4d1514934696d4e78db5769f4d4652dda9e025549a511669f2c1de104f360f55

Analysis

max time kernel
136s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 05:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/downloader_easeus/2.2.0/5free/EDownloader.exe
Size

1.2MB
MD5

75c6aa0ea529a99be1aa7a6ce1d40eb7
SHA1

90b78031df82bb75366e26c5313ed2b5f41a4dc1
SHA256

2fae081440a24194dae7aeab20612cff53f6c94e6c0d09ead3ba2cba70a87e46
SHA512

d35250868409cb1c93471af557f895eaf76c38599c28730fb7a75300175c1b78c288e259d4d0d5fe1fefadb68c1f760ca6b1c2b7860598ddc1483b303cb500a0
SSDEEP

24576:2s/G6GbJFLBoVs9nIDak3ri91DcSF+oYPa5crmMO4k5mBc:2WsDsbWgo/5wBvk5mBc

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfoForSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfoForSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EDownloader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfoForSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfoForSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AliyunWrapExe.Exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfoForSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfoForSetup.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 964 wrote to memory of 668	964	EDownloader.exe	83
PID 964 wrote to memory of 668	964	EDownloader.exe	83
PID 964 wrote to memory of 668	964	EDownloader.exe	83
PID 964 wrote to memory of 4316	964	EDownloader.exe	85
PID 964 wrote to memory of 4316	964	EDownloader.exe	85
PID 964 wrote to memory of 4316	964	EDownloader.exe	85
PID 4316 wrote to memory of 1968	4316	InfoForSetup.exe	86
PID 4316 wrote to memory of 1968	4316	InfoForSetup.exe	86
PID 4316 wrote to memory of 1968	4316	InfoForSetup.exe	86
PID 964 wrote to memory of 400	964	EDownloader.exe	89
PID 964 wrote to memory of 400	964	EDownloader.exe	89
PID 964 wrote to memory of 400	964	EDownloader.exe	89
PID 964 wrote to memory of 2760	964	EDownloader.exe	92
PID 964 wrote to memory of 2760	964	EDownloader.exe	92
PID 964 wrote to memory of 2760	964	EDownloader.exe	92
PID 964 wrote to memory of 4512	964	EDownloader.exe	95
PID 964 wrote to memory of 4512	964	EDownloader.exe	95
PID 964 wrote to memory of 4512	964	EDownloader.exe	95
PID 964 wrote to memory of 792	964	EDownloader.exe	96
PID 964 wrote to memory of 792	964	EDownloader.exe	96
PID 964 wrote to memory of 792	964	EDownloader.exe	96

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\EDownloader.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\EDownloader.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:964
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
  /Uid "S-1-5-21-656926755-4116854191-210765258-1000"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:668
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
  /SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"United States\",\"Pageid\":\"999999\",\"Timezone\":\"GMT-00:00\"}"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4316
- - C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\AliyunWrapExe.Exe
    C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\AliyunWrapExe.Exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1968
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
  /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"2\",\"Errorinfo\":\"4\",\"PostURL\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/?exeNumber=999999&lang=English&pcVersion=home&pid=5&tid=1&version=&tmpTime_=467\",\"ResponseJson\":\"{\\"check\\":0,\\"msg\\":\\"version\\u4e3a\\u7a7a\\",\\"time\\":1726120196}\",\"Result\":\"Failed\"}"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:400
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
  /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download2.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"1\",\"Errorinfo\":\"4\",\"PostURL\":\"http://download2.easeus.com/api2/index.php/Apicp/Drwdl202004/index/?exeNumber=999999&lang=English&pcVersion=home&pid=5&tid=1&version=&tmpTime_=169\",\"ResponseJson\":\"{\\"check\\":0,\\"msg\\":\\"version\\u4e3a\\u7a7a\\",\\"time\\":1726120197}\",\"Result\":\"Failed\"}"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2760
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
  /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download3.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"1\",\"Errorinfo\":\"4\",\"PostURL\":\"http://download3.easeus.com/api2/index.php/Apicp/Drwdl202004/index/?exeNumber=999999&lang=English&pcVersion=home&pid=5&tid=1&version=&tmpTime_=358\",\"ResponseJson\":\"{\\"check\\":0,\\"msg\\":\\"version\\u4e3a\\u7a7a\\",\\"time\\":1726120199}\",\"Result\":\"Failed\"}"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4512
- C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
  /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"1\",\"Errorinfo\":\"4\",\"PostURL\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/?exeNumber=999999&lang=English&pcVersion=home&pid=5&tid=1&version=&tmpTime_=705\",\"ResponseJson\":\"{\\"check\\":0,\\"msg\\":\\"version\\u4e3a\\u7a7a\\",\\"time\\":1726120199}\",\"Result\":\"Failed\"}"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\EasyLog.log

