Overview

overview

3

Static

static

3

BepInEx/co...ny.dll

windows7-x64

1

BepInEx/co...20.dll

windows7-x64

1

BepInEx/co...ny.dll

windows7-x64

1

BepInEx/co...er.dll

windows7-x64

1

BepInEx/co...Ex.dll

windows7-x64

1

BepInEx/co...op.dll

windows7-x64

1

BepInEx/co...db.dll

windows7-x64

1

BepInEx/co...db.dll

windows7-x64

1

BepInEx/co...ks.dll

windows7-x64

1

BepInEx/co...il.dll

windows7-x64

1

BepInEx/co...ur.dll

windows7-x64

1

BepInEx/co...ls.dll

windows7-x64

1

BepInEx/pa...on.dll

windows7-x64

1

BepInEx/pa...er.dll

windows7-x64

1

BepInEx/pa...er.dll

windows7-x64

1

BepInEx/pa...ed.dll

windows7-x64

1

BepInEx/pl...in.dll

windows7-x64

1

BepInEx/pl...ee.dll

windows7-x64

1

BepInEx/pl...in.dll

windows7-x64

1

doorstop_l....dylib

windows7-x64

3

doorstop_l...x64.so

windows7-x64

3

doorstop_l....dylib

windows7-x64

3

doorstop_l...x86.so

windows7-x64

3

run_bepinex.sh

windows7-x64

3

winhttp.dll

windows7-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 03:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    doorstop_libs/libdoorstop_x86.so

  • Size

    30KB

  • MD5

    97411f23135ed19118a47b11a3095983

  • SHA1

    3c40a7017e11a4f35201c7083d50bdf7ef51bc0b

  • SHA256

    fb7b75792109d5694e0a7faa8516c247a9550558990775bdd2ea613cb0bbec46

  • SHA512

    7ca259a4e04a5e6a131f97026d4a791abe5551507c29eeed50100933859cea803951cb8702ccb616ae181fa0c8244b86fe31157108f64dd7025922c1d680159c

  • SSDEEP

    768:aGBo/wC0cOCerZ3WOSRu1j5wTRgNN89uqTrx:KwXcOCmaRB9FT

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\doorstop_libs\libdoorstop_x86.so
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\doorstop_libs\libdoorstop_x86.so
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2676
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\doorstop_libs\libdoorstop_x86.so"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    7ac880a32441692e179777ee11e128ba

    SHA1

    c677d89d6030b84929a2166d1245919eb8b279fb

    SHA256

    16a4c8c084eebea8997519a31f436a4917166e53cc30dc78773a44642ac430aa

    SHA512

    12a65bf898b469d3b6d2d1d92335e51effb620cafd18d94b188f54854960085e87a565af6e845f7856c71aee13abefb39c52528a950b917e5c72bd18bf94947f

    Download Submit