Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/01/2025, 20:51

General

  • Target

    BepInEx/core/BepInEx.Preloader.xml

  • Size

    7KB

  • MD5

    b484a68fdf9952bd141a20bbcfb02f92

  • SHA1

    f26bf9b17ea0b5c3c54f135cba42af82e3eb0a8d

  • SHA256

    5ccaffcef1c41292d94931b24f140ca82b47a879e3439e89293285054490eb0a

  • SHA512

    baff337310a25fba727bea5dddf0a81a790beb791d96fbbee6268f790e8b7f6919b2af7d882744b122046f6cd9602a2e192c56a5d5680e9985e657266ffcadcc

  • SSDEEP

    48:7y5fFHr1iG3hEZLzLH4SOtLzfd8TrRMug5dNztVOb5gHYYRRwoctXygoGkrdR8+3:udJKUtffo8xt2u99MC3rYo

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\BepInEx\core\BepInEx.Preloader.xml"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2688
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2748
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2704
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2704 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2120

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1ef2350a8cc70dbfce586d503d8d41ed

          SHA1

          2c5a1ad16d853993f2a50b9b1aa1b108a3fd2701

          SHA256

          fdb2ef0a4114e2ebe3284dd4720b6cb473a2956647bdc52468c17b818c66afa5

          SHA512

          1f0b8dc9a65963727a79d9cf2ec0fd76088815e14acb20ab028c1ced744bc71ab2b9a120f4eebbc620bb5b6c228e7d23de4507c87140b35af573a8bc6dd2063a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7ba725646e8b83ab0a8232b3e7ce0797

          SHA1

          3ffacc3cb4156b147063a5d5cc9f847c0b093886

          SHA256

          9f1a1319b9c7b7d54c5531bdb822eee344d0e81966b96fee0800712e0e6a501d

          SHA512

          d477a6420663b8fd72242d052c098da65f9432e72bcc77d187ac0b6cbd52b53f0d99f1a1469fc16c87eb0a60e4a9f8fb53bbd7b0aa1f3d0a6a7dbfead7f0d19b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          053a13562b64756dbb802f87f691b2ea

          SHA1

          4fe90e6bcf91a32d2fd34c2dfc195f9904b4cdf9

          SHA256

          05b8b901f9de95d406b26c163a7ffc267f70fff0b1af5a97ad1dd1450980571d

          SHA512

          e2a22d6840db250efdc28a30cc71dd4bc51f320c185cf180dbfb4aa903e8832f1c01b6d87995bf8183d36ae8020ae9aaf093d4562292e128158c8c36a8cae69e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1170805489939a8f10f3ac84bad63b7f

          SHA1

          1488fb34dd8464182e32af59c8ea55ebed245456

          SHA256

          b2a97372e6a04a1b63885d03630e7d0c73c491a958775a10a495c4834148c704

          SHA512

          d0009a122c0a04c1180df86e9264fcebc1efd172866c85328c675e9ce8a8bf53801b8ddc866c48bc0987f7b11314421acde094d4259c6637951b38a94272663e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8c11ba700c8accaa190f7c8ecac2ea74

          SHA1

          861425257f6b3b89af9587aab4fc6755e806fe40

          SHA256

          51ffc8f1cc527559b83323b73c4be5e98b88e54a04316a5b28cede7598060b83

          SHA512

          ef7b0f698fb9d0f61d516f14f12ba7baba4be1f63ce96792e10058ba52aa5dfc593bca9548df479d6e22b45f9a62f6bf08cb8d7cfbf3c871b4b9bf36d4980aa3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          758115b56212a2b5d8bb8574cd451f59

          SHA1

          f7036f717c78ec8dd7a78263cb390cefa56aaff3

          SHA256

          7cf017cb96b056312c74f80afa5fbc293a4d3b9efc26a98405d218e932be98f1

          SHA512

          05ebacc305b893962ad40f4e8bcc6ff64000eec0bc020b22d18d7eed20dad05be13512b417739836882ee110f67817523d716b5a4c9ccc3b36ccf03569e1c6c0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          09685b8933071fab0b19f8d1116be355

          SHA1

          b6038b47180bcd2c29dcd244564a9d2b553a3eab

          SHA256

          45a5e116fdaac96988e4faf43d289bb7e0c97f179898784baf5a11f5edb41fa8

          SHA512

          f3f7ac78f13e6f86d0fd2f56104aaacf370a0f33bac1937d957d54424e57b231d90b4202c4e681626c3b5b34e48ff702608e3d827f7edeee5cd8b816b2280eaf

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          901cb84285cbd15ee832ed0d1a978a7a

          SHA1

          c2182b38dea2a040196edfd2d06b387a64c2f8a9

          SHA256

          51b117bafdd93084cd43b2a07bd595b6ed8a6aadc5dea136ef5141c5fdb24023

          SHA512

          a94bfff52e129dcdaeb52394e7938f8712cad9fb57d2a6784a56e6917de221257d326e06110a78ae4fff2e4a1eb6432f539042726e2ce8fbb5e2299a8037b26f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f1ea0d1734693bcd7313aabc19acc491

