8e60a1e2e06869d435215f12e4c38ac9b7104563a64360fba4def63eef53acf9

Resubmissions

15-09-2024 13:37

240915-qwsazswapd 6

15-09-2024 13:33

240915-qt2fwavhrh 6

Analysis

max time kernel
140s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-09-2024 13:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

drw_tr_installer.17264071725130b1433.exe
Size

2.7MB
MD5

4cb4b49f70950e4a4530d532da48b4da
SHA1

8b5d9800fcb90b7d191d91f7db07c39ac349f573
SHA256

8e60a1e2e06869d435215f12e4c38ac9b7104563a64360fba4def63eef53acf9
SHA512

2f9697c89dd700fc198a6d7171d9bf7598418a0fc764b64d37f8192628a02b21ec4fc631e276e068a057862837992f25e85f513f02f7e2346c94a7f4332fd0b8
SSDEEP

49152:Q/ELNfyqhSSo9EJ3oXvjExZB/Jaq5OZzpaAjQwaRSDjRlVuB7nDpORDKn9:tLNfysoaJ3oXvjy/JCPa+1aKOpqDKn9

Score

4^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
3260	EDownloader.exe
2032	InfoForSetup.exe
4292	InfoForSetup.exe
716	AliyunWrapExe.Exe

Loads dropped DLL 6 IoCs

pid	Process
2032	InfoForSetup.exe
2032	InfoForSetup.exe
4292	InfoForSetup.exe
4292	InfoForSetup.exe
716	AliyunWrapExe.Exe
716	AliyunWrapExe.Exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	drw_tr_installer.17264071725130b1433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EDownloader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfoForSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfoForSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AliyunWrapExe.Exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3260	EDownloader.exe
3260	EDownloader.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3628 wrote to memory of 3260	3628	drw_tr_installer.17264071725130b1433.exe	82
PID 3628 wrote to memory of 3260	3628	drw_tr_installer.17264071725130b1433.exe	82
PID 3628 wrote to memory of 3260	3628	drw_tr_installer.17264071725130b1433.exe	82
PID 3260 wrote to memory of 2032	3260	EDownloader.exe	83
PID 3260 wrote to memory of 2032	3260	EDownloader.exe	83
PID 3260 wrote to memory of 2032	3260	EDownloader.exe	83
PID 3260 wrote to memory of 4292	3260	EDownloader.exe	84
PID 3260 wrote to memory of 4292	3260	EDownloader.exe	84
PID 3260 wrote to memory of 4292	3260	EDownloader.exe	84
PID 4292 wrote to memory of 716	4292	InfoForSetup.exe	85
PID 4292 wrote to memory of 716	4292	InfoForSetup.exe	85
PID 4292 wrote to memory of 716	4292	InfoForSetup.exe	85

C:\Users\Admin\AppData\Local\Temp\drw_tr_installer.17264071725130b1433.exe
"C:\Users\Admin\AppData\Local\Temp\drw_tr_installer.17264071725130b1433.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3628
- C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\EDownloader.exe
  "C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\EDownloader.exe" EXEDIR=C:\Users\Admin\AppData\Local\Temp ||| EXENAME=drw_tr_installer.17264071725130b1433.exe ||| DOWNLOAD_VERSION=trial ||| PRODUCT_VERSION=2.0.0 ||| INSTALL_TYPE=0
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3260
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe
    /Uid "S-1-5-21-2718105630-359604950-2820636825-1000"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2032
- - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe
    /SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"United States\",\"Pageid\":\"17264071725130b1433\",\"Timezone\":\"GMT-00:00\"}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrapExe.Exe
      C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrapExe.Exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\EDownloader.exe

Filesize
1.2MB

MD5
1a7df9803f164146e5a3632ea2f05d1f

SHA1
73943892332ecab98fcdfac42623648650e03595

SHA256
a868d63b166c0db08d1f18585b6b0607c4928a03fad264f9c976ee3cb82b3a29

SHA512
dfa483b3262faae6f9f36854ea7284fe85fe9024a239b375a55dfb400b5f358e8ad27cb9edb4fe3a93780fdcf7e54140d3e1b216e60af2d59649f877df074f20

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\English.ini

Filesize
3KB

MD5
514c7cfa0101eae70994afd3fa7801c3

SHA1
bd6249fe023542c5be1180b76343e4e220be7148

SHA256
a6237a06959f1bf65fc2b3e77ae509d3bca1713340227b7fbb66e28da4f84404

SHA512
d889ffd4495ec023394d1170b97bf40fad9ff202b36500fe85d6620cc08e3c42580caf6992c09817646a93d253cfece8e94b66b14e6eee5cefce3f91b5fa4919

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\InitConfigure.ini

Filesize
4KB

MD5
59585ee1cca2648ad7a242ce5d531e00

SHA1
d888f8a988d53d581c43b4d5a2b7cb3612d550f7

SHA256
79d7d5f6552bdded7a3a89ad5458a63dbe49ac0f6ad59fae523648aff5141d93

SHA512
bedf4c3bc52e88148c36c98d8da600a9c029705202c60ee3795805b3874aa97a04990ee852ace9db9bb85ca613d7a35fbaa98db4ed49a4a7a018b412be3ba367

