Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/01/2025, 20:51

General

  • Target

    BepInEx/core/BepInEx.Harmony.xml

  • Size

    3KB

  • MD5

    a9ed47b1f141a3c4e36fa02a47e99b5a

  • SHA1

    8c312db6f4730cfd0a94065c49407de6a98d0427

  • SHA256

    a04fedf08f7c81f5d01aba6f2840a7ffce50b79bbd24587d8dbe69ab73971d29

  • SHA512

    0a2265559cacb02c603d9018cee487a12d1623c29af5b0993333c98c0e47633d980c88d4893e8ece697229e3638309c7557b4a5181258d9fda70ef532adc0ba8

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\BepInEx\core\BepInEx.Harmony.xml"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2988
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2412
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2372
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1864

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d3e22aea7fa72d21a97cff6eca8d53e2

          SHA1

          cc9501da5f4ca3c62ce8b0749df2c72b65df8847

          SHA256

          f57290c25cd5829d6ea07835b632a7b2e621b7b71f88d78a700576257a5b6401

          SHA512

          a7f2c7b53767d3edc7f964b9fc5bba3a316ede32688ac95a4bc62b00ea7f109d8faa7ce84c7425584f56fa1aed8b193340130c975b57f68a4e673c2c8fc9b155

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a28cb68d993562bcaea0aa79fd36cce8

          SHA1

          9ee14097eafb76f89b0fbd0e97451badb8d62dd5

          SHA256

          bf33560b9934968daa2c74f2531db1d4828e42c9c31f69e1d3a7ae49d2a99b2d

          SHA512

          95845578a97248090006167943b022af8675b9d7dd1e4acf14c5990c652955e1f0d28085106c21778a938128b889087347c97f8bde02183f0d0bdbb8624bbb55

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          65dcee0627a712e34d644c21e8dfadd6

          SHA1

          4165098bce64e17f92da8f97a82d7cd13d266d79

          SHA256

          534427916a26e705b9659ebe44b203b3bb62a7126011cba257ba6963fd5df9f1

          SHA512

          c0c6bad3c6fb727a17d82dcfa5dfe5fd29854b456bea7640aac72b1566f9824a19f0ecb724cb0b5e18a41a26871d3a1e37ee0c123eda065067793e40d5e48f83

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9baf8caaef195849f63f91a4ca534de2

          SHA1

          00b566813830bf57a1b92b92a14461f79fe8a243

          SHA256

          d983b1ed3220d3520df994beaeeb44a9a5b2b57de0bef9de7261d12b2beda0f6

          SHA512

          598b7219dd29dacd2c92be3d6cdf23e58a625588ffa8883e56cfbc10fd877afb3e8b6414282be77781b9e07fe090ccf63f70ce319d823b3620ee4d15b38c3ce9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4d03c4e902687490273bd4548b8f6f1e

          SHA1

          b7043e507e3b45ea417fdcb0950c7b0a7cdb7d58

          SHA256

          256d3816570153381c2a3e4fdecd649b5fc311443483b273d8be73725f5848e9

          SHA512

          e1ba6fbf1246554784d3486dc47f24985f27a3d0ad3cbf4715d09533258230b17a08f0ba8924e18fe858505cba6018df8477665e6e78c9bee04563bc7fb57c38

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5d62fdd11f189c5b104ad83b3b062820

          SHA1

          0716e27215d816295a5e8fa1b42ed2c39b53ad5e

          SHA256

          87fa65fd7e06f27218ef9d824d9d806601f2c875d30fb4f97afd0209e888600a

          SHA512

          7816345e81c54279e9d11fba12562ebdf5f97aae2bfbfc2bcb75096cda30e76fe132b9cc433a1381b24bcbf97c84f0dcd9547c86c007f9ecd14c206bba018cbc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5d67ff16c3b207304a68be197b89f258

          SHA1

          792d410ee3ebf4c6fb5546a030075c147110fd74

          SHA256

          9c90c16dee9830be774a6047df82f2c7d2c174a19f40478e077010d38c34c841

          SHA512

          2a2d86332448d8ff22db8dd9c39f5502a245fea829e9cb9766acf1bc6202ebebac062c0e5abcd31e48909171448f65e8df364ade5ca62c19b13ed3267d70fe03

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f2a60c5249c85ea2f64cd4a43462ab7f

          SHA1

          80076954db491f1fe0a9dc20fa4c6d242b4d11a1

          SHA256

          b27925514866c320fa3ce37f16eaa628e19a4064af2b40a7be7d8b658221ed61

          SHA512

          c23edda435353ef17bf475681b87c27294aa3827a0994c2de90651cb1ce1a7c0cba94bcf3f73e0c35cc694b595a954634774d0e531aee97b70d9857f58782cf8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a40de7c8f39f1637842268901ba985ba

          SHA1

          6c3f49b2406a71b2b52f83239870a28a1191c9b2

          SHA256

          d77b8cb4e9d8201e8bf688e2d9a4b5bd864314e551745d4e94bef854d6a9db11

          SHA512

          74022c6fc0fe6d7bb2f53b463429a8e8f2c999efa1e262d47994a9a6668a4c9230bc66f4dca4b860444988a13f3a2e0191f0961e65055e086f8d38af27b44672

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8be37d64cd4dcb49d19fa202b2d698ff

          SHA1

          b1d9a5fbaa184df4b3dfd842744bd5523e51cb24

          SHA256

          369180076f23cfdea42cfd35d2a1dffd74471fe377905e4eb86707b01fba12d4

          SHA512

          7a9cb06171528ce9832ed50eb79fa2b51e9c99d8f32608589c4e703c167c0c97080b1cf7ddf0d5717b6128bc8700a7372df8a7dcf1dec4ad12259b419c58ae74

