4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55

Analysis

max time kernel
142s
max time network
151s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-09-2024 05:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe
Size

2.3MB
MD5

91a21c1d08884e53cd6ddc5cb930fc49
SHA1

1ad3cc1e99573b145bc956417c26249b2041aada
SHA256

4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55
SHA512

d5fb68e5b9f045e0e775e81ec69ea58c09cb1eb2fcbca54f0395e1ce07799fe93901e40eb06fe45ab4662a9b3edab89e1ebff226b55522f0e3b8702aa11e3227
SSDEEP

49152:VcL+sgYt+1txi8vgR85eAZXmx/e7G+EpcII6v/SvnESvRknqKwoRnsToO5S:++sJt+1eYgS5z7G+EpcIIAyQRnCns

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 5 IoCs

pid	Process
2592	EDownloader.exe
2772	InfoForSetup.exe
2632	InfoForSetup.exe
1796	AliyunWrapExe.Exe
1732	InfoForSetup.exe

Loads dropped DLL 9 IoCs

pid	Process
2656	4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe
2592	EDownloader.exe
2772	InfoForSetup.exe
2592	EDownloader.exe
2632	InfoForSetup.exe
2632	InfoForSetup.exe
1796	AliyunWrapExe.Exe
2592	EDownloader.exe
1732	InfoForSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EDownloader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfoForSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfoForSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AliyunWrapExe.Exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfoForSetup.exe

Suspicious use of WriteProcessMemory 29 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 2592	2656	4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe	30
PID 2656 wrote to memory of 2592	2656	4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe	30
PID 2656 wrote to memory of 2592	2656	4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe	30
PID 2656 wrote to memory of 2592	2656	4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe	30
PID 2592 wrote to memory of 2772	2592	EDownloader.exe	31
PID 2592 wrote to memory of 2772	2592	EDownloader.exe	31
PID 2592 wrote to memory of 2772	2592	EDownloader.exe	31
PID 2592 wrote to memory of 2772	2592	EDownloader.exe	31
PID 2592 wrote to memory of 2772	2592	EDownloader.exe	31
PID 2592 wrote to memory of 2772	2592	EDownloader.exe	31
PID 2592 wrote to memory of 2772	2592	EDownloader.exe	31
PID 2592 wrote to memory of 2632	2592	EDownloader.exe	32
PID 2592 wrote to memory of 2632	2592	EDownloader.exe	32
PID 2592 wrote to memory of 2632	2592	EDownloader.exe	32
PID 2592 wrote to memory of 2632	2592	EDownloader.exe	32
PID 2592 wrote to memory of 2632	2592	EDownloader.exe	32
PID 2592 wrote to memory of 2632	2592	EDownloader.exe	32
PID 2592 wrote to memory of 2632	2592	EDownloader.exe	32
PID 2632 wrote to memory of 1796	2632	InfoForSetup.exe	33
PID 2632 wrote to memory of 1796	2632	InfoForSetup.exe	33
PID 2632 wrote to memory of 1796	2632	InfoForSetup.exe	33
PID 2632 wrote to memory of 1796	2632	InfoForSetup.exe	33
PID 2592 wrote to memory of 1732	2592	EDownloader.exe	34
PID 2592 wrote to memory of 1732	2592	EDownloader.exe	34
PID 2592 wrote to memory of 1732	2592	EDownloader.exe	34
PID 2592 wrote to memory of 1732	2592	EDownloader.exe	34
PID 2592 wrote to memory of 1732	2592	EDownloader.exe	34
PID 2592 wrote to memory of 1732	2592	EDownloader.exe	34
PID 2592 wrote to memory of 1732	2592	EDownloader.exe	34

