Analysis

  • max time kernel
    91s
  • max time network
    94s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    16/10/2024, 00:47

General

  • Target

    $TEMP/downloader_easeus/2.2.0/5free/EDownloader.exe

  • Size

    1.2MB

  • MD5

    75c6aa0ea529a99be1aa7a6ce1d40eb7

  • SHA1

    90b78031df82bb75366e26c5313ed2b5f41a4dc1

  • SHA256

    2fae081440a24194dae7aeab20612cff53f6c94e6c0d09ead3ba2cba70a87e46

  • SHA512

    d35250868409cb1c93471af557f895eaf76c38599c28730fb7a75300175c1b78c288e259d4d0d5fe1fefadb68c1f760ca6b1c2b7860598ddc1483b303cb500a0

  • SSDEEP

    24576:2s/G6GbJFLBoVs9nIDak3ri91DcSF+oYPa5crmMO4k5mBc:2WsDsbWgo/5wBvk5mBc

Score
4/10

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\EDownloader.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\EDownloader.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3700
    • C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
      /Uid "S-1-5-21-3870231897-2573482396-1083937135-1000"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:900
    • C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
      /SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"United States\",\"Pageid\":\"999999\",\"Timezone\":\"GMT-00:00\"}"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4116
      • C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\AliyunWrapExe.Exe
        C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\AliyunWrapExe.Exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3140
    • C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
      /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"2\",\"Errorinfo\":\"4\",\"PostURL\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/?exeNumber=999999&lang=English&pcVersion=home&pid=5&tid=1&version=&tmpTime_=467\",\"ResponseJson\":\"{\\"check\\":0,\\"msg\\":\\"version\\u4e3a\\u7a7a\\",\\"time\\":1729039719}\",\"Result\":\"Failed\"}"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1212
    • C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
      /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download2.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"1\",\"Errorinfo\":\"4\",\"PostURL\":\"http://download2.easeus.com/api2/index.php/Apicp/Drwdl202004/index/?exeNumber=999999&lang=English&pcVersion=home&pid=5&tid=1&version=&tmpTime_=169\",\"ResponseJson\":\"{\\"check\\":0,\\"msg\\":\\"version\\u4e3a\\u7a7a\\",\\"time\\":1729039720}\",\"Result\":\"Failed\"}"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1868
    • C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
      /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download3.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"2\",\"Errorinfo\":\"4\",\"PostURL\":\"http://download3.easeus.com/api2/index.php/Apicp/Drwdl202004/index/?exeNumber=999999&lang=English&pcVersion=home&pid=5&tid=1&version=&tmpTime_=358\",\"ResponseJson\":\"{\\"check\\":0,\\"msg\\":\\"version\\u4e3a\\u7a7a\\",\\"time\\":1729039722}\",\"Result\":\"Failed\"}"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:428
    • C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\InfoForSetup.exe
      /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"1\",\"Errorinfo\":\"4\",\"PostURL\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/?exeNumber=999999&lang=English&pcVersion=home&pid=5&tid=1&version=&tmpTime_=705\",\"ResponseJson\":\"{\\"check\\":0,\\"msg\\":\\"version\\u4e3a\\u7a7a\\",\\"time\\":1729039723}\",\"Result\":\"Failed\"}"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1980

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\EasyLog.log

          Filesize

          3KB

          MD5

          013d5459c3f484b02bf9087e8104c03b

          SHA1

          388abc1694b93fc728f920e5d70c23d34e3d0839

          SHA256

          6058f3cfadcc4b7ce601c286e57148218205776b106d00c8a9e94c175c9f1f77

          SHA512

          e09a5498cd7a84dde7b7426bc61ed6411e4f27d816ab8c2b9462bcf827d1a0844bf5e6a091a17dd1a8122034668b8d23b302caa96e29e7765ac3b580ec8694f9

        • C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\EasyLog.log

          Filesize

          4KB

          MD5

          90bba5bb7b1506df66f96fcbc121425f

          SHA1

          13ecff0bf165a3b897b8e590757f36a66591ff1e

          SHA256

          04c2bc5b3b15372f0e3ccec313209c2d17420d8e9cee3a9c5b9f78d18cbbd51c

          SHA512

          dae2edc573b41ed6456a9c02b27c07088fb34aaa8c0c31e4763dba0140f7187c0f8d38a8f1bbffffc602b56ef6420dcb2c79edbde21b1fa2d8e711e8b0da3349

