Overview

overview

8

Static

static

3

EasyMC_Set...32.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

7zip/linux/x64/7za

windows10-2004-x64

1

7zip/mac/x64/7za

windows10-2004-x64

1

7zip/win/ia32/7za.exe

windows10-2004-x64

3

7zip/win/x64/7za.exe

windows10-2004-x64

1

EasyMC Launcher.exe

windows10-2004-x64

7

LICENSES.c...m.html

windows10-2004-x64

5

d3dcompiler_47.dll

windows10-2004-x64

3

ffmpeg.dll

windows10-2004-x64

3

hostsremov...er.exe

windows10-2004-x64

8

libEGL.dll

windows10-2004-x64

3

libGLESv2.dll

windows10-2004-x64

3

resources/elevate.exe

windows10-2004-x64

3

swiftshade...GL.dll

windows10-2004-x64

3

swiftshade...v2.dll

windows10-2004-x64

3

vk_swiftshader.dll

windows10-2004-x64

3

vulkan-1.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...7z.dll

windows10-2004-x64

3

$R0/Uninst...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-08-2024 09:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hostsremover/EasyMCHostsRemover.exe

  • Size

    13KB

  • MD5

    dff1888306d5036e9e831d62d16412ab

  • SHA1

    2597f86a16af51f61f7b4754fe290a9969e85abe

  • SHA256

    136b6ddebbd837f775a10425fc0a6eaf4a46d32473f372208873cfeb2f64a28a

  • SHA512

    c2f984340c6d01531151b6ff58d2e5b47740b3faf309bc28c6349c4dd2b1e8715e24a69ee238380bd3ffc52e7922cf6c9a0c1ab685f449dc7e13054383b1de62

  • SSDEEP

    192:wRT2kZJ9fs4yjyjLwxx/VUXfIF8KYc3qvUjaMmk/m:wRTd5fs4yGAx/V4fIFlYc3qsU0

Score
8/10
discovery

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\hostsremover\EasyMCHostsRemover.exe
    "C:\Users\Admin\AppData\Local\Temp\hostsremover\EasyMCHostsRemover.exe"
    1⤵
    • Drops file in Drivers directory
    • System Location Discovery: System Language Discovery
    PID:4288

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4288-0-0x0000000074E9E000-0x0000000074E9F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4288-1-0x00000000009C0000-0x00000000009C8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4288-2-0x00000000059A0000-0x0000000005F44000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4288-3-0x00000000053F0000-0x0000000005482000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4288-4-0x0000000074E90000-0x0000000075640000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4288-5-0x0000000005380000-0x000000000538A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4288-8-0x0000000074E90000-0x0000000075640000-memory.dmp

    Filesize

    7.7MB

    Download