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\LanguageTransfor.ini

Filesize
325B

MD5
ffe692a67871185785ec705b1cc12c81

SHA1
06a12bffdff33024a7b8798bdcdcda1fd7255bcc

SHA256
373bec6e7976324ff879c2988bab772c69336d7bcb9a32386a6021568350a824

SHA512
7ecdb5a4e625370888fb3a827cb668e934e29ca764177fca04e4eb620bec2b664fe498c0e9e73288bf977006eaba9618a4dc5a169e0fc5588a0874d9e6bb6c50

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\AliyunConfig.ini

Filesize
1KB

MD5
ab1452aec2aff0e61b3a3e58bc31f007

SHA1
abf6d5372334674c62371a0092dd89417000861c

SHA256
f3128bc66b7c96204de71527feb7200a2c284cb0c85a3c835654a5586d942b6b

SHA512
04db2e4678b84ba4c37cbde60f375ba79fc7cb7f235d82268a2d0468d17104163cee2e1292dca1224156349c239aa779f024eb7002aebed8614ca92d58fb6679

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrap.DLL

Filesize
431KB

MD5
f4b7fbdf349eeccca4a3ffb8bd9719a1

SHA1
5de1c05f38766b3c9c2aaa4c642b3e2bc7d60369

SHA256
2ce363aa8f02da478a9d8d1a8066aab283a8430de68180750a3115064acf7e36

SHA512
4a542ce3dca7ed66af4ee34c06dc6b0e95e05a5d2bf6725e02606ba417cf1c6223eef3cd3fbf40ff9c9f00345964fb78313b3dbe42a3ed5957ced102e944ac52

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\AliyunWrapExe.exe

Filesize
152KB

MD5
0e1942a55b6af074de8f933b97e053d3

SHA1
42758dbb13a8f7bc0d04a5dec415307ebcf27478

SHA256
8ed550dccf95f15092e65d4ff0d7500ce681e1b8dae986fd90c1339b59950a31

SHA512
8753676014e77f85f5c5f7214d8350c8316d84a3a3f62cfcc078fceb23cd58d8860df366ad01f28c7f2bd3867f8dc2c46b8a7e711be8165419ec0a0df522d845

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\DataFile.ini

Filesize
1004B

MD5
c87464825d026a3f99967a087790e88d

SHA1
862a2486ed5feb0131161673f0d5743e36f3aa30

SHA256
16a69045713df04d3993042e0c1b62a41e497a89686f3f9f3432bb3cce3f6b94

SHA512
f2a05573552c204280afb0df889521bc2ce73b86a2b9a57268062a21d3fc0587740bc53c5ebce7e9350498c61e3ee051d83d4d5e7139933339cc42417600e2f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\DataFile.ini

Filesize
1004B

MD5
6449c9ce54b422408374612c97c2597a

SHA1
dd13d83bf17d2adabf255afffc8a45ec2555ef6b

SHA256
02318ecf562d93caa4275d760a8d2815cfaa7f99b897446d900487139cb31b48

SHA512
d0ea23cc0e29d661a83b868588d54b6ca149024d6c02f99b54e6df0d8d1fd9f86b457b74d3ae4ccc9b9d52713d126975b433aae6452ad31c6a95163e754df7f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\DataFile.ini

Filesize
88B

MD5
7f411750d07619f38537e7fd612b8b44

SHA1
cda241a1ce5141288582c8f0ac4850992b427bdc

SHA256
ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87

SHA512
35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\InfoForSetup.exe

Filesize
98KB

MD5
c9d1d09c06b684aea2f61685ebefabf3

SHA1
99ee650735fd065139995c2d6d1d0c29e6f0aff3

SHA256
8f7bbe0d37dc8b57c9877e2febaa334e1d29bae93715f526d536e7dafb0b5dfd

SHA512
1911cb8fc0b2cb424e496027a9348e4e043a8adc0a5cd511412ec67fd0f620c7132ae2ce51d3482de578b322d340c2bbc5cd4ef872d756dd278d7b6d1bad2aef

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\VCRUNTIME140.dll

Filesize
78KB

MD5
1b171f9a428c44acf85f89989007c328

SHA1
6f25a874d6cbf8158cb7c491dcedaa81ceaebbae

SHA256
9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c

SHA512
99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\aliyun\tempInfo.web

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\downloader.ico

Filesize
65KB

MD5
e7ba7ed202773284c3dd85e4162c38d3

SHA1
7467da2d1455c5af1419da18feae2cb5c3558a3d

SHA256
aa4df8b6f5bc456121eafd03857098e56a4357a2bae7cdd651cafd2cfd78ac7d

SHA512
87dca3bcef8b309a501ffe3eefb5b20194dcf3b9729f024577f3d57dc025643e556c5c01797606483590e5dbd28502425c5f603a0077cc2e4561dddd0322efc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\2.0.0\2trial\skin.zip

Filesize
509KB

MD5
7eb6d83983a64c85c6bc6b1cb39be9c9

SHA1
6d020b994592ad852d64592d9ccbeef79abf4895

SHA256
14be9fb17c1da65feab053c5594d8ef48195de66ee6ee40759a62795a485ac57

SHA512
f4f5cc4a0c4e9edd03d0393d3acbbb365773c4b6a246c0e9615079c4c1cf846e45343a8b350458366f7dec7c7389ed71f4482d66652d82b17ed44bf95f830aae

Download Submit