hxxps://github[.]com/modfilez/mods/releases/download/menyoo/Menyoo[.]VIP[.]zip

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2023 11:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/modfilez/mods/releases/download/menyoo/Menyoo.VIP.zip

Score

7^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	Menyoo VIP Menu.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	Menyoo VIP Menu.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	Menyoo VIP Menu.exe

Executes dropped EXE 5 IoCs

pid	Process
4984	Menyoo VIP Menu.exe
316	Menyoo VIP Menu.exe
2880	Menyoo VIP Menu.exe
1864	Menyoo VIP Menu.exe
4420	Menyoo VIP Menu.exe

Loads dropped DLL 10 IoCs

pid	Process
4984	Menyoo VIP Menu.exe
316	Menyoo VIP Menu.exe
2880	Menyoo VIP Menu.exe
316	Menyoo VIP Menu.exe
316	Menyoo VIP Menu.exe
316	Menyoo VIP Menu.exe
316	Menyoo VIP Menu.exe
316	Menyoo VIP Menu.exe
1864	Menyoo VIP Menu.exe
4420	Menyoo VIP Menu.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Windows\CurrentVersion\Run	Menyoo VIP Menu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Menyoo VIP Menu = "C:\\Users\\Admin\\AppData\\Roaming\\Menyoo VIP Menu\\Menyoo VIP Menu.exe"	Menyoo VIP Menu.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 575ec7859e45d901	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{5F301F8A-FBCC-11ED-B7D7-4221DB3A75C8} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "926185126"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31035353"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "926185126"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "391874047"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\RepId\PublicId = "{CB7CA31C-9075-4A61-8BCD-8D9641337B50}"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31035353"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\RepId	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	iexplore.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Menyoo VIP Menu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Menyoo VIP Menu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Menyoo VIP Menu.exe

Suspicious use of AdjustPrivilegeToken 50 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe
Token: SeShutdownPrivilege	4984	Menyoo VIP Menu.exe
Token: SeCreatePagefilePrivilege	4984	Menyoo VIP Menu.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3340	iexplore.exe
3340	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3340	iexplore.exe
3340	iexplore.exe
180	IEXPLORE.EXE
180	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 49 IoCs

description	pid	Process	procid_target
PID 3340 wrote to memory of 180	3340	iexplore.exe	85
PID 3340 wrote to memory of 180	3340	iexplore.exe	85
PID 3340 wrote to memory of 180	3340	iexplore.exe	85
PID 648 wrote to memory of 4984	648	Menyoo VIP Menu.exe	98
PID 648 wrote to memory of 4984	648	Menyoo VIP Menu.exe	98
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 316	4984	Menyoo VIP Menu.exe	99
PID 4984 wrote to memory of 2880	4984	Menyoo VIP Menu.exe	100
PID 4984 wrote to memory of 2880	4984	Menyoo VIP Menu.exe	100
PID 4984 wrote to memory of 1864	4984	Menyoo VIP Menu.exe	101
PID 4984 wrote to memory of 1864	4984	Menyoo VIP Menu.exe	101
PID 4984 wrote to memory of 4420	4984	Menyoo VIP Menu.exe	102
PID 4984 wrote to memory of 4420	4984	Menyoo VIP Menu.exe	102

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/modfilez/mods/releases/download/menyoo/Menyoo.VIP.zip
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3340
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3340 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:180