Filesize
3KB

MD5
45fd9562a90f0c174409f4a8fd85d7a5

SHA1
e6fbd0eacaa7905b2d77fd580830f657b17be87e

SHA256
2cd2a1493e3551c008d9b984fcda28dc711dafc86109928c6a1d984171c282f0

SHA512
25d5d108707a7920a918de879a49cdfd880921ba4b468fc329d95a9ef97bc485575f6ecac29bda3a9a03e022f90cd7cebc25b688add711fb21618e10b554c04e

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\EasyLog.log

Filesize
4KB

MD5
8a1bd6b66054dc664b945b6edb8cf1f0

SHA1
b2a29eca7795866173e51f81ec877ca37286dde8

SHA256
7c0b05779b5b3ee19650b7d29453236cf51efb41aa6ae071ad78f8cfd6958c67

SHA512
10bed5faaa4e61a6ee2f7d07ee037b659963c48abfe3edec165223e5df4e99aadcac43e89ccf43e6ce9b54ffe9d034bb0e6187d9d8e8b3c447fd7c9e28cd3607

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\EasyLog.log

Filesize
1KB

MD5
d6c4c17854af6e6806c630e081d8828d

SHA1
0ffd8a32e4c54ff622971c7a3038e17b0c525703

SHA256
c4adf978be17988f1b3f1344183c14f9ec21cafc79020495d96949d032627f29

SHA512
140e7b1194c7319b124a3f5df30f0770f59f22cca0f1655f72c7cfed6b758eee1cf1217ad2ba884fa9d5fbc6e50c535e259eb828a0cc73772d3e36215c36c090

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\EasyLog.log

Filesize
2KB

MD5
6384d65d5891e59ee4dcfb8ca5db88d6

SHA1
27ff8bb3d5692058ebd4a659c494707f05207241

SHA256
9bc4a746fd9ad389fa00220141f64f2da2ef54f43938c84b8b93256ee9e0a242

SHA512
df57efbe6076bf8da7457c755aa0ddbb830a780a15c0b5db03d80d105587225afc5f1886177bc270c849a296096ed70dc8824efb9b622b2dad343c1dfcfd6096

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\AliyunConfig.ini

Filesize
1KB

MD5
7d92c67d447c5eb590a5bdd2a340ad00

SHA1
f3f2a262b37f7df5a54a40934ea349766c6dd554

SHA256
ed8c944a8b94534dbfa09414f53b22aea8a77b99f041ccd086f73d25727ca160

SHA512
63bda30b0c6de637754738123c1621c66d565455a0c21d99dd97fc7000c5ca04fbe127c9cd44deec37bd9340fb1f9c5522d1479d513cf4d6e3c875cfda1508fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
88B

MD5
7f411750d07619f38537e7fd612b8b44

SHA1
cda241a1ce5141288582c8f0ac4850992b427bdc

SHA256
ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87

SHA512
35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
366B

MD5
9837949d33b7567e1c14dcab503a7597

SHA1
9fdc6b9453eb1fffbb65a582e8eaad177539585b

SHA256
99098f9d1229b73bcd72a9dd10bdc3382eb041bda320c138b07c537c2cfc2aff

SHA512
ca5232815782395eac6eda3d45daeaf4226ea4a9364ecb6de9fec8aadac415cdf8ca58295e3657278993afc71c86b775091a116bef55a065ecc565ff32062471

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
1KB

MD5
67ca6f53f571e331c07faca74dc6980a

SHA1
76a090c2c67b6f34350015195ab9b9d5e7c2a532

SHA256
2b3396b9b312935f5c467180be72c1932cee402e26548e42264badc11c41a26b

SHA512
8f32cc150557212961f02709d689f3fd3d986e3993a6f52c575834a04130ad167312a258fa8465b86abc0a082da19f255ef1a61bd66023a52bb3b6c930510470

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
182B

MD5
4ae2295b6e8cd1b399b0f1f3cdda4e5b

SHA1
e9c1bfb5f4bc63c747caf5bbe8cbc8b9c79669d8

SHA256
81fae7381fcab1ab232ad4c24b9aa2e96fe860271384bc3418660aeb90e926dd

SHA512
8d84024d488d291489507c388f90534c018418f6fa958fcbf1b61c10bcdf61a090993027245a34933f95d22f040566b256a51480f98979266ab2470d1f8fcb53

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
1KB

MD5
39d5c6a7f84cf687b0d60a852748e6a2

SHA1
404a7d3f485bbc8e3cb5a3b2ed4e302124555998

SHA256
40ea1ac7da62e532abd0ef128e7d112cb613f17557b54fe294b6e6ecb8fdba9b

SHA512
c82966cf38284b042fb3f42a711e2ae93ddbc26bc21d052bbf651d2876938eed68a5587ca6306cea94913ca96092156388f59680001002208d27e425c0c79adc

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
1KB

MD5
f746dd39dabfa6894309b5ea3d5600ff

SHA1
a581e02912137b8ba33907ad75cd872f7a988ff9

SHA256
1818ff530c4f93a72292197e312abeac0cba89fb10244d005a085e52e609cbef

SHA512
ec5c8c980a3b022080d3ac61b93bd3158ddca1d1547b640c417e58c3f01434ba2a93dabb4771606dcab56dee8210333167e4ea60140561d8b64b7b21a32aab87

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
974B

MD5
23d90fbe089e92a296df93f1bd8ccd82

SHA1
1b148960e58850b394eeb4c0f86508559752bc02

SHA256
f71251d19040d57b00cc67ad0680d4eb186f4b95d3ed2911d8c3d41238a4b76f

SHA512
e0641568016ed0384b76dae4d3f3a48dbdade6fb2250e85e7bc76159e3ff05b3aacd537ed6fa2feea1876bc2a7d15d63c3c6b552eb44ca6706614e36582f6ebb

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
2KB

MD5
b9c3a70b7c99bbf086d73cabeadd5984

SHA1
c6a75b56cf35415d7025dea49950d0e32b7891d1

SHA256
c6728c6dddf7127942544495d6a85d7093e97801eb6625e89f0622024157f8fb

SHA512
278de02fdf875142e1dc7b6d0dd7bdc770a87c749b2ca553c1e0d8d2763651e301712bbc25de90423b30084d2e5d344de453d3051f0c7886982b7647969f8353

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

Filesize
1KB

MD5
d9c9518a6492f237c341964939d517f8

SHA1
eea93ceb447e690bdfdfb435eb22178c4443d117

SHA256
160cb72c88ae41c0bf8be83492a2ce6765d8e1a4e3dd76c20b300e4d5d1f5d3c

SHA512
5539d5c14537af7866472663a13445bc879f32c602dc4e80feb9789aa8990c5c7e308a20d462810463ad19c8907d5df6409fd984a83fb88a79d9ac8f1a2ab3a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\tempInfo.web

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit