ac6225dfe329df1a6eb382e733b440a26c8d93ef31049a3b3974786f5c066614

Analysis

max time kernel
143s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
17-01-2024 21:00

Target

6397e6beb747907e87ef2677dd8e0a1c.exe
Size

2.5MB
MD5

6397e6beb747907e87ef2677dd8e0a1c
SHA1

ca0ba36c6df76a58d54b4c58b0c63060f4eeb781
SHA256

ac6225dfe329df1a6eb382e733b440a26c8d93ef31049a3b3974786f5c066614
SHA512

26ca4d319c7927617fcf4bad7819c55f601177633078fccd1c5d597203af1c41728b4fcb499fd0eb26024035dac174d22d824097cedd3003c524c016aaf36a5a
SSDEEP

49152:xQ1wdRCLtoVDkbnm4JwGCspvNS9e/+k2ak6LSwwLzjVRQeo5AQR0C1jl:y1wdRCLtoVYbxJZP2OLSwOPAe/QRz9l

Score

8^/10

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	6397e6beb747907e87ef2677dd8e0a1c.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\easyanticheat\shell\open\command	6397e6beb747907e87ef2677dd8e0a1c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\easyanticheat\shell	6397e6beb747907e87ef2677dd8e0a1c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\easyanticheat\shell\open	6397e6beb747907e87ef2677dd8e0a1c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\easyanticheat\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6397e6beb747907e87ef2677dd8e0a1c.exe -server \"%1\""	6397e6beb747907e87ef2677dd8e0a1c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\easyanticheat\DefaultIcon	6397e6beb747907e87ef2677dd8e0a1c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\easyanticheat\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6397e6beb747907e87ef2677dd8e0a1c.exe"	6397e6beb747907e87ef2677dd8e0a1c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\easyanticheat\URL Protocol	6397e6beb747907e87ef2677dd8e0a1c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\easyanticheat	6397e6beb747907e87ef2677dd8e0a1c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\easyanticheat\ = "URL:EasyAntiCheat Client"	6397e6beb747907e87ef2677dd8e0a1c.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Suspicious use of SendNotifyMessage 4 IoCs

C:\Users\Admin\AppData\Local\Temp\eac_cqqxty

Filesize
834B

MD5
09c85385fb5642798634eec882280ed3

SHA1
8175d28fefb70262a7d54319c465c23915dec781

SHA256
6d0e12f18dc4a850f1404da2aeb43b1e6029d5e6a63c4f7881aae703d42f9df0

SHA512
85e06f77006d97b397dde13c7194125ec04957cc02067cb497f4c54671504baf4ad3a5a8c677aa2747869be2381a3319227e8ad3789d5e32393bcdb00453eeb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\eac_hvdowe

Filesize
48KB

MD5
679ba37f8ffcbcc8b47d47a47146d5a8

SHA1
340d21526432721d5cbd8edae8546d6f6d6b56e0

SHA256
d116e1e465547f3f54d2091f8463e957bf9487ebb5d403ea1948927d9d20ebe9

SHA512
4ad7b03a7a2a7000fd10f49627397135c3c01e0cdfb6520afb77effa1878686638f74fcfe3a112dfc9c4d69b70584ca8f8a0ca4fc50f1253821f4ddb912eaace

Download Submit
C:\Users\Admin\AppData\Local\Temp\eac_tbufox

Filesize
900B

MD5
e93100957b312cbf8446f3cc9864202f

SHA1
1c3cf006ea5c6acea179d005ff82a5ea732c5982

SHA256
31d8341131d237f5eb3cfffe7f62d12bf18946b5272d2c03148062316b0567f8

SHA512
c210853c40c090d8a9ec9f9953e8652a45c25630ace08e498c71bc601da205ae40c9bd676dead9024366b69ea844ba9b4d079cdb39aecac6c1970eb6812903b9

Download Submit