Analysis

  • max time kernel
    104s
  • max time network
    174s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    07/02/2023, 18:52

General

  • Target

    Geometry Dash v2.11/Resources/speedEffect_fast.xml

  • Size

    2KB

  • MD5

    31de676446f05d5a5eaf7536e64349e8

  • SHA1

    4e1a3c9513c249f9183d08973b2ba48c2db1872e

  • SHA256

    bae8fd9c0c0238ad8e635186a314f1fb2f77c79a221c590bfec491cf9c2780ce

  • SHA512

    466fe6f58be77687d962346ca398bf701176f1e7681e6542aeb97aae5bbfe9258b4d06f8b3ee4a0678c5ab1abf7eafbb9aad8301a76ac1e0bbc5bb2d8d95f223

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Geometry Dash v2.11\Resources\speedEffect_fast.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1404
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:304
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1920
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1920 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:536

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\J0SSAQJ8.txt

    Filesize

    604B

    MD5

    10b6a86f0b22fbf013eb076c948ec71f

    SHA1

    d1f46a2654bc0c1788d1f65e946e5ab456605fc9

    SHA256

    a0d7fd27dcd10fb9e340b0c8819060b9640481c7beeb972960db9c5504d963aa

    SHA512

    1dc1965b527d5895c4999e0e2e28e27345821de589daaf6e65c9f95980acb31cf6528beedd30e9a6fce2225ccf7e95426e0ff3bfc599c9fa8b35aad0e3eea769

  • memory/1404-54-0x0000000075D71000-0x0000000075D73000-memory.dmp

    Filesize

    8KB