4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12-09-2024 05:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe
Size

2.3MB
MD5

91a21c1d08884e53cd6ddc5cb930fc49
SHA1

1ad3cc1e99573b145bc956417c26249b2041aada
SHA256

4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55
SHA512

d5fb68e5b9f045e0e775e81ec69ea58c09cb1eb2fcbca54f0395e1ce07799fe93901e40eb06fe45ab4662a9b3edab89e1ebff226b55522f0e3b8702aa11e3227
SSDEEP

49152:VcL+sgYt+1txi8vgR85eAZXmx/e7G+EpcII6v/SvnESvRknqKwoRnsToO5S:++sJt+1eYgS5z7G+EpcIIAyQRnCns

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 5 IoCs

pid	Process
1896	EDownloader.exe
3392	InfoForSetup.exe
3588	InfoForSetup.exe
1412	AliyunWrapExe.Exe
2192	InfoForSetup.exe

Loads dropped DLL 4 IoCs

pid	Process
3392	InfoForSetup.exe
3588	InfoForSetup.exe
1412	AliyunWrapExe.Exe
2192	InfoForSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EDownloader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfoForSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfoForSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AliyunWrapExe.Exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfoForSetup.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 3576 wrote to memory of 1896	3576	4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe	83
PID 3576 wrote to memory of 1896	3576	4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe	83
PID 3576 wrote to memory of 1896	3576	4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe	83
PID 1896 wrote to memory of 3392	1896	EDownloader.exe	84
PID 1896 wrote to memory of 3392	1896	EDownloader.exe	84
PID 1896 wrote to memory of 3392	1896	EDownloader.exe	84
PID 1896 wrote to memory of 3588	1896	EDownloader.exe	86
PID 1896 wrote to memory of 3588	1896	EDownloader.exe	86
PID 1896 wrote to memory of 3588	1896	EDownloader.exe	86
PID 3588 wrote to memory of 1412	3588	InfoForSetup.exe	88
PID 3588 wrote to memory of 1412	3588	InfoForSetup.exe	88
PID 3588 wrote to memory of 1412	3588	InfoForSetup.exe	88
PID 1896 wrote to memory of 2192	1896	EDownloader.exe	90
PID 1896 wrote to memory of 2192	1896	EDownloader.exe	90
PID 1896 wrote to memory of 2192	1896	EDownloader.exe	90

C:\Users\Admin\AppData\Local\Temp\4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe
"C:\Users\Admin\AppData\Local\Temp\4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3576
- C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\EDownloader.exe
  "C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\EDownloader.exe" EXEDIR=C:\Users\Admin\AppData\Local\Temp ||| EXENAME=4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55.exe ||| DOWNLOAD_VERSION=free ||| PRODUCT_VERSION=2.2.0 ||| INSTALL_TYPE=0
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1896
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
    /Uid "S-1-5-21-2412658365-3084825385-3340777666-1000"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:3392
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
    /SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"United States\",\"Pageid\":\"999999\",\"Timezone\":\"GMT-00:00\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\AliyunWrapExe.Exe
      C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\AliyunWrapExe.Exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1412
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
    /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"1\",\"Errorinfo\":\"0\",\"PostURL\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/?exeNumber=999999&lang=English&pcVersion=home&pid=5&tid=1&version=free\",\"ResponseJson\":\"{\\"check\\":1,\\"msg\\":\\"\\u6210\\u529f\\",\\"data\\":{\\"pid\\":\\"5\\",\\"download\\":\\"https:\\/\\/d1.easeus.com\\/epm\\/free\\/epm1905_free_ob_B.exe\\",\\"download2\\":\\"https:\\/\\/d2.easeus.com\\/epm\\/free\\/epm1905_free_ob_B.exe\\",\\"download3\\":\\"https:\\/\\/d3.easeus.com\\/epm\\/free\\/epm1905_free_ob_B.exe\\",\\"version\\":\\"free\\",\\"curNum\\":\\"19.0\\",\\"testid\\":\\"\\",\\"url\\":[\\"https:\\/\\/d1.easeus.com\\/epm\\/free\\/epm_free_support_16.5.exe\\"],\\"md5\\":\\"1269307B78A11E42C183D4963AF49C9F\\",\\"tj_download\\":\\"test\\",\\"referNumber\\":\\"1000000\\",\\"killSwitch\\":\\"true\\",\\"WriteLogSwitch\\":\\"false\\",\\"configid\\":\\"\\"},\\"time\\":1726120196}\",\"Result\":\"Success\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\EDownloader.exe

