Overview
overview
1Static
static
1Geometry D...03.xml
windows7-x64
1Geometry D...03.xml
windows10-2004-x64
1Geometry D...04.xml
windows7-x64
1Geometry D...04.xml
windows10-2004-x64
1Geometry D...08.xml
windows7-x64
1Geometry D...08.xml
windows10-2004-x64
1Geometry D...09.xml
windows7-x64
1Geometry D...09.xml
windows10-2004-x64
1Geometry D...ct.xml
windows7-x64
1Geometry D...ct.xml
windows10-2004-x64
1Geometry D...ct.xml
windows7-x64
1Geometry D...ct.xml
windows10-2004-x64
1Geometry D...st.xml
windows7-x64
1Geometry D...st.xml
windows10-2004-x64
1Geometry D...al.xml
windows7-x64
1Geometry D...al.xml
windows10-2004-x64
1Geometry D...ow.xml
windows7-x64
1Geometry D...ow.xml
windows10-2004-x64
1Geometry D...st.xml
windows7-x64
1Geometry D...st.xml
windows10-2004-x64
1Geometry D...st.xml
windows7-x64
1Geometry D...st.xml
windows10-2004-x64
1Geometry D...ct.xml
windows7-x64
1Geometry D...ct.xml
windows10-2004-x64
1Geometry D...01.xml
windows7-x64
1Geometry D...01.xml
windows10-2004-x64
1Geometry D...ll.xml
windows7-x64
1Geometry D...ll.xml
windows10-2004-x64
1Geometry D...it.xml
windows7-x64
1Geometry D...it.xml
windows10-2004-x64
1Geometry D...ct.xml
windows7-x64
1Geometry D...ct.xml
windows10-2004-x64
1Analysis
-
max time kernel
70s -
max time network
156s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
07/02/2023, 18:52
Static task
static1
Behavioral task
behavioral1
Sample
Geometry Dash v2.11/Resources/portalEffect03.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral2
Sample
Geometry Dash v2.11/Resources/portalEffect03.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Geometry Dash v2.11/Resources/portalEffect04.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral4
Sample
Geometry Dash v2.11/Resources/portalEffect04.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Geometry Dash v2.11/Resources/portalEffect08.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral6
Sample
Geometry Dash v2.11/Resources/portalEffect08.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Geometry Dash v2.11/Resources/portalEffect09.xml
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral8
Sample
Geometry Dash v2.11/Resources/portalEffect09.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Geometry Dash v2.11/Resources/ringEffect.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral10
Sample
Geometry Dash v2.11/Resources/ringEffect.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Geometry Dash v2.11/Resources/speedEffect.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral12
Sample
Geometry Dash v2.11/Resources/speedEffect.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Geometry Dash v2.11/Resources/speedEffect_fast.xml
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral14
Sample
Geometry Dash v2.11/Resources/speedEffect_fast.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Geometry Dash v2.11/Resources/speedEffect_normal.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral16
Sample
Geometry Dash v2.11/Resources/speedEffect_normal.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Geometry Dash v2.11/Resources/speedEffect_slow.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral18
Sample
Geometry Dash v2.11/Resources/speedEffect_slow.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Geometry Dash v2.11/Resources/speedEffect_vfast.xml
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral20
Sample
Geometry Dash v2.11/Resources/speedEffect_vfast.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Geometry Dash v2.11/Resources/speedEffect_vvfast.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral22
Sample
Geometry Dash v2.11/Resources/speedEffect_vvfast.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Geometry Dash v2.11/Resources/starEffect.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral24
Sample
Geometry Dash v2.11/Resources/starEffect.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Geometry Dash v2.11/Resources/starEffect01.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral26
Sample
Geometry Dash v2.11/Resources/starEffect01.xml
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Geometry Dash v2.11/Resources/starFall.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral28
Sample
Geometry Dash v2.11/Resources/starFall.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Geometry Dash v2.11/Resources/stoneHit.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral30
