C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\AliyunWrapExe.Exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:2624
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
    /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"2\",\"Errorinfo\":\"0\",\"PostURL\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/?exeNumber=999999&lang=English&pcVersion=home&pid=5&tid=1&version=free\",\"ResponseJson\":\"{\\"check\\":1,\\"msg\\":\\"\\u6210\\u529f\\",\\"data\\":{\\"pid\\":\\"5\\",\\"download\\":\\"https:\\/\\/d1.easeus.com\\/epm\\/free\\/epm1905_free_ob_A.exe\\",\\"download2\\":\\"https:\\/\\/d2.easeus.com\\/epm\\/free\\/epm1905_free_ob_A.exe\\",\\"download3\\":\\"https:\\/\\/d3.easeus.com\\/epm\\/free\\/epm1905_free_ob_A.exe\\",\\"version\\":\\"free\\",\\"curNum\\":\\"19.0\\",\\"testid\\":\\"\\",\\"url\\":[\\"https:\\/\\/d1.easeus.com\\/epm\\/free\\/epm_free_support_16.5.exe\\"],\\"md5\\":\\"61AF990AF299BB894326735FEA20FE0D\\",\\"tj_download\\":\\"test\\",\\"referNumber\\":\\"1000000\\",\\"killSwitch\\":\\"true\\",\\"WriteLogSwitch\\":\\"false\\",\\"configid\\":\\"\\"},\\"time\\":1726120157}\",\"Result\":\"Success\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\EasyLog.log

Filesize
1KB

MD5
7935a43090c89d88a3ae01f727980c16

SHA1
087f8a8bc1c78fc44a05dc5a8f72aea482f158c4

SHA256
47daecfadfc520b830d57fcbdeba98661bda0b477929889c6fc0c5df243b1b25

SHA512
c5356e5513c464cb948f3a7affc4941c8db9fe45d4fee36db5fd166815a2529660d434613627e72f15bdac37bc50f709d89cba94aa57ea93950b40db9827260c

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\English.ini

Filesize
3KB

MD5
58121c4a20989a3bf11109405de2bc89

SHA1
201da7d3b6a7ed61fa9deeb641835f79c0f79083

SHA256
045f4b07726466541c1007b424e26bb6ce7a994f420e311310b5e4ffe40d26f0

SHA512
31a0a49f95cce9d499b8f8da8f1e9371fbbce15847e8cefc7668bb1397c7483be0646a7f7db90a13c56394219e8322ee9ba118e3cece1dd86349c2937704ca33

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\InitConfigure.ini

Filesize
3KB

MD5
0df699b43b77adf78a2b817fe02a40cd

SHA1
956ce3569a4bd93b89b8b662259fbec21b36b64f

SHA256
471a797282cb28bc85f7dc870e5c38307e651844a9f45c4a70dc8ba91919b09a

SHA512
18e30a12b012b15cf2f5956c0a5709f1b4c8ac094f9abf49327933f4b4a4e983057ea14189e869e1eeba37a0f7a58e9490d4855a664bdf175b1f8db9ce7ad05d

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\LanguageTransfor.ini

Filesize
306B

MD5
8ebf0f0b4966feb8915100e42fa05ef8

SHA1
483f35ffa88da58f7d74ca8d89d3b5db2f7d7fc3

SHA256
e84aaaa5938f1dc9b7e420f791af443a8b876a9205d8eaf6ed0749cd09a0e840

SHA512
b0ab32a843c9df0253479abbb0799c4157e0260706823f35d73eab1f7893dd8e651cb0be8955e7c72d86ebe062aa12f651a34b79e86597d295117559cba92f33

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\AliyunConfig.ini

Filesize
1KB

MD5
5462154dee222853ca22901ce0ec3115

SHA1
4698bffeab5f5e6bf68ef3e60f24be63ea9e0ee4

SHA256
baf63f9826d1298714c9c4b82d7bd152e91efab123d96d571733d1aed3b95271

SHA512
4763f1f2945a504b678daaedf4c6fae96e7a055e1cdd17d3e12b234c57abe3eb0ade3e4a6d41d887cecb399d56d2d619e77602d6ba53444cf62b37a86fd8326b

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\AliyunConfig.ini

Filesize
1KB

MD5
23bd0f673baa974d9d564ac3b0549942

SHA1
66084cc5cbef392aa8508ed75c3137e1c6fddeac

SHA256
62749a1147a8e0f6f8c591a36491baf5294ce7c51c4d6cb917d29c946d4ef395

SHA512
df180c946067f52d422a15feca9f070786c0fec4b00172caa57b93f55b86f917e893478fbb4624dd94e1e92d78eeb0630b711fe92e49558615da0b23fc805df8