          SHA1

          8de986102c11e5749048218593fc99addc23315f

          SHA256

          2ce81bb98e484c9233697a379ea256f5ec2bc7a94777a6896f3f04c1dd1101a7

          SHA512

          0219ee78ff46cf1c71a77d6d653b64374f2ca5aa80e8303095ae0b2896f6d685b5b23e4ebda340cdc158153560e3b542b0daba563e644f812e40dd16a3965776

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          038383d1e07faed2074600de7ea2cda6

          SHA1

          731ee17abc9048cd26485f0be142575677f069ff

          SHA256

          f6469d0b3d3c9ba8d0ce0fd0d2bf6e3989eac74f13c7b6e220673ad24599fe26

          SHA512

          dd04fd67cb70a8cd56416d663015e2e2e83d8d697829b12748eb8dee1dea0c41e8e48c7314cdd353038bb618cfaf33e416114433ed330fd5106ad2704dbfe54e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2c3e0014b99db3e97b3e19b4e6c40118

          SHA1

          508218da82a7c74f377d27c46ae3458d3bd7d8c7

          SHA256

          16ec101101599099b8f94cc71fb814d30f793bc42fb33e2d93a4061b6b336b82

          SHA512

          48f51600a690e85452a952536998878ba319e52686beed02adb91423d91b84e813ab7a0b86238a45b267446a7e68db38d72062e64b910d911b130c1f79a7ba3f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e9684845221c3671a56be1e19c1cd164

          SHA1

          0aec0dd260a9822e88bc6c9cabecd0b3e50534a3

          SHA256

          52b6577096eae10a87ee0454b2fa3d23566dc12ce942240d9798c75448acf0f8

          SHA512

          4686afa42212c4072f8828536ef555e4577bb675d53ca0fbb8080589f9f017582a6549de8a9d8226196134f298f83cf7616763cff349ebbe022f0d76cc2bee8a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e778512580218a3360e6d96ac020e514

          SHA1

          02f8391f4ab28a61a643964c57150debe0f87eb0

          SHA256

          de80e8c0f2b36e2908bdca7aad6aa74869f86e16c6c114c761c541c26726c81c

          SHA512

          5e53ae74ef283498ce878c908f67c2236dc7821e6eb53e4f9a6d39e1693deb4f19834d5566f99c8064840c8b691d16fa357888ceed2a2df745a1db6a5c609ec8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          37c6020cf96382c38adfad47133adbd8

          SHA1

          f4a435dccdf2309205b1659adb60a8549da2f6b2

          SHA256

          c3f9b243b1aeb3fa18d88002504c31b6439df59b7743b77abf7d210591d2d592

          SHA512

          2fc9fa299870df1e99182c05085a7ff3555f507550c7ad81b01cc87dd11623998a42aa2fc0f46610603486d5e2ed0f4ef56de7eaddde841913d0e6676ad0545e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1e4aad5a00bad6730ffc23dafc02bbe0

          SHA1

          3faabc5a246aaa79ff0f22e7ea9a6f3eebeb2feb

          SHA256

          754e202fc5002195b44ece8459832a6745072d65c2e39e78d019ad4681d95b46

          SHA512

          868caff1a96febd853fa6aebf6d887ae0bcc6e0190fd83c5b1cd43b43b81351ca9a0a927df56abcb541fee3b0f4f12b0415bbb717ced21dfb4659c355e889691

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          54b9f9b8ef8f492a2e5d6baf6bb9a0fc

          SHA1

          26ef5a1be13419403a259b0c57e6e69df428eb95

          SHA256

          06b03148a4431f25e34c37f0c05ff493a46f45ad08d0ab0366eb7e0bdc1b43e3

          SHA512

          77247e5931d2e615d04526c6756b426a9aadcd95d112dc8ecbe0e40619e35f19211cf12978fe28dbc80edf102c7973b606ccf8aed8a9f2f948af3148bd16176e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          97c174ef40fafbfeb94c32663b78ebab

          SHA1

          1a54441f22a838137dbfc87b06d41fead5fe8c88

          SHA256

          e248204a8541a1b4f2d20bdbc532b51b4409ddff07d8270257db6e551de8f4b3

          SHA512

          e173b21c13479511fb09b4a2296927389d6bcdca2b10672ba000e55cabc01d9c0f58dc8fdfc3aa8559be5a73fe26d4ee7204a34f4606882acabb1966e43e79b1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          23da9457c70090a14764bf062bd7f842

          SHA1

          ef24b0a59cf6a42eec8b60433a62c612d7d9082e

          SHA256

          b78dbffe9ee9748215a51689f1728e9ae42dec75e5e310af1803213cd1b82d99

          SHA512

          b001988c20475b5ec1ffa24003dddb6f0eceb1694a95bf07563128811657e864b73719bf2c2f60471b8a3256fa52edf53205910f90b1066b2eacd8ebd236e560

        • C:\Users\Admin\AppData\Local\Temp\Cab1548.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\Tar15B8.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b