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b01283017ad04b6381609e6423006c62

          SHA1

          63bc4ccf4705a868f38f5c4f82569093b76abc8f

          SHA256

          b6e2c5a62637da5430dfb9afcdbb872bdcd94da5ad9fff0ace2554690b26e2f1

          SHA512

          2cb5ef1332b1692be6b796e26ae7450c1e4908b44fadd217a5edad6f341cb326dc8453054d36c34d2940f06f95d39e6b7018190614bc140194aecaa29ea72359

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          43a7dbebe39921b9d8b2aa6377bf658f

          SHA1

          eb0855bcba28e51a18a034e0336b3a50ca038cfd

          SHA256

          85b2a0c7073ee9b225ab615eebed4c8a245cac2432d3aadc4cf7ca5ed24c6df3

          SHA512

          49b55f0e2fdbc47cf4ba68a604adb4138643b81a97cde8ee6d66c76b7c3aa2adca0e413c85fe09a2fcff005b76fc7da4c2c042730ef99a2be19860ed60235c7a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          25c0809abbe187bc990629e702da313c

          SHA1

          651b29eb9ae569053204b7e0c26b9ab81be8e215

          SHA256

          5331e214449825fb07299a01ffa952e609cfdca89eb69175a569243d15b5b92e

          SHA512

          3e00360ac9bbff745716ca7f7d75ab80cecbb2ae184064a7fb84309b2324054c00012a2702f3ed656c5983177634a2f992eb2569b6105468031d8feb7ba998c3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3291c4aeda44fec904030e1446b261b3

          SHA1

          cafb9cc2e302726526c59c48e1e0c15a7be44c1c

          SHA256

          9b8ca1c8918bccfcc170c890ceb17854a917545f35a7f41034c0e5f24e3a88f5

          SHA512

          4687eb4d45eff479d3f0c4e21ec121864acc1e8056bd24d0fb7bc03600c4b889549baae47c8a59e4862eb8dbd31bf01755017db26b44bb762d9c954631b4c169

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e32f2491b2b0cec643bbbf9e17a57a1f

          SHA1

          18beac6fb711a1d8f1bb315edb601fa5940d0776

          SHA256

          dc8c4bb205fb6a64b69cb41c8455b1805e67983c2e8397045a65ca017b8f4234

          SHA512

          8029758d2f6559a1d55e782060f47c13bcefec662dc0e344d22d364c48b1f57e9d37d036b0e622b021abbb9bd07cc10746cae5ac2f50f932625d46dc67ed8d83

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          fc58c76dbaa3fc3f97553c3232e55376

          SHA1

          6fb8143dba970c7febb941c0234e22a385ece38b

          SHA256

          35918f1f3b012fd58f2c12f6127d00826662a35f5ca2c4b3b7739a8040614438

          SHA512

          7cc812ce6c4de9d5e8b952f7ad1326baf8d46cfeed96667c8f286a6a91e4c7c966a1d341adc6068623d531310c232233c3f974b913014779ff756c342302b957

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7cd9261241ec447044e102ed5b090353

          SHA1

          38636697997ea0271b4880eedb67c2d9b38d4f80

          SHA256

          43ccfdc772245b649251b66ede5633bb62c79e5e13ed5aad41f99a71fbf534a3

          SHA512

          771d2b7c8d7f2d7c4e195dc5e4d7843cad58c84aed3e8ddc516dab8b72b5ec01ece8fbac47e59b9c9faa2a45856f5d5d6efa80737a6406125f3646c005c7bfe8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          329f5e16946babdcb2c1283b74eaffbc

          SHA1

          dcecbeba470a896f19ac7e2c70341df25b4b9aca

          SHA256

          1a3cfa0494f51ac11488ecb273c5b6a03754d27d6188ceb3638beef60da161b1

          SHA512

          a9e5585745fd24eebb76701b5cd7587f6e37a75d595331020f0b9349c3faa4b3dda72231cdf9679718f84200dcc7a3dfce0cf5f77feae21694ad5761730bd2fe

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          98bdb8493fb60c41c5ae6d2223701a49

          SHA1

          71488729e82d0d258d74354e13336a6e6a355149

          SHA256

          e7030fc4e60087ec99d3ac339b083da6e488b127208d7cd6d1b01b06eb0eeb07

          SHA512

          d131c429dbdc97a9793f736cf244149ef236e17371d318967db431edd14a7aca9996651370fbe02d62fa8a4f2d7ac7f671ff52a25085ea3f1578716f8c1f0036

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          57fe100e29f0565059560d458f4746db

          SHA1

          92b2e4c081e6fec4537ffaeb2563e4a01753ebe2

          SHA256

          f03e99f0b120704e9146beebb6d40b2b1121a0464d254e35443ebccc12cc2097

          SHA512

          9e7567609142074791bea7d1a06057ffb0ea4705d0cf59a4b0274af6bdb404e81d316a89cca87bba2fb20e50c7b7791108e5cd799d8a52a58800e465e1abfcfd

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          644708a06670379fca33abe65825bb37

          SHA1

          a1f5a7cdc7b83c4bf3be33d72d4e814226d41b84

          SHA256

          555b0918645c77da6a9f66e007f5c23fd95feba1215dfcad854de3cb8b67b389

          SHA512

          302a8095d8d757b1711893f7a87d8e3bd50ea940dbc11a12055bf528a66b3d2be967b92cb06db5838a3ed0fa43da21532793748f76063f1a5479d30ef027761f

        • C:\Users\Admin\AppData\Local\Temp\CabF94E.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarF9FE.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b