Overview
overview
1Static
static
1Geometry D...03.xml
windows7-x64
1Geometry D...03.xml
windows10-2004-x64
1Geometry D...04.xml
windows7-x64
1Geometry D...04.xml
windows10-2004-x64
1Geometry D...08.xml
windows7-x64
1Geometry D...08.xml
windows10-2004-x64
1Geometry D...09.xml
windows7-x64
1Geometry D...09.xml
windows10-2004-x64
1Geometry D...ct.xml
windows7-x64
1Geometry D...ct.xml
windows10-2004-x64
1Geometry D...ct.xml
windows7-x64
1Geometry D...ct.xml
windows10-2004-x64
1Geometry D...st.xml
windows7-x64
1Geometry D...st.xml
windows10-2004-x64
1Geometry D...al.xml
windows7-x64
1Geometry D...al.xml
windows10-2004-x64
1Geometry D...ow.xml
windows7-x64
1Geometry D...ow.xml
windows10-2004-x64
1Geometry D...st.xml
windows7-x64
1Geometry D...st.xml
windows10-2004-x64
1Geometry D...st.xml
windows7-x64
1Geometry D...st.xml
windows10-2004-x64
1Geometry D...ct.xml
windows7-x64
1Geometry D...ct.xml
windows10-2004-x64
1Geometry D...01.xml
windows7-x64
1Geometry D...01.xml
windows10-2004-x64
1Geometry D...ll.xml
windows7-x64
1Geometry D...ll.xml
windows10-2004-x64
1Geometry D...it.xml
windows7-x64
1Geometry D...it.xml
windows10-2004-x64
1Geometry D...ct.xml
windows7-x64
1Geometry D...ct.xml
windows10-2004-x64
1Analysis
-
max time kernel
132s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
07/02/2023, 18:52
Static task
static1
Behavioral task
behavioral1
Sample
Geometry Dash v2.11/Resources/portalEffect03.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral2
Sample
Geometry Dash v2.11/Resources/portalEffect03.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Geometry Dash v2.11/Resources/portalEffect04.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral4
Sample
Geometry Dash v2.11/Resources/portalEffect04.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Geometry Dash v2.11/Resources/portalEffect08.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral6
Sample
Geometry Dash v2.11/Resources/portalEffect08.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Geometry Dash v2.11/Resources/portalEffect09.xml
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral8
Sample
Geometry Dash v2.11/Resources/portalEffect09.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Geometry Dash v2.11/Resources/ringEffect.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral10
Sample
Geometry Dash v2.11/Resources/ringEffect.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Geometry Dash v2.11/Resources/speedEffect.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral12
Sample
Geometry Dash v2.11/Resources/speedEffect.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Geometry Dash v2.11/Resources/speedEffect_fast.xml
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral14
Sample
Geometry Dash v2.11/Resources/speedEffect_fast.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Geometry Dash v2.11/Resources/speedEffect_normal.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral16
Sample
Geometry Dash v2.11/Resources/speedEffect_normal.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Geometry Dash v2.11/Resources/speedEffect_slow.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral18
Sample
Geometry Dash v2.11/Resources/speedEffect_slow.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Geometry Dash v2.11/Resources/speedEffect_vfast.xml
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral20
Sample
Geometry Dash v2.11/Resources/speedEffect_vfast.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Geometry Dash v2.11/Resources/speedEffect_vvfast.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral22
Sample
Geometry Dash v2.11/Resources/speedEffect_vvfast.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Geometry Dash v2.11/Resources/starEffect.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral24
Sample
Geometry Dash v2.11/Resources/starEffect.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Geometry Dash v2.11/Resources/starEffect01.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral26
Sample
Geometry Dash v2.11/Resources/starEffect01.xml
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Geometry Dash v2.11/Resources/starFall.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral28
Sample
