4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12-09-2024 05:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe
Size

2.3MB
MD5

91a21c1d08884e53cd6ddc5cb930fc49
SHA1

1ad3cc1e99573b145bc956417c26249b2041aada
SHA256

4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55
SHA512

d5fb68e5b9f045e0e775e81ec69ea58c09cb1eb2fcbca54f0395e1ce07799fe93901e40eb06fe45ab4662a9b3edab89e1ebff226b55522f0e3b8702aa11e3227
SSDEEP

49152:VcL+sgYt+1txi8vgR85eAZXmx/e7G+EpcII6v/SvnESvRknqKwoRnsToO5S:++sJt+1eYgS5z7G+EpcIIAyQRnCns

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 5 IoCs

pid	Process
3600	EDownloader.exe
1716	InfoForSetup.exe
3052	InfoForSetup.exe
4336	AliyunWrapExe.Exe
4804	InfoForSetup.exe

Loads dropped DLL 4 IoCs

pid	Process
1716	InfoForSetup.exe
3052	InfoForSetup.exe
4336	AliyunWrapExe.Exe
4804	InfoForSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EDownloader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfoForSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfoForSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AliyunWrapExe.Exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfoForSetup.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 3600	1576	4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe	84
PID 1576 wrote to memory of 3600	1576	4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe	84
PID 1576 wrote to memory of 3600	1576	4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe	84
PID 3600 wrote to memory of 1716	3600	EDownloader.exe	85
PID 3600 wrote to memory of 1716	3600	EDownloader.exe	85
PID 3600 wrote to memory of 1716	3600	EDownloader.exe	85
PID 3600 wrote to memory of 3052	3600	EDownloader.exe	87
PID 3600 wrote to memory of 3052	3600	EDownloader.exe	87
PID 3600 wrote to memory of 3052	3600	EDownloader.exe	87
PID 3052 wrote to memory of 4336	3052	InfoForSetup.exe	88
PID 3052 wrote to memory of 4336	3052	InfoForSetup.exe	88
PID 3052 wrote to memory of 4336	3052	InfoForSetup.exe	88
PID 3600 wrote to memory of 4804	3600	EDownloader.exe	92
PID 3600 wrote to memory of 4804	3600	EDownloader.exe	92
PID 3600 wrote to memory of 4804	3600	EDownloader.exe	92

C:\Users\Admin\AppData\Local\Temp\4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe
"C:\Users\Admin\AppData\Local\Temp\4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\EDownloader.exe
  "C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\EDownloader.exe" EXEDIR=C:\Users\Admin\AppData\Local\Temp ||| EXENAME=4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe ||| DOWNLOAD_VERSION=free ||| PRODUCT_VERSION=2.2.0 ||| INSTALL_TYPE=0
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3600
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
    /Uid "S-1-5-21-945322488-2060912225-3527527000-1000"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1716
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
    /SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"United States\",\"Pageid\":\"999999\",\"Timezone\":\"GMT-00:00\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\AliyunWrapExe.Exe
      C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\AliyunWrapExe.Exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:4336
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
    /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"1\",\"Errorinfo\":\"0\",\"PostURL\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/?exeNumber=999999&lang=English&pcVersion=home&pid=5&tid=1&version=free\",\"ResponseJson\":\"{\\"check\\":1,\\"msg\\":\\"\\u6210\\u529f\\",\\"data\\":{\\"pid\\":\\"5\\",\\"download\\":\\"https:\\/\\/d1.easeus.com\\/epm\\/free\\/epm1905_free_ob_B.exe\\",\\"download2\\":\\"https:\\/\\/d2.easeus.com\\/epm\\/free\\/epm1905_free_ob_B.exe\\",\\"download3\\":\\"https:\\/\\/d3.easeus.com\\/epm\\/free\\/epm1905_free_ob_B.exe\\",\\"version\\":\\"free\\",\\"curNum\\":\\"19.0\\",\\"testid\\":\\"\\",\\"url\\":[\\"https:\\/\\/d1.easeus.com\\/epm\\/free\\/epm_free_support_16.5.exe\\"],\\"md5\\":\\"1269307B78A11E42C183D4963AF49C9F\\",\\"tj_download\\":\\"test\\",\\"referNumber\\":\\"1000000\\",\\"killSwitch\\":\\"true\\",\\"WriteLogSwitch\\":\\"false\\",\\"configid\\":\\"\\"},\\"time\\":1726120158}\",\"Result\":\"Success\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:4804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\EDownloader.exe