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Temp1_Menyoo.VIP.zip\Menyoo VIP Menu.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Menyoo.VIP.zip\Menyoo VIP Menu.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:648
- C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\Menyoo VIP Menu.exe
  "C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\Menyoo VIP Menu.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4984
- - C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\Menyoo VIP Menu.exe
    "C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\Menyoo VIP Menu.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\menyoo-vip-menu-nativefier-7a0718" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1504 --field-trial-handle=1688,i,6281511605938985552,17784165318592887408,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:316
- - C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\Menyoo VIP Menu.exe
    "C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\Menyoo VIP Menu.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\menyoo-vip-menu-nativefier-7a0718" --mojo-platform-channel-handle=2024 --field-trial-handle=1688,i,6281511605938985552,17784165318592887408,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2880
- - C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\Menyoo VIP Menu.exe
    "C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\Menyoo VIP Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\menyoo-vip-menu-nativefier-7a0718" --app-user-model-id=menyoo-vip-menu-nativefier-7a0718 --app-path="C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2352 --field-trial-handle=1688,i,6281511605938985552,17784165318592887408,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1864
- - C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\Menyoo VIP Menu.exe
    "C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\Menyoo VIP Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\menyoo-vip-menu-nativefier-7a0718" --app-user-model-id=menyoo-vip-menu-nativefier-7a0718 --app-path="C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\resources\app" --no-sandbox --no-zygote --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1496 --field-trial-handle=1688,i,6281511605938985552,17784165318592887408,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4420

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\Menyoo.VIP.zip.u6h80ai.partial

Filesize
84.9MB

MD5
31af00282ba9b7cc4b46be8fc5f69722

SHA1
96af1b09a79ffe59c736e3cbea41e30649ca0051

SHA256
a01faf7b01ae774de166ccd544e9b774a49eb1ea3565dcb362c9a87212d3c66d

SHA512
77ffa27231fd5d662ecfa909d3dd65c9598f08cd3c5e60c93535e748bab977770be4c00df5136aae97b597a9fc9078faa270c50c90b7da2908ba2f99ac212507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\Menyoo.VIP[1].zip

Filesize
84.9MB

MD5
31af00282ba9b7cc4b46be8fc5f69722

SHA1
96af1b09a79ffe59c736e3cbea41e30649ca0051

SHA256
a01faf7b01ae774de166ccd544e9b774a49eb1ea3565dcb362c9a87212d3c66d

SHA512
77ffa27231fd5d662ecfa909d3dd65c9598f08cd3c5e60c93535e748bab977770be4c00df5136aae97b597a9fc9078faa270c50c90b7da2908ba2f99ac212507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\D3DCompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\Menyoo VIP Menu.exe

Filesize
142.0MB

MD5
4e2a534b4471619622440d8c7c1f0f2c

SHA1
942d4f56f7b01b2c8bf534ffb80e8973282ffe73

SHA256
08cececb32103b4f297ab0bf7b26d42f0f1448215f3dff7344b17d881ca9bc8d

SHA512
c87502ba4ea171150d1c98b7692b28504a87ce7cf083c841594aae7413a78de4969d5ee34e127ddc9af894c7cd57bd8d2816159021d5fdb6c5a27106c2da8e20

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\Menyoo VIP Menu.exe

Filesize
142.0MB

MD5
4e2a534b4471619622440d8c7c1f0f2c

SHA1
942d4f56f7b01b2c8bf534ffb80e8973282ffe73

SHA256
08cececb32103b4f297ab0bf7b26d42f0f1448215f3dff7344b17d881ca9bc8d

SHA512
c87502ba4ea171150d1c98b7692b28504a87ce7cf083c841594aae7413a78de4969d5ee34e127ddc9af894c7cd57bd8d2816159021d5fdb6c5a27106c2da8e20

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\Menyoo VIP Menu.exe

Filesize
142.0MB

MD5
4e2a534b4471619622440d8c7c1f0f2c

SHA1
942d4f56f7b01b2c8bf534ffb80e8973282ffe73

SHA256
08cececb32103b4f297ab0bf7b26d42f0f1448215f3dff7344b17d881ca9bc8d

SHA512
c87502ba4ea171150d1c98b7692b28504a87ce7cf083c841594aae7413a78de4969d5ee34e127ddc9af894c7cd57bd8d2816159021d5fdb6c5a27106c2da8e20