        • C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\AliyunConfig.ini

          Filesize

          1KB

          MD5

          0eb67fa0af2daf4dece74756d810af59

          SHA1

          3cf23935fe26f013b42de2ee6da6633f62e402d4

          SHA256

          223742a5b5d95ce56edca7a4fd427d492801cba632084baeab67bc6932b8e171

          SHA512

          8b32283891a1cc5dac65fa9d8744e5a2214f2176538b0556fb304b3d5f8666e1904eab523125a7018c13d1acc610a353ec94103fcfe7faaf296edd9e8cd06684

        • C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

          Filesize

          88B

          MD5

          7f411750d07619f38537e7fd612b8b44

          SHA1

          cda241a1ce5141288582c8f0ac4850992b427bdc

          SHA256

          ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87

          SHA512

          35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

        • C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

          Filesize

          1KB

          MD5

          d25ad3c5b0430841ca9e769146c9edbc

          SHA1

          588f93d0e7f26445dacc2a1d7ddecc2950dab34a

          SHA256

          e065da495da6852ee5e3d23c2eb0850990ef6e780c2ff0c9a32dcc6e716ec9a5

          SHA512

          8275c2dc3f4951613937e597a03cdeb25a18ae191a633419045c3132762f945f34d0123c17157db4cf5245231bdfef85fd241f6fe1ea9ef3533b14a6db12c4c1

        • C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

          Filesize

          1KB

          MD5

          a41d95cfe92ff2d0c00e0afa3dd64f41

          SHA1

          87d37f8752f106924a43c220d0c0797d78a602d9

          SHA256

          fa90a667fb7e99832c4793ca246add4d0a347475225fb5648c1efbf7e495bf3f

          SHA512

          ca1d4307cb9d97f259f8ba99b083129b9fd6ca7bdb0822395a70a5454ab5e077fa1c19d8863fb40e13dc4f2306ae5c6f5846b7ef4de9143268037376807ec20a

        • C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

          Filesize

          982B

          MD5

          f3ee3b7248ee02606217108ae6ff0a9f

          SHA1

          f2016e42a22fc71d2bd18e76cf2894997a3334a7

          SHA256

          56680a9b2d62349f663f5401c0c763f41ffce0fd6751be0879b02eebfd8d2a12

          SHA512

          3a7eb26ed41a971011e617b081208d755b8ff8d847c17a46fe11f6859b81fd35d37b5800e28f540edf9c50c03bad8c4fbfb9d0330b905f3d9f429103ca088d8a

        • C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

          Filesize

          1KB

          MD5

          f2269a2cb534372262c918e2e772884f

          SHA1

          3e4acd9c5abb6ae8f864c4e2fe020366ca4b9cc8

          SHA256

          e71eb693aa41176d7191dc0fc4010202e92acf95ee57e64af657b57449a268f1

          SHA512

          7531a2e27fc4b49f88cf3723ae85c1c8eddb4d5ea04a2133d7fb116c288c31a722a11cfc32132462e2185742c32356f8a7824478a906212d294b36ba6fa2a2f6

        • C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

          Filesize

          2KB

          MD5

          ad8777fea8cf5f170c5618648c6d5d7f

          SHA1

          fd3139fbcb4d86ca6212c10a3a6f8b707e675637

          SHA256

          e59c13d440afa366d88578ae539bbc548affbbe1e46e2908b0d5a1afa5fab02c

          SHA512

          3d928614fb6d8c3967ec3b8ecb31c041580b01ecad8723dd57acbf866eff659989797598a2acd8baf388e28c54745991604c77c4d96393f24bc4e08bd963ca3a

        • C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\DataFile.ini

          Filesize

          1KB

          MD5

          87d5f0f63ede82cd5f57fb09fb1b583b

          SHA1

          91b1b0edef26a1402b118b4a6a7d591d021d109f

          SHA256

          c89925348ad7b23118022eb913b25dcb4cfe25ac61bef04640049c86bf5985be

          SHA512

          1c8b09e9a8147dd5f60e90fd79335d42444c968f41ab965647df0f007cc72efed29e2de0274ec036b3bc2ebf509c0e373dd4187a324eacb521b79bca00a99b8d

        • C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\2.2.0\5free\aliyun\tempInfo.web

          Filesize

          1B

          MD5

          cfcd208495d565ef66e7dff9f98764da

          SHA1

          b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

          SHA256

          5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

          SHA512

          31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99