Analysis

  • max time kernel
    134s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/01/2025, 20:51

General

  • Target

    BepInEx/core/BepInEx.xml

  • Size

    87KB

  • MD5

    3f510d17b1ee2968da9d498e23bb4b26

  • SHA1

    6ae1734ae2eea03270907b43355a954d6cdcf2b8

  • SHA256

    c0c7799bbaf1e37398f85f0ba8e02d8136c55a3165db87063942e3fedda0a68c

  • SHA512

    b33ddcd2c9cd4f7c4e5608516f21e65ce9f60ceea14a92421cd1ff0b180dd8d6bcebc53dbb1d2a993dafeceb8d97905ace29b9fda3f282f03e9134b1da2e8bf8

  • SSDEEP

    768:MP+8prSsY5RtecdztwsqlOuKx0PbAUwbrOmzgLpOCU:uisAisqlOuKxWe/8pOCU

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\BepInEx\core\BepInEx.xml"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1804
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2380
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2988
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1232

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          60806ad5b7d80df193654ae4c7a249e2

          SHA1

          a2c33ce9dd4c0ba441390018d9fe852ffa0a3a4c

          SHA256

          297f3672dd2267c202a93d29a5ac6478edb3c51a2a34642622829045e7eaebd4

          SHA512

          3f13f8a98b997abf29168a8d034ac3cd7ed301ac1d95a30f6235f0ccff817fde4d19b3c47e08fd0a44f33efedaffdaa66690085b1af2936ec9aeb1eac9871b45

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          eee847bb987f2ee90b394b2d33c3221c

          SHA1

          ce5ad63a1e77067d045c8226db7eedc14c83cec6

          SHA256

          4aaa13c552df6621b4b728e46d0e7ebcb018bf83a4685d40ee64ca1ed2b81454

          SHA512

          48d8f536a932b46e509ec92e186d8724acdf70edea65aeefd7d339c20007b981147300914f29c6def98c1763c92a6260f8639a91fc00ddd09326b6b606562a79

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          655e1fc0c8279fd6a78069ba1b6a589d

          SHA1

          684b3bdfbe2ddc13686954798b34925503ed9cfa

          SHA256

          999fadfa9e9c95f6911e567a7044e9f9efa277073cc40b4a28af8931527a6e4d

          SHA512

          3e906969b3cad201aae876095c32177bfa24f51c1585eeaf06c383c27af7c075b89ab42d6bda2a43820e5d3d927d05bb0701498c4db2d47b4a39ff865c50f83a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1935efee944711cedf869320d233b7b4

          SHA1

          2e71ef13990f1c98e32c19b2e176e85138d21e23

          SHA256

          009687265c6f0e6f9b6d1fdc51f0995612414a9d9beb861ae7662d558fd592ff

          SHA512

          eb71798743daf89d54ac19a50f549cf5f6cf62497203e139a32bd3a73d63371819d0d111403e957d51c47c89c6b289769060b402e3817abee953ca82c6630bf8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          cc95ad0c74b2ef8d146c045ff4d79e91

          SHA1

          169724743f802f35152c64d9ef4db12769c18f9c

          SHA256

          8eedf347882db48a51f07e199b995754f767797d6b615a3d3042c33e20c7fde7

          SHA512

          77e8f7355f2e2698f94d16cd0b3e53eb5b1a4b4da9f376484c33d8a5f3c0aaf8b31023a767acab1e02b475d25bb542c341c2ffc022aba20ff749a70716b9060f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          40d92bfc1b044bd91f5b6858503de671

          SHA1

          a48247d49928144f4b0d099e201941963945fb2c

          SHA256

          b220e1c032e351a85ea960d491a2e02155eaf7ccbea25d5fc0a89f29910be42b

          SHA512

          9b472c3e80a6f1a5b7ac87d6a847e12fcaf62eb4d02ac687f76e3ec5b792974ede772b209907e9bd10efb6fab8a542bfa5cfc13280eb56b91289e8d260d1676b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0f9b97e3e9b0a2ded9e67dffc1b2e934

          SHA1

          15a36da4748cf14101f3c6dab0e8fab94e216ddb

          SHA256

          c9653ba22062244357476437385c89326b388f93fd29736f2c66d9f14eb2fbc4

          SHA512

          7b5893797a75b8a2cd5fb71021b03fb06cf93590ab35fc658b781c4d43e81a18d62997628f3ebc592e9bf5ecca4eb9af1a04d0ce6d1634f2b96506331e13ef1b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6a72cceb40653edee9577e2b245395b1

          SHA1

          9647ea97b23d206d3e411613687cf561a2c5a0ce

          SHA256

          f6574a52ea02ea7cced4721ee823943db0eefefd4074030671100a88c4a44020

          SHA512

          824a0e09dd11a5465fe5eb4d3caf60b49ab5a09d9cda9fc096d2b31da179a5ac5fb5c2c63174e973b60cd016810fd4a9a68681717c031c25c99133f3719ceb7c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d4102dbfdc2cb020109896490fff99e4

          SHA1

          1e811c388b2e2934352d7e927a066b877573371a

          SHA256

          b28800ced29c6b9c476d35a95dd5b43ed29efcd73a28c994e9e9f19a1c61569c

          SHA512

          f7ceae047138ee51ff937f255788953309727d15d2b2dad87d74d45b1aa2a4c3905bf24c191d15282a4418ff127e1be4313269e0e392c00e289295e03279a0fa

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c0e169edec9a575e826d12402d6be719

          SHA1

          a9bdea09012b3a19eb9b5bcd8a9a05d434d8b1e3

          SHA256

          3c2a90559fafd2bb70befabadd4669ca15bdbaddc576721a98df16866bc2503e

          SHA512

          b19069de83ca9555eb476eb2fe006e4db6fb570b9b44dc4d5dac37146caee8ff9846966993b1b55a9213783ef0dde912f88c3076963aba5d4720c73e298e1dc5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e86c503cca765144d4aadadd2bfa3b4e

          SHA1

          46a1e6ae3763eb5e47b306bcac01656bbf57a747

          SHA256

          ae434340f7ef7c0620019c698f22cd7041f36d6ac6bbeaea2f06ddf1b0f4e0f7

          SHA512

          3fd2bc386bfea2565420093e5a925ba12923b418bf6521d744ff0371f9d993285522bacdf17e1bf9e56f0265727570aaa4ca85e6dfc418da0ff49283f1e51c87

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a2e962cc484556a5f3826dda50b43628

          SHA1

          37c439ea05ae8d8e3510fba0e48d4da7edac04e8

          SHA256

          b0e4bde4c17b7c3ab340847d0b1923b84db8b364b4f663f8653493d0798dcc39

          SHA512

          1b269c9843320f453e05a6e5f930a09a93373e6fb594fc28a0989028692411e442beb822f0859b0770af49d5f8894cb670c8ddc5aada0a085ffc171b334e17dc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c493cc1a2a5205a383b9ed839d9bd40f

          SHA1

          9fc32e11469fb47a290a96d27be14ea3a4aaa7e1

          SHA256

          798212c6db0a8532030d260c1501c9a2f2a4622029d9ccb90abadba35fdf3da0

          SHA512

          95391de88f63a80a53c543ec374c3a98b2c028ac37374087509d4bfac1a4bf447faa07c90d35eef8db0c18f5a914742d6d67b9f8322c60d0de2742ebb3c7dd8b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3cc39240662755a661d1af2bdcbcc001

          SHA1

          55e912291202db6e260c42d64b9d0d9344420a2d

          SHA256

          1ada55ca0ea7ce3a6a26cc64d33733b360c0d90741c81c0ba35c0a0a94667510

          SHA512

          394db817c491eed90911f86394c64036262cec48867682d7a970753b27cae921615247f430e488a5f39de5c1cf006a4fb431be23d239eab401941f8191d70e15

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3b6ba6d1858e9a5c70e0a47d24a9cfd0

          SHA1

          43a7d377727057ffaa3a0fd12ede45a2bfccdc2c

          SHA256

          d74e4c1e1f0df6cb468a639287db7080c1710e2061502d73a642cb139cf91668

          SHA512

          211867ef3702927f5380c9f56d39a1e308fd4d06b012080d86cf1cf22eeb01d895ad3f268503b8b1583a975731c392826929ca2303ebca738ceef6573e6ff414

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0a5e0c0888640655568264cca9cb6a30

          SHA1

          0d3e5a3e2f5787eb693053fd7391a109b6b227f8

          SHA256

          26ab9691c88d579c1aa323b032deef89db64d71eec9eea0ad85acb1f21ba3907

          SHA512

          e50ed73541afb76e60bcd5c8c575c40b290c5f8c15cf7673fcaa0f5847cc622097ddc0f629d81459ac4b71906daed35e75f656e8c94e8a25cd70626ed06523c1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d325770b67f8a578ef63d59e9ec9fa23

          SHA1

          ad81a2849400a7bb34989c7eb95e1cf0fd1ac2a8

          SHA256

          1911e90f054eba4210d6463dd0cb02b641458301873a0980f537e46150f12d22

          SHA512

          c00ef1f22f019107a38cc221b1b1642579ae49bbdc32e1871fcc40b7d25d297fbfdd22102beb2d363eba48e9125866ecfebd7e373db1d26796a1fb2201f02300

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c747b87f7bd1a8cb095fb364284e3f01

          SHA1

          e0a433c6472465a2b38aa9f9af1df58a274ad15e

          SHA256

          02ff7bdd89a31e2d8aed8c649c7f8bf27683aad5cc41809e109511950ff69bb3

          SHA512

          b39c2e38d0a53ea3501330421b67a029e6adff8aa0777fbabf759df05103be99e00cecef95140b03c22f6607fe811b94227212f0f035941f115e0f48413946be

        • C:\Users\Admin\AppData\Local\Temp\CabB6B5.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarB754.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b