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\Menyoo VIP Menu.exe

Filesize
142.0MB

MD5
4e2a534b4471619622440d8c7c1f0f2c

SHA1
942d4f56f7b01b2c8bf534ffb80e8973282ffe73

SHA256
08cececb32103b4f297ab0bf7b26d42f0f1448215f3dff7344b17d881ca9bc8d

SHA512
c87502ba4ea171150d1c98b7692b28504a87ce7cf083c841594aae7413a78de4969d5ee34e127ddc9af894c7cd57bd8d2816159021d5fdb6c5a27106c2da8e20

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\Menyoo VIP Menu.exe

Filesize
142.0MB

MD5
4e2a534b4471619622440d8c7c1f0f2c

SHA1
942d4f56f7b01b2c8bf534ffb80e8973282ffe73

SHA256
08cececb32103b4f297ab0bf7b26d42f0f1448215f3dff7344b17d881ca9bc8d

SHA512
c87502ba4ea171150d1c98b7692b28504a87ce7cf083c841594aae7413a78de4969d5ee34e127ddc9af894c7cd57bd8d2816159021d5fdb6c5a27106c2da8e20

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\Menyoo VIP Menu.exe

Filesize
142.0MB

MD5
4e2a534b4471619622440d8c7c1f0f2c

SHA1
942d4f56f7b01b2c8bf534ffb80e8973282ffe73

SHA256
08cececb32103b4f297ab0bf7b26d42f0f1448215f3dff7344b17d881ca9bc8d

SHA512
c87502ba4ea171150d1c98b7692b28504a87ce7cf083c841594aae7413a78de4969d5ee34e127ddc9af894c7cd57bd8d2816159021d5fdb6c5a27106c2da8e20

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\Menyoo VIP Menu.exe

Filesize
142.0MB

MD5
4e2a534b4471619622440d8c7c1f0f2c

SHA1
942d4f56f7b01b2c8bf534ffb80e8973282ffe73

SHA256
08cececb32103b4f297ab0bf7b26d42f0f1448215f3dff7344b17d881ca9bc8d

SHA512
c87502ba4ea171150d1c98b7692b28504a87ce7cf083c841594aae7413a78de4969d5ee34e127ddc9af894c7cd57bd8d2816159021d5fdb6c5a27106c2da8e20

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\chrome_100_percent.pak

Filesize
125KB

MD5
0cf9de69dcfd8227665e08c644b9499c

SHA1
a27941acce0101627304e06533ba24f13e650e43

SHA256
d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88

SHA512
bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\chrome_200_percent.pak

Filesize
174KB

MD5
d88936315a5bd83c1550e5b8093eb1e6

SHA1
6445d97ceb89635f6459bc2fb237324d66e6a4ee

SHA256
f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25

SHA512
75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\icudtl.dat

Filesize
9.9MB

MD5
c6ae43f9d596f3dd0d86fb3e62a5b5de

SHA1
198b3b4abc0f128398d25c66455c531a7af34a6d

SHA256
00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee

SHA512
3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\libEGL.dll

Filesize
460KB

MD5
961c060f241a7ae22e962c82d7803ef1

SHA1
0060b167e55db981c1588ca2074b8ca38b9a8153

SHA256
c8e8007d746df73edbf73cdff18c09bb756f43814978c84a28a72f95d0ac5dc9

SHA512
79539e0d0036124b59f94c6fec0c596e64c41626b9994ff7457f2f6b26e8f2648f93f63f6422c444eb3c8b803079f6ef1f52191980ea88de9d25c40b30547599

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\libGLESv2.dll

Filesize
6.8MB

MD5
18d62249e5bd4fa1f66c95a9ee9eb275

SHA1
4ea5d8344a8fc09ed2bda4d3034c3c8410c85e91

SHA256
3299de173b3e5ce2f69476b77d96f6a758b2ccfdf3ad811902e5cd511c6888ff

SHA512
fa29557836e56f981249ee8500a8271a7795cbe2a4afb6abbbd57e4aa26c6b731d151258f093643bbfa18cd9adf706a9e4d532481c62d713b7f1a1045301dc07