Sample
Geometry Dash v2.11/Resources/stoneHit.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Geometry Dash v2.11/Resources/trailEffect.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral32
Sample
Geometry Dash v2.11/Resources/trailEffect.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
Geometry Dash v2.11/Resources/portalEffect08.xml
-
Size
2KB
-
MD5
3ad3d9da606ed516c11c4a3e5f18e397
-
SHA1
7e11a1e87a5eddcac47cf2af4a7d527027b690f5
-
SHA256
b4173c98fbca0d511ddd1e663128419fef669b4f32a79c8fa6db34450422a6be
-
SHA512
2a89cefcf080bdaadefe1260b7713a7aedc505620e148d1ddb387bc3122a8d738ad065953c3fd8ffb5f2c2317de2a7130d7cf9a8838aabff96963c5f5b29762e
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Toolbar IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Zoom IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0149f242e3bd901 IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003bad9e5810411a41b405bdc87c3b0eb800000000020000000000106600000001000020000000644d93bce0a846ae98b1d1a03098c51e9ad74b6ead5e110e42be72b8b63f1dfc000000000e800000000200002000000046b3cc0e953f7b9552d29b72bfe23d3d8952dee9eabf7b5488a458e37a05155c900000005a9522883a32cb5bc90d0ce133ff46a6211938577293e7d72419288cbdf41b7ab16a20e1ef2ca5077a40d60d0714f800a5ea221848719b56573d50915a24c7a9e0a7bfb42d2cb8cbac9129223d395f703b3d98f8531055ba6d3e4ae00cf2eb2a991d312e722137d109ca72ae711e0840d75daa40861ea3343cf0910197faab4870c80cd921d15619aa793ba6f1f68329400000006859c81426b608a457f40a3b3212ba08803636a43cb3ff1995ea0d6f5dd8b99249c95f09cef85e5b15f7d1bdfdff3031e1be4d095691878865867f63b82d2ece IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\IntelliForms IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4E3DAE91-A721-11ED-BC0B-663367632C22} = "0" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\InternetRegistry IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\PageSetup IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\SearchScopes IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003bad9e5810411a41b405bdc87c3b0eb8000000000200000000001066000000010000200000007199b944327901056b5ebb59fc0e2e0ac1435309c4bbeff1c5a32c43a0c77cd7000000000e800000000200002000000082f07b7b5b6e549e3aa4152076b164777feb30238fc5408cd65453ddefc1bfc120000000b0a5ed807c2f6f58039b8ed8f56c4636b818789110253d2eb58e996e00db0b424000000005dd042c6fa281b30151ccfb3616a8a3834fdcbe27f5b50c1c2604ae38be87e0fd2f900c1c2400136cd0883cd6d6c3ac8a799c4cade79e46a4c9c0e9c7c3ebb8 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\IETld\LowMic IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "382564675" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1240 IEXPLORE.EXE -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1240 IEXPLORE.EXE 1240 IEXPLORE.EXE 1280 IEXPLORE.EXE 1280 IEXPLORE.EXE 1280 IEXPLORE.EXE 1280 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 1944 wrote to memory of 580 1944 MSOXMLED.EXE 29 PID 1944 wrote to memory of 580 1944 MSOXMLED.EXE 29 PID 1944 wrote to memory of 580 1944 MSOXMLED.EXE 29 PID 1944 wrote to memory of 580 1944 MSOXMLED.EXE 29 PID 580 wrote to memory of 1240 580 iexplore.exe 30 PID 580 wrote to memory of 1240 580 iexplore.exe 30 PID 580 wrote to memory of 1240 580 iexplore.exe 30 PID 580 wrote to memory of 1240 580 iexplore.exe 30 PID 1240 wrote to memory of 1280 1240 IEXPLORE.EXE 31 PID 1240 wrote to memory of 1280 1240 IEXPLORE.EXE 31 PID 1240 wrote to memory of 1280 1240 IEXPLORE.EXE 31 PID 1240 wrote to memory of 1280 1240 IEXPLORE.EXE 31
Processes
-
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Geometry Dash v2.11\Resources\portalEffect08.xml"1⤵
- Suspicious use of WriteProcessMemory
PID:1944 -
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome2⤵
- Suspicious use of WriteProcessMemory
PID:580 -
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1240 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1240 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1280
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
601B
MD523c346d651dd37d57b7afab7abf004a9
SHA1e6f7822597dc1cff95dcff7c5eaf5b401bfbf276
SHA256f343b3891cd9256c4e08bd4054ee57c6628a86d69987b5971ffa3b5e460d7822
SHA5122e67d2f15847777c8d522cbf103d423573bc27a248eee4ee99978365bfe9a0880d4a0b92321ae62d4d39c10a8f8ca58fbda4326a0b981e09a3971994b6e4c24c