Filesize
1.2MB

MD5
75c6aa0ea529a99be1aa7a6ce1d40eb7

SHA1
90b78031df82bb75366e26c5313ed2b5f41a4dc1

SHA256
2fae081440a24194dae7aeab20612cff53f6c94e6c0d09ead3ba2cba70a87e46

SHA512
d35250868409cb1c93471af557f895eaf76c38599c28730fb7a75300175c1b78c288e259d4d0d5fe1fefadb68c1f760ca6b1c2b7860598ddc1483b303cb500a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\English.ini

Filesize
3KB

MD5
58121c4a20989a3bf11109405de2bc89

SHA1
201da7d3b6a7ed61fa9deeb641835f79c0f79083

SHA256
045f4b07726466541c1007b424e26bb6ce7a994f420e311310b5e4ffe40d26f0

SHA512
31a0a49f95cce9d499b8f8da8f1e9371fbbce15847e8cefc7668bb1397c7483be0646a7f7db90a13c56394219e8322ee9ba118e3cece1dd86349c2937704ca33

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\InitConfigure.ini

Filesize
3KB

MD5
0df699b43b77adf78a2b817fe02a40cd

SHA1
956ce3569a4bd93b89b8b662259fbec21b36b64f

SHA256
471a797282cb28bc85f7dc870e5c38307e651844a9f45c4a70dc8ba91919b09a

SHA512
18e30a12b012b15cf2f5956c0a5709f1b4c8ac094f9abf49327933f4b4a4e983057ea14189e869e1eeba37a0f7a58e9490d4855a664bdf175b1f8db9ce7ad05d

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\LanguageTransfor.ini

Filesize
306B

MD5
8ebf0f0b4966feb8915100e42fa05ef8

SHA1
483f35ffa88da58f7d74ca8d89d3b5db2f7d7fc3

SHA256
e84aaaa5938f1dc9b7e420f791af443a8b876a9205d8eaf6ed0749cd09a0e840

SHA512
b0ab32a843c9df0253479abbb0799c4157e0260706823f35d73eab1f7893dd8e651cb0be8955e7c72d86ebe062aa12f651a34b79e86597d295117559cba92f33

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\AliyunConfig.ini

Filesize
1KB

MD5
5462154dee222853ca22901ce0ec3115

SHA1
4698bffeab5f5e6bf68ef3e60f24be63ea9e0ee4

SHA256
baf63f9826d1298714c9c4b82d7bd152e91efab123d96d571733d1aed3b95271

SHA512
4763f1f2945a504b678daaedf4c6fae96e7a055e1cdd17d3e12b234c57abe3eb0ade3e4a6d41d887cecb399d56d2d619e77602d6ba53444cf62b37a86fd8326b

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\AliyunConfig.ini

Filesize
1KB

MD5
a5d32522eba3962cb35ee90620fd5f49

SHA1
719848a8b96a5f5a773c408e3b922fa0ba41ff93

SHA256
37f2b06a6f5d50c08eaa9d1fa0e02bb9099760a94292f842bba5a5fe8a7836e5

SHA512
fc91c6489c2b7631423af270c5fdd478cbc92453565b38a2f0484abe4ceeef83719955b881a85da3b23530da44bc11bc7bd5e1009ec15ea149f1620881d6043e

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\AliyunWrap.DLL

Filesize
499KB

MD5
04bb1a799bcdba7643201749633e8a3a

SHA1
2039c43181f4a64bef31617749b517e30dae8a17

SHA256
84beff2c37a816ad67a2a9ed6cdb61469a1bb6971d22650e6c77098ac2fc6ebc

SHA512
4118717d6460aeeed7a8fcc8e5fb07abc1e55569bf5215e4f96b6c213bee73cd53cdc93953dbc0d923b1b9ad9cbbe06da78f5378e8777708928a6ab6073aea75

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\AliyunWrapExe.exe

Filesize
112KB

MD5
5d4e7b1182cf2e949223874e745e1b2a

SHA1
bca1eee3d745456f2cab6bee060e1ff01aa34b1a

SHA256
8465c20acc7934dee0c3856a665bd62670ee897d7e3f8265d6588f1279aefab6

SHA512
076db0349c321aa20cca3bee934a068ec2414d7af3dba80d18f9954d6d25b8a97fbb68c37fc7b9e9158ac6e146e35c9ada4dfe681bd5bc4abfe610ebbcb91ad3

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
2KB

MD5
fcba7a310fcf6989d3e94301c8887025

SHA1
9f42739fef876885188d40b7239156cf3dd7635c

SHA256
d0e7f44cebad0097abc930290c616a37d842292287ad16d99a46ad13127394a4

SHA512
d709b1e4a1bc9917f9fca0d0034991a061ba3fb756a3373b2f70ae13552ac30c8b7568cdd9fa558b1f56dd9abaccdc71076fb109b4be4d07efece766c3db2c98

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
88B

MD5
7f411750d07619f38537e7fd612b8b44

SHA1
cda241a1ce5141288582c8f0ac4850992b427bdc

SHA256
ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87

SHA512
35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
978B

MD5
b6c049c4d5b82737a37348e7bb06f036

SHA1
8e00e6cf88b65c2ca013eabc8187ee0c8b6a2703

SHA256
94e744b0f32b724e40ece6d2e1dbbe340b135e827f0ba06d88db7f3cad037458

SHA512
e94c03e1bae2542bd1c403daa3d6fb3afba50aff5d553fd789e52db263c4942797e29e403624e539b633450252e0efa622d3d5ff5991e897ed9febdb0932ddb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
3KB

MD5
efd72cc519d4162b1f5b89eb1255d63a

SHA1
852868537c702019e160e6dbbcaefe15ae287573

SHA256
98ad4c1feb8f85e8397ee2e1d3f3df4295824be640cb8ca45f807e942d1db9f9

SHA512
d39d83b87f142a710fa4047f718c2e2ddf801455a9a5f76f9694dde65795b8746c2410d7627de147e4525bcba71e371b8f9a61d6a0447bd7171f8f3751c13233

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe

Filesize
61KB

MD5
590682b853848e2119f74d9b79a079c0

SHA1
dfd265c022b769245e1217242af2f0f77cbe3432

SHA256
d824d6f746c8dfb8c5aefff3ead1b66a6d770075c7400445b4bb8b668de0ee41

SHA512
f896dad146a9939f8c65cdd932cca408c589558e7d6693dc5b25c811935ae2ed3f43acd6783aa47b83d632baa7ce9298c251e03e4132110e589ccf2bdf195bd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\tempInfo.web

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\downloader.ico

Filesize
401KB

MD5
ea544f4b554a0f91bcae9b8792f9a086

SHA1
7bd29f63c48563e51db08c6d989e758b055fa886

SHA256
42b5eb892ad2cd5b9a735f2804a0922965ceedeae83e19078703d4122f4f56cc

SHA512
a333cab83b33d36ca7354a6b2e904b8bb8920b9184cfbba97618cd1e24643b900204cd89a14e6503ae4b75f25eda9352af0e38fba47e43a132ce376943834b17

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\skin.zip

Filesize
803KB

MD5
3d595bdc32a372eccefe8be0fb1930f3

SHA1
2ed1e85feb9fca34aeeba6d8248f5f44fcd30b55

SHA256
89802c1a5bac14faeccb0d29539a7fc17e1354148efa2cab5861b5de1f8def4b

SHA512
63b72f099909ec8a1e02565108ab806adf0da5b3cb9ea0df1a519266d2e2065cdf403b372182d1a65e0484faf1e3d7332badd96f3f07ca5920171f93ec9d7999

Download Submit