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\libegl.dll

Filesize
460KB

MD5
961c060f241a7ae22e962c82d7803ef1

SHA1
0060b167e55db981c1588ca2074b8ca38b9a8153

SHA256
c8e8007d746df73edbf73cdff18c09bb756f43814978c84a28a72f95d0ac5dc9

SHA512
79539e0d0036124b59f94c6fec0c596e64c41626b9994ff7457f2f6b26e8f2648f93f63f6422c444eb3c8b803079f6ef1f52191980ea88de9d25c40b30547599

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\libglesv2.dll

Filesize
6.8MB

MD5
18d62249e5bd4fa1f66c95a9ee9eb275

SHA1
4ea5d8344a8fc09ed2bda4d3034c3c8410c85e91

SHA256
3299de173b3e5ce2f69476b77d96f6a758b2ccfdf3ad811902e5cd511c6888ff

SHA512
fa29557836e56f981249ee8500a8271a7795cbe2a4afb6abbbd57e4aa26c6b731d151258f093643bbfa18cd9adf706a9e4d532481c62d713b7f1a1045301dc07

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\locales\en-US.pak

Filesize
115KB

MD5
f982582f05ea5adf95d9258aa99c2aa5

SHA1
2f3168b09d812c6b9b6defc54390b7a833009abf

SHA256
4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d

SHA512
75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\resources.pak

Filesize
4.9MB

MD5
c7b17b0c9e6e6aad4ffd1d61c9200123

SHA1
63a46fc028304de3920252c0dab5aa0a8095ed7d

SHA256
574c67ecd1d07f863343c2ea2854b2d9b2def23f04ba97b67938e72c67799f66

SHA512
96d72485598a6f104e148a8384739939bf4b65054ddde015dd075d357bcc156130690e70f5f50ec915c22df3d0383b0f2fbac73f5de629d5ff8dab5a7533d12b

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\resources\app\icon.ico

Filesize
2KB

MD5
17d74716b2765254f2b8618f3a900cca

SHA1
84f56df624ad348af27f4b91500c68683c161173

SHA256
851e73392b178cc1386b436bb948c509a788c62fe25f90065980a67db007a673

SHA512
ba30cb94b9b8b14fe6474d945f0f82bf44c9547c61022af7a9d7486dd3e47f916f25118a3ce5ad674556d58a0850cfc7795995f1368a6653a719000df6e8d90f

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\resources\app\lib\main.js

Filesize
495KB

MD5
d1bbee38f184cd44322a0bbae13d6b7d

SHA1
900c2362ed581436a7e0b5210ae1cc2fba769ca0

SHA256
3bc4df185354269c757e4c31414ded23866a6e5bb880b07e2ba22e1314281863

SHA512
6ca51132ff3e88c97005c626d913d263a9ed383e64803f66a980ce57e92e3bba16b3008b87480818476cde5979efea6bc2c1edb1472517a93d26d1bccb75d0a2

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\resources\app\lib\preload.js

Filesize
4KB

MD5
fa55c68c5f0b5a560604becb9df601fe

SHA1
0eeb7a10a9574238d6360ab895c78ddfdbca61ed

SHA256
317ea36e9119cd2024689687aaf927287213b5ec2909bb98c1ae87a01b49106e

SHA512
709da44b05879e4c1e8121e8c818e364bd6167d873529274d9ed63ea1b25a1ff4e9f501f11668a01677f9f610950a44b9fcbef99356d4c3cd9db51619d2dd9bd

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\resources\app\nativefier.json

Filesize
960B

MD5
4b7ea95fa1e693a1f6733cbb7dc505ec

SHA1
5e32d2fb9d2591a76ed3a4e7460152eaa9f41479

SHA256
e0a44ce62a95c59b401908908429504917db2e799c32bccb2748d93a7e4d6dce

SHA512
86b7ff2cc2070f81c5e3dedbadd715e1297652b20a31125ae9a16f43a9fe1e5648c2963fd98397374bb276bed0b6ab9d86f3e81313c5666c1f91531d6382fb8a

