Overview

overview

3

Static

static

3

BepInEx/co...ny.dll

windows7-x64

1

BepInEx/co...20.dll

windows7-x64

1

BepInEx/co...ny.dll

windows7-x64

1

BepInEx/co...er.dll

windows7-x64

1

BepInEx/co...Ex.dll

windows7-x64

1

BepInEx/co...op.dll

windows7-x64

1

BepInEx/co...db.dll

windows7-x64

1

BepInEx/co...db.dll

windows7-x64

1

BepInEx/co...ks.dll

windows7-x64

1

BepInEx/co...il.dll

windows7-x64

1

BepInEx/co...ur.dll

windows7-x64

1

BepInEx/co...ls.dll

windows7-x64

1

BepInEx/pa...on.dll

windows7-x64

1

BepInEx/pa...er.dll

windows7-x64

1

BepInEx/pa...er.dll

windows7-x64

1

BepInEx/pa...ed.dll

windows7-x64

1

BepInEx/pl...in.dll

windows7-x64

1

BepInEx/pl...ee.dll

windows7-x64

1

BepInEx/pl...in.dll

windows7-x64

1

doorstop_l....dylib

windows7-x64

3

doorstop_l...x64.so

windows7-x64

3

doorstop_l....dylib

windows7-x64

3

doorstop_l...x86.so

windows7-x64

3

run_bepinex.sh

windows7-x64

3

winhttp.dll

windows7-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 03:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    doorstop_libs/libdoorstop_x64.dylib

  • Size

    24KB

  • MD5

    2d65bfc92198de87eba43f4b6f4b7f59

  • SHA1

    c99a568f41bf86f55a7533c80d5a33a5a4dab523

  • SHA256

    1867bfefe236bcf2c29d2a7e183a755c749861d27355e8bc4317a343e93ef15b

  • SHA512

    92ac79d4dac74c5b15fcdb800c8fd90bf7971e725ad3d6c308d804f968365fe18dd813661d743523a8f65648a99196a82bd811cbae3521ae91470826ad68a5f3

  • SSDEEP

    384:OjN7vZKC2t7nAhQcgtslDPOmp3PjvFNIpbNb:OjNb/MslqEjIpb

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\doorstop_libs\libdoorstop_x64.dylib
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2912
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\doorstop_libs\libdoorstop_x64.dylib
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2616
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\doorstop_libs\libdoorstop_x64.dylib"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2348

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    82d6f00ae37154e4b8b2460daa117c1a

    SHA1

    48053794f09d7e0a4c5cf637e6fe7972ba6ca581

    SHA256

    390b2815d387e50417d7e2b177b1c99ee85e8f1bb3c91b739c2ddad27cb95c48

    SHA512

    ae31b89cab20b8450a47e7ad808f6b5f5abbb97c478e1e82dfc8e6d908abe58c030afd2d9a8ab1a1e352d0792ce32407f607ee515870d96e9c2835f1c05aac98

    Download Submit