Filesize
1.2MB

MD5
75c6aa0ea529a99be1aa7a6ce1d40eb7

SHA1
90b78031df82bb75366e26c5313ed2b5f41a4dc1

SHA256
2fae081440a24194dae7aeab20612cff53f6c94e6c0d09ead3ba2cba70a87e46

SHA512
d35250868409cb1c93471af557f895eaf76c38599c28730fb7a75300175c1b78c288e259d4d0d5fe1fefadb68c1f760ca6b1c2b7860598ddc1483b303cb500a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\English.ini

Filesize
3KB

MD5
58121c4a20989a3bf11109405de2bc89

SHA1
201da7d3b6a7ed61fa9deeb641835f79c0f79083

SHA256
045f4b07726466541c1007b424e26bb6ce7a994f420e311310b5e4ffe40d26f0

SHA512
31a0a49f95cce9d499b8f8da8f1e9371fbbce15847e8cefc7668bb1397c7483be0646a7f7db90a13c56394219e8322ee9ba118e3cece1dd86349c2937704ca33

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\InitConfigure.ini

Filesize
3KB

MD5
0df699b43b77adf78a2b817fe02a40cd

SHA1
956ce3569a4bd93b89b8b662259fbec21b36b64f

SHA256
471a797282cb28bc85f7dc870e5c38307e651844a9f45c4a70dc8ba91919b09a

SHA512
18e30a12b012b15cf2f5956c0a5709f1b4c8ac094f9abf49327933f4b4a4e983057ea14189e869e1eeba37a0f7a58e9490d4855a664bdf175b1f8db9ce7ad05d

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\LanguageTransfor.ini

Filesize
306B

MD5
8ebf0f0b4966feb8915100e42fa05ef8

SHA1
483f35ffa88da58f7d74ca8d89d3b5db2f7d7fc3

SHA256
e84aaaa5938f1dc9b7e420f791af443a8b876a9205d8eaf6ed0749cd09a0e840

SHA512
b0ab32a843c9df0253479abbb0799c4157e0260706823f35d73eab1f7893dd8e651cb0be8955e7c72d86ebe062aa12f651a34b79e86597d295117559cba92f33

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\AliyunConfig.ini

Filesize
1KB

MD5
bf14b3bf5f33271c014d82ba6b125380

SHA1
3bc7fd747bc19c28bf955a5e9969a81e2806c61f

SHA256
73bcebf2fa2ca340b215e9cbc2ddc580f338c8da114c3ae7d57348ed0200685f

SHA512
36c9329fc7b525e50607495bf9bfa9a93ab34d5cd685cf129fe3ffa5190fefa1dcc593bed4d2e66453e3955ae03c88d683b3972ae11d631944b3e373542d3f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\AliyunWrap.DLL

Filesize
499KB

MD5
04bb1a799bcdba7643201749633e8a3a

SHA1
2039c43181f4a64bef31617749b517e30dae8a17

SHA256
84beff2c37a816ad67a2a9ed6cdb61469a1bb6971d22650e6c77098ac2fc6ebc

SHA512
4118717d6460aeeed7a8fcc8e5fb07abc1e55569bf5215e4f96b6c213bee73cd53cdc93953dbc0d923b1b9ad9cbbe06da78f5378e8777708928a6ab6073aea75

