Overview
overview
1Static
static
1Geometry D...03.xml
windows7-x64
1Geometry D...03.xml
windows10-2004-x64
1Geometry D...04.xml
windows7-x64
1Geometry D...04.xml
windows10-2004-x64
1Geometry D...08.xml
windows7-x64
1Geometry D...08.xml
windows10-2004-x64
1Geometry D...09.xml
windows7-x64
1Geometry D...09.xml
windows10-2004-x64
1Geometry D...ct.xml
windows7-x64
1Geometry D...ct.xml
windows10-2004-x64
1Geometry D...ct.xml
windows7-x64
1Geometry D...ct.xml
windows10-2004-x64
1Geometry D...st.xml
windows7-x64
1Geometry D...st.xml
windows10-2004-x64
1Geometry D...al.xml
windows7-x64
1Geometry D...al.xml
windows10-2004-x64
1Geometry D...ow.xml
windows7-x64
1Geometry D...ow.xml
windows10-2004-x64
1Geometry D...st.xml
windows7-x64
1Geometry D...st.xml
windows10-2004-x64
1Geometry D...st.xml
windows7-x64
1Geometry D...st.xml
windows10-2004-x64
1Geometry D...ct.xml
windows7-x64
1Geometry D...ct.xml
windows10-2004-x64
1Geometry D...01.xml
windows7-x64
1Geometry D...01.xml
windows10-2004-x64
1Geometry D...ll.xml
windows7-x64
1Geometry D...ll.xml
windows10-2004-x64
1Geometry D...it.xml
windows7-x64
1Geometry D...it.xml
windows10-2004-x64
1Geometry D...ct.xml
windows7-x64
1Geometry D...ct.xml
windows10-2004-x64
1Analysis
-
max time kernel
154s -
max time network
192s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
07/02/2023, 18:52
Static task
static1
Behavioral task
behavioral1
Sample
Geometry Dash v2.11/Resources/portalEffect03.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral2
Sample
Geometry Dash v2.11/Resources/portalEffect03.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Geometry Dash v2.11/Resources/portalEffect04.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral4
Sample
Geometry Dash v2.11/Resources/portalEffect04.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Geometry Dash v2.11/Resources/portalEffect08.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral6
Sample
Geometry Dash v2.11/Resources/portalEffect08.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Geometry Dash v2.11/Resources/portalEffect09.xml
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral8
Sample
Geometry Dash v2.11/Resources/portalEffect09.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Geometry Dash v2.11/Resources/ringEffect.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral10
Sample
Geometry Dash v2.11/Resources/ringEffect.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Geometry Dash v2.11/Resources/speedEffect.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral12
Sample
Geometry Dash v2.11/Resources/speedEffect.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Geometry Dash v2.11/Resources/speedEffect_fast.xml
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral14
Sample
Geometry Dash v2.11/Resources/speedEffect_fast.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Geometry Dash v2.11/Resources/speedEffect_normal.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral16
Sample
Geometry Dash v2.11/Resources/speedEffect_normal.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Geometry Dash v2.11/Resources/speedEffect_slow.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral18
Sample
Geometry Dash v2.11/Resources/speedEffect_slow.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Geometry Dash v2.11/Resources/speedEffect_vfast.xml
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral20
Sample
Geometry Dash v2.11/Resources/speedEffect_vfast.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Geometry Dash v2.11/Resources/speedEffect_vvfast.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral22
Sample
Geometry Dash v2.11/Resources/speedEffect_vvfast.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Geometry Dash v2.11/Resources/starEffect.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral24
Sample
Geometry Dash v2.11/