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\resources\app\package.json

Filesize
602B

MD5
ea84c19e9f80b3fbf8e9edff0d92e66d

SHA1
82d3cade5ac7090671b02f06e01756b9610b0d70

SHA256
de29c2e4e1eb256346cdc6fb05e126156c5734707baf06eab457647433af7dc4

SHA512
5c390322868e86a10539bfb86318475467becd8b9a1d95eeb30782ab771cebf942196ec661276f3bd50fab9bfda1b3f6dc345d38822cc480159ea05a8d210aa5

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\v8_context_snapshot.bin

Filesize
713KB

MD5
1270ddd6641f34d158ea05531a319ec9

SHA1
7d688b21acadb252ad8f175f64f5a3e44b483b0b

SHA256
47a8d799b55ba4c7a55498e0876521ad11cc2fa349665b11c715334a77f72b29

SHA512
710c18ef4e21aa6f666fa4f8d123b388c751e061b2197dae0332091fbef5bd216400c0f3bca8622f89e88733f23c66571a431eb3330dba87de1fc16979589e97

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\vk_swiftshader.dll

Filesize
4.5MB

MD5
fcec6c6fbc34cfd9a449af66364da381

SHA1
f6016b721dec138d75e9d542f3e2210a673ad52b

SHA256
738fe97f7fbafa6524f11cf0cf0999ca3aef752bed44e1179d589aae92937ed2

SHA512
26527975979e58870c3c365b9ab432b4b3af88ed606673971fba009489db4482a5ace0e122b8cf67de075c37174c7c423ee8e219cfb4c9a331be66bb8af9edf9

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\vk_swiftshader.dll

Filesize
4.5MB

MD5
fcec6c6fbc34cfd9a449af66364da381

SHA1
f6016b721dec138d75e9d542f3e2210a673ad52b

SHA256
738fe97f7fbafa6524f11cf0cf0999ca3aef752bed44e1179d589aae92937ed2

SHA512
26527975979e58870c3c365b9ab432b4b3af88ed606673971fba009489db4482a5ace0e122b8cf67de075c37174c7c423ee8e219cfb4c9a331be66bb8af9edf9

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\vulkan-1.dll

Filesize
854KB

MD5
8df5d7efc2d9092102e2a92e097a33be

SHA1
cc9801f6bd7e818b86fe4fb52752eadbdd859a7d

SHA256
8ee6e0d63b89d920dc627fca1af5f19653d51e8318adb064cc4f122576e780ce

SHA512
ee65444dcd37dff045826dc922dcc97ccd44d7ddfe373bcd971ce0facf91e13f3df07a1368fd6c49e63e8c5c19fc2fd669182f688e80d83804c534dd9d10f1da

Download Submit
C:\Users\Admin\AppData\Roaming\Menyoo VIP Menu\vulkan-1.dll

Filesize
854KB

MD5
8df5d7efc2d9092102e2a92e097a33be

SHA1
cc9801f6bd7e818b86fe4fb52752eadbdd859a7d

SHA256
8ee6e0d63b89d920dc627fca1af5f19653d51e8318adb064cc4f122576e780ce

SHA512
ee65444dcd37dff045826dc922dcc97ccd44d7ddfe373bcd971ce0facf91e13f3df07a1368fd6c49e63e8c5c19fc2fd669182f688e80d83804c534dd9d10f1da

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/316-455-0x000001761DAD0000-0x000001761DAFB000-memory.dmp

Filesize
172KB

Download
memory/316-384-0x00007FFD66030000-0x00007FFD66031000-memory.dmp

Filesize
4KB

Download
memory/648-369-0x0000000000600000-0x00000000008DC000-memory.dmp

Filesize
2.9MB

Download
memory/648-341-0x0000000000600000-0x00000000008DC000-memory.dmp

Filesize
2.9MB

Download
memory/648-167-0x0000000000600000-0x00000000008DC000-memory.dmp

Filesize
2.9MB

Download
memory/648-166-0x00000000017E0000-0x00000000017E1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads