Analysis

  • max time kernel
    47s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/01/2025, 20:51

General

  • Target

    BepInEx/cache/chainloader_typeloader.dat

  • Size

    181B

  • MD5

    e426fe83c42d7f37a51a7c4cfd55fe9b

  • SHA1

    df4255b2f5782cbb9b19d8ee14f7dc92a3ab4910

  • SHA256

    d4246a2732122c8f574b668056cfaa2a4806bcfe5fa161c141ee1a9bffd588ff

  • SHA512

    c4bc69349c9c7991d77245d12fcd5ca110bc698adf08020b695f27eb191dd4cf4d415692eba06d53929e9ceb3fe7350d6389e5ba1ebc83827e999d811a35b6e9

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\BepInEx\cache\chainloader_typeloader.dat
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\BepInEx\cache\chainloader_typeloader.dat
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2824
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\BepInEx\cache\chainloader_typeloader.dat"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:2888

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

          Filesize

          3KB

          MD5

          0969e7ca09b1d56b2790231d51a7347c

          SHA1

          52c718e6dc70711805bc00a0fe5dc5f74fd512f4

          SHA256

          0a9c065b7e63306bfcf5e2f68c4843b2de5367fc77fcec8d6906f37db01bb361

          SHA512

          05d824775c2995f8950163ddf8d39bb868b9c5b633e6efaa5e0410b150f2d0b2ae249163b19b42bbc07b6eeddfb0b3e02262dda0c7a6ebca936634b0c3234a13