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
2KB

MD5
d76517a2bfb9bbbf8e8aebd6babc6ae6

SHA1
1aea10b8824474ff9a6d3a007b0d041149b9337b

SHA256
b28567419086688de81fafa055e3cbf078782565c5797c48c6fb962c69732df5

SHA512
51dded00a9a133d7aea3ba73099d8bfe1c008d671378bc48cb0f48f229f22b353cfc4fd03d564e06eb832da5567a1924f870e8e3166fc7456418d72e5b3c9c4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
88B

MD5
7f411750d07619f38537e7fd612b8b44

SHA1
cda241a1ce5141288582c8f0ac4850992b427bdc

SHA256
ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87

SHA512
35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
974B

MD5
236be5f395240013af091e0b2f3e3e56

SHA1
f45e12d5f189092374f9eff1fb644697c171a4c3

SHA256
722b59646cf124c3428e5854b5a3bdb6309cd5b91066cc1fe8d12e02b76c13ec

SHA512
06567b0d460d51cb42711bb8a5ddcd0f2e78799e6307877946af2c39b3c333897ce885b2498ae5d1a1c4cce76b4797d84e2d4565034201866d1bc8e473da85a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
3KB

MD5
25bcbb379c671521cf7f1e25431a540b

SHA1
3f7b10f569ee0a7d5a6bb8f6a70f6639ca384277

SHA256
76fd1efb74d0fe525bfdab16a887247a54ff3d525f995a9ec8802c4cca4e97bf

SHA512
d38cb6d031744f548295aec29bde42933457577fd61b7aa93461c52af81ca35b3fe17f1e5317bdba34e88e6d6a974693d9285bcab9c76eea25c89b52fe951f17

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\tempInfo.web

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\downloader.ico

Filesize
401KB

MD5
ea544f4b554a0f91bcae9b8792f9a086

SHA1
7bd29f63c48563e51db08c6d989e758b055fa886

SHA256
42b5eb892ad2cd5b9a735f2804a0922965ceedeae83e19078703d4122f4f56cc

SHA512
a333cab83b33d36ca7354a6b2e904b8bb8920b9184cfbba97618cd1e24643b900204cd89a14e6503ae4b75f25eda9352af0e38fba47e43a132ce376943834b17

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\skin.zip

Filesize
803KB

MD5
3d595bdc32a372eccefe8be0fb1930f3

SHA1
2ed1e85feb9fca34aeeba6d8248f5f44fcd30b55

SHA256
89802c1a5bac14faeccb0d29539a7fc17e1354148efa2cab5861b5de1f8def4b

SHA512
63b72f099909ec8a1e02565108ab806adf0da5b3cb9ea0df1a519266d2e2065cdf403b372182d1a65e0484faf1e3d7332badd96f3f07ca5920171f93ec9d7999

Download Submit
\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\EDownloader.exe

Filesize
1.2MB

MD5
75c6aa0ea529a99be1aa7a6ce1d40eb7

SHA1
90b78031df82bb75366e26c5313ed2b5f41a4dc1

SHA256
2fae081440a24194dae7aeab20612cff53f6c94e6c0d09ead3ba2cba70a87e46

SHA512
d35250868409cb1c93471af557f895eaf76c38599c28730fb7a75300175c1b78c288e259d4d0d5fe1fefadb68c1f760ca6b1c2b7860598ddc1483b303cb500a0

Download Submit
\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\AliyunWrap.dll

Filesize
499KB

MD5
04bb1a799bcdba7643201749633e8a3a

SHA1
2039c43181f4a64bef31617749b517e30dae8a17

SHA256
84beff2c37a816ad67a2a9ed6cdb61469a1bb6971d22650e6c77098ac2fc6ebc

SHA512
4118717d6460aeeed7a8fcc8e5fb07abc1e55569bf5215e4f96b6c213bee73cd53cdc93953dbc0d923b1b9ad9cbbe06da78f5378e8777708928a6ab6073aea75

Download Submit
\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\AliyunWrapExe.exe

Filesize
112KB

MD5
5d4e7b1182cf2e949223874e745e1b2a

SHA1
bca1eee3d745456f2cab6bee060e1ff01aa34b1a

SHA256
8465c20acc7934dee0c3856a665bd62670ee897d7e3f8265d6588f1279aefab6

SHA512
076db0349c321aa20cca3bee934a068ec2414d7af3dba80d18f9954d6d25b8a97fbb68c37fc7b9e9158ac6e146e35c9ada4dfe681bd5bc4abfe610ebbcb91ad3

Download Submit
\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe

Filesize
61KB

MD5
590682b853848e2119f74d9b79a079c0

SHA1
dfd265c022b769245e1217242af2f0f77cbe3432

SHA256
d824d6f746c8dfb8c5aefff3ead1b66a6d770075c7400445b4bb8b668de0ee41

SHA512
f896dad146a9939f8c65cdd932cca408c589558e7d6693dc5b25c811935ae2ed3f43acd6783aa47b83d632baa7ce9298c251e03e4132110e589ccf2bdf195bd8

Download Submit