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\AliyunWrapExe.exe

Filesize
112KB

MD5
5d4e7b1182cf2e949223874e745e1b2a

SHA1
bca1eee3d745456f2cab6bee060e1ff01aa34b1a

SHA256
8465c20acc7934dee0c3856a665bd62670ee897d7e3f8265d6588f1279aefab6

SHA512
076db0349c321aa20cca3bee934a068ec2414d7af3dba80d18f9954d6d25b8a97fbb68c37fc7b9e9158ac6e146e35c9ada4dfe681bd5bc4abfe610ebbcb91ad3

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
3KB

MD5
47c789f4e5b86d6b0f5249d287b7db21

SHA1
5d41bd34474fac78a2166d3eef294d3bb62a6deb

SHA256
4e4887ebb4455ada0f8cfb87e331671bd9d11909971b4eadbe9a96260f422a28

SHA512
bc3eff55c4b1f310ac3de75ecd849ea08ea4974d5505982d5884066a1d04d973c55872caef3f348391cc4c1014d5679e550aece42a6396298d57a8a4be8fc234

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
2KB

MD5
f667f36a05af96b797e92e4a9ad90f63

SHA1
c77a369b3775eb3c179939b8be8c05bf96af8669

SHA256
a2821f73dd51d647e308f7a4079092f31c70bb60dbe6e0c0888ae801918a36d0

SHA512
1c6a28c756aa48abb11de11f2066c87209028a198166c7dc0fcfc061a5362e8c5d70c9205a0bf3971383c384bd413b6d25070facbffdbcdda1273501f3ff7789

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
88B

MD5
7f411750d07619f38537e7fd612b8b44

SHA1
cda241a1ce5141288582c8f0ac4850992b427bdc

SHA256
ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87

SHA512
35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
982B

MD5
a0cc413eab20b775d57e6646477885fc

SHA1
e1068778bb1c3c3190e43f330627edc8f6fa057a

SHA256
b75681164abc0164dabc0b01166b0a8fdcb7549f70a87d3686b7df985e861ddf

SHA512
ffbf488174b3a6a777851cc1863d7ab5be01ba1222f693f57ba90beefee2aa718076684a88a2933d194f0fdedc966663e7d5c22ab1cf942ff6ecadfb4866ac7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe

Filesize
61KB

MD5
590682b853848e2119f74d9b79a079c0

SHA1
dfd265c022b769245e1217242af2f0f77cbe3432

SHA256
d824d6f746c8dfb8c5aefff3ead1b66a6d770075c7400445b4bb8b668de0ee41

SHA512
f896dad146a9939f8c65cdd932cca408c589558e7d6693dc5b25c811935ae2ed3f43acd6783aa47b83d632baa7ce9298c251e03e4132110e589ccf2bdf195bd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\aliyun\tempInfo.web

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\downloader.ico

Filesize
401KB

MD5
ea544f4b554a0f91bcae9b8792f9a086

SHA1
7bd29f63c48563e51db08c6d989e758b055fa886

SHA256
42b5eb892ad2cd5b9a735f2804a0922965ceedeae83e19078703d4122f4f56cc

SHA512
a333cab83b33d36ca7354a6b2e904b8bb8920b9184cfbba97618cd1e24643b900204cd89a14e6503ae4b75f25eda9352af0e38fba47e43a132ce376943834b17

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.2.0\5free\skin.zip

Filesize
803KB

MD5
3d595bdc32a372eccefe8be0fb1930f3

SHA1
2ed1e85feb9fca34aeeba6d8248f5f44fcd30b55

SHA256
89802c1a5bac14faeccb0d29539a7fc17e1354148efa2cab5861b5de1f8def4b

SHA512
63b72f099909ec8a1e02565108ab806adf0da5b3cb9ea0df1a519266d2e2065cdf403b372182d1a65e0484faf1e3d7332badd96f3f07ca5920171f93ec9d7999

Download Submit