Geometry Dash v2.11/Resources/starFall.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Geometry Dash v2.11/Resources/stoneHit.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral30
Sample
Geometry Dash v2.11/Resources/stoneHit.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Geometry Dash v2.11/Resources/trailEffect.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral32
Sample
Geometry Dash v2.11/Resources/trailEffect.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
Geometry Dash v2.11/Resources/speedEffect_slow.xml
-
Size
2KB
-
MD5
5facd568c76db253d91fc7e0e285c27d
-
SHA1
f2c4485563780735bee182414b3e26d242a0cc82
-
SHA256
361e00862c199d0be00a64389d8a8ab030893106819871478d155147bae172f4
-
SHA512
dceb12c673ff4d0b326c9a0e690bb718990214e6d0d7d1976961115c409f4c71373e2e5753eaf98111b4b27e34d226870b927f7616dae2a015af85ae06d99770
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e6851ef31fd3cf49b332bbb4721c97480000000002000000000010660000000100002000000042d8ce015633b0a5d5be35874f62de14dd0de75cdaec045eeafcd05a5af3c493000000000e8000000002000020000000c2403e4eb2a27ba7bbb26ee88f80cbd651129b3ce24135ed898626fa0a583ccf2000000092f7c387f1d0604bb8626a68ee89a98adb09d5183876dd9b95fb7a1979d1fe18400000006c350195e402626dd7e74aa5aacb86e6d76c83dfd33f6a23be331201c693f15b817914f115bf77e87f8c293bbfcd7cb95c1a861e883d0bfc49bec419d1ff30ad iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "770314032" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "382564692" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31013678" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{583C4688-A721-11ED-919F-D668443210E4} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e6851ef31fd3cf49b332bbb4721c9748000000000200000000001066000000010000200000002c3613d6407cc55d3ebf60095ac28763f985451c5a4dfdd2a287fa4e6c412fdb000000000e8000000002000020000000abd3b46bb9f58974bd55fa0751964fad55a66907cbfb63e040eda31689069f2f20000000536d3f744d0675d1af175c9782a32260011ddb107df3fabf73c840c9e8e737ab40000000706f628b1aaf1ced13226e345d0e8071df02da6f2ca863ecb4b6030bc17d525fc8f2a9d6a828157334f79dd4d70f8a5b5b73d4073e68d89476bc56a0514bb901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "758284560" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80db902e2e3bd901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31013678" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "770314032" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "758284560" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31013678" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0f4842e2e3bd901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31013678" IEXPLORE.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3744 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3744 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3744 iexplore.exe 3744 iexplore.exe 952 IEXPLORE.EXE 952 IEXPLORE.EXE 952 IEXPLORE.EXE 952 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 3752 wrote to memory of 3744 3752 MSOXMLED.EXE 81 PID 3752 wrote to memory of 3744 3752 MSOXMLED.EXE 81 PID 3744 wrote to memory of 952 3744 iexplore.exe 85 PID 3744 wrote to memory of 952 3744 iexplore.exe 85 PID 3744 wrote to memory of 952 3744 iexplore.exe 85
Processes
-
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Geometry Dash v2.11\Resources\speedEffect_slow.xml"1⤵
- Suspicious use of WriteProcessMemory
PID:3752 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Geometry Dash v2.11\Resources\speedEffect_slow.xml2⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3744 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3744 CREDAT:17410 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:952
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD5bd813f25b25946e19e7b3acf153b3674
SHA11570516b96c7931bd565ac9102e79e1664216997
SHA2566c744ffa4555b4c92c632743742782df3e1b9c33004c73247574da26a759ea2c
SHA512145c738a3702f08d8d307188a4422e3842bc08aced2190f74601d8398d2001cb722e3c32bb6988e35a44a456fb042e6ae833a121da092d21dc2a04683932b47b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD55fae8aecae89f433d37c7fd1602c88e8
SHA1c3876efa01dad676fe511a3a4e29c10f10fa470a
SHA256fd16834b1a39d5dd1b238a0aaf75a94bdc0c9defc5ab04143782369c6a41e595
SHA512e2635d60cab487966c36315806e4bdcb10d99dbafea13be720038ddac380b9d732170134f8c627eb4888939b916f59b1125e9e6b78bf46870f649825813f4859