C:\Users\Admin\AppData\Local\Temp\4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe
"C:\Users\Admin\AppData\Local\Temp\4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\EDownloader.exe
  "C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\EDownloader.exe" EXEDIR=C:\Users\Admin\AppData\Local\Temp ||| EXENAME=4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe ||| DOWNLOAD_VERSION=free ||| PRODUCT_VERSION=2.2.0 ||| INSTALL_TYPE=0
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2592
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
    /Uid "S-1-5-21-457978338-2990298471-2379561640-1000"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2772
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
    /SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"United States\",\"Pageid\":\"999999\",\"Timezone\":\"GMT-00:00\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\AliyunWrapExe.Exe
      C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\AliyunWrapExe.Exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1796
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
    /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"1\",\"Errorinfo\":\"0\",\"PostURL\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/?exeNumber=999999&lang=English&pcVersion=home&pid=5&tid=1&version=free\",\"ResponseJson\":\"{\\"check\\":1,\\"msg\\":\\"\\u6210\\u529f\\",\\"data\\":{\\"pid\\":\\"5\\",\\"download\\":\\"https:\\/\\/d1.easeus.com\\/epm\\/free\\/epm1905_free_ob_B.exe\\",\\"download2\\":\\"https:\\/\\/d2.easeus.com\\/epm\\/free\\/epm1905_free_ob_B.exe\\",\\"download3\\":\\"https:\\/\\/d3.easeus.com\\/epm\\/free\\/epm1905_free_ob_B.exe\\",\\"version\\":\\"free\\",\\"curNum\\":\\"19.0\\",\\"testid\\":\\"\\",\\"url\\":[\\"https:\\/\\/d1.easeus.com\\/epm\\/free\\/epm_free_support_16.5.exe\\"],\\"md5\\":\\"1269307B78A11E42C183D4963AF49C9F\\",\\"tj_download\\":\\"test\\",\\"referNumber\\":\\"1000000\\",\\"killSwitch\\":\\"true\\",\\"WriteLogSwitch\\":\\"false\\",\\"configid\\":\\"\\"},\\"time\\":1726120200}\",\"Result\":\"Success\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\EasyLog.log

Filesize
1KB

MD5
35dae0dd61f572373aac10c6b24f8aab

SHA1
a0062deec3e1bb54dabb7105460aab95e56ea609

SHA256
08989e773e1456b6b96712bb923fb95cad384fd2df8e8245f0cc9d08ed971bb9

SHA512
4d16192b74b976849eeb3a1abf556ccb803d56bfaa62b5744299388fda837db7ee94e6888f94eea84deafab50243f5d37ed626e1d6033f816d968a81a5b90ab1

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\English.ini

Filesize
3KB

MD5
58121c4a20989a3bf11109405de2bc89

SHA1
201da7d3b6a7ed61fa9deeb641835f79c0f79083

SHA256
045f4b07726466541c1007b424e26bb6ce7a994f420e311310b5e4ffe40d26f0

SHA512
31a0a49f95cce9d499b8f8da8f1e9371fbbce15847e8cefc7668bb1397c7483be0646a7f7db90a13c56394219e8322ee9ba118e3cece1dd86349c2937704ca33

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\InitConfigure.ini

Filesize
3KB

MD5
0df699b43b77adf78a2b817fe02a40cd

SHA1
956ce3569a4bd93b89b8b662259fbec21b36b64f

SHA256
471a797282cb28bc85f7dc870e5c38307e651844a9f45c4a70dc8ba91919b09a

SHA512
18e30a12b012b15cf2f5956c0a5709f1b4c8ac094f9abf49327933f4b4a4e983057ea14189e869e1eeba37a0f7a58e9490d4855a664bdf175b1f8db9ce7ad05d

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\LanguageTransfor.ini

Filesize
306B

MD5
8ebf0f0b4966feb8915100e42fa05ef8

SHA1
483f35ffa88da58f7d74ca8d89d3b5db2f7d7fc3

SHA256
e84aaaa5938f1dc9b7e420f791af443a8b876a9205d8eaf6ed0749cd09a0e840

SHA512
b0ab32a843c9df0253479abbb0799c4157e0260706823f35d73eab1f7893dd8e651cb0be8955e7c72d86ebe062aa12f651a34b79e86597d295117559cba92f33

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\AliyunConfig.ini

Filesize
1KB

MD5
5f27dcec270704bc9a0b75af2683f504

SHA1
f29e098a45126c14ac48bbceb1e35f906a43a812

SHA256
d048b2c92d6e5ad07b6725a5643984a90fb22bc506e82f0fc76e89ace3e1cbe7

SHA512
f6c24550421ffdd9b027a5c35de59032c8b79b34e3ca548bb9d49e4e5d49d2b67fcc957a22084ad37887aee4c2aeaad8d0d84412d116818d33c19fee8092a8f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\AliyunWrapExe.exe

Filesize
112KB

MD5
5d4e7b1182cf2e949223874e745e1b2a

SHA1
bca1eee3d745456f2cab6bee060e1ff01aa34b1a

SHA256
8465c20acc7934dee0c3856a665bd62670ee897d7e3f8265d6588f1279aefab6

SHA512
076db0349c321aa20cca3bee934a068ec2414d7af3dba80d18f9954d6d25b8a97fbb68c37fc7b9e9158ac6e146e35c9ada4dfe681bd5bc4abfe610ebbcb91ad3

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
2KB

MD5
aa6f3e6ac6470595b470eeaf913bd27c

SHA1
321607c3b6588cba3144371a74454c7fb3fa6577

SHA256
d40f186207e981375ed722e0ecf3d65e8b4717869b3f243507336eaa67ffb44f

SHA512
e1d28108f073ded5ee2100293adc8a3facf9eb613925f4395edc7f321f140ed78dfad1c97e3a92945f063b4cfdf0d0c0887758dac665356d25a4d9ae29304e96

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
88B

MD5
7f411750d07619f38537e7fd612b8b44

SHA1
cda241a1ce5141288582c8f0ac4850992b427bdc

SHA256
ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87

SHA512
35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
978B

MD5
c03fe1f6bae181f9edd0282b0e7f5547

SHA1
5d31901a2176d3577f855b7c8f57e7b361ac25db

SHA256
3086175388df8d6ab9ce8f592b6153a5037b92a09b00a53b734e566e846970e7

SHA512
30dfa24d8753f4ccfe3735dc279721dc42084af994a1d66f6eb255369f58245611dc7c7a3bfd4b04c483c45fcfd20be1406c2e5142ab78b6aa9557d5a26b8293

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe

Filesize
61KB

MD5
590682b853848e2119f74d9b79a079c0

SHA1
dfd265c022b769245e1217242af2f0f77cbe3432

SHA256
d824d6f746c8dfb8c5aefff3ead1b66a6d770075c7400445b4bb8b668de0ee41

SHA512
f896dad146a9939f8c65cdd932cca408c589558e7d6693dc5b25c811935ae2ed3f43acd6783aa47b83d632baa7ce9298c251e03e4132110e589ccf2bdf195bd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\tempInfo.web

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\downloader.ico

Filesize
401KB

MD5
ea544f4b554a0f91bcae9b8792f9a086

SHA1
7bd29f63c48563e51db08c6d989e758b055fa886

SHA256
42b5eb892ad2cd5b9a735f2804a0922965ceedeae83e19078703d4122f4f56cc

SHA512
a333cab83b33d36ca7354a6b2e904b8bb8920b9184cfbba97618cd1e24643b900204cd89a14e6503ae4b75f25eda9352af0e38fba47e43a132ce376943834b17

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\skin.zip

Filesize
803KB

MD5
3d595bdc32a372eccefe8be0fb1930f3

SHA1
2ed1e85feb9fca34aeeba6d8248f5f44fcd30b55

SHA256
89802c1a5bac14faeccb0d29539a7fc17e1354148efa2cab5861b5de1f8def4b

SHA512
63b72f099909ec8a1e02565108ab806adf0da5b3cb9ea0df1a519266d2e2065cdf403b372182d1a65e0484faf1e3d7332badd96f3f07ca5920171f93ec9d7999

Download Submit
\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\EDownloader.exe

Filesize
1.2MB

MD5
75c6aa0ea529a99be1aa7a6ce1d40eb7

SHA1
90b78031df82bb75366e26c5313ed2b5f41a4dc1

SHA256
2fae081440a24194dae7aeab20612cff53f6c94e6c0d09ead3ba2cba70a87e46

SHA512
d35250868409cb1c93471af557f895eaf76c38599c28730fb7a75300175c1b78c288e259d4d0d5fe1fefadb68c1f760ca6b1c2b7860598ddc1483b303cb500a0

Download Submit
\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\AliyunWrap.dll

Filesize
499KB

MD5
04bb1a799bcdba7643201749633e8a3a

SHA1
2039c43181f4a64bef31617749b517e30dae8a17

SHA256
84beff2c37a816ad67a2a9ed6cdb61469a1bb6971d22650e6c77098ac2fc6ebc

SHA512
4118717d6460aeeed7a8fcc8e5fb07abc1e55569bf5215e4f96b6c213bee73cd53cdc93953dbc0d923b1b9ad9cbbe06da78f5378e8777708928a6ab6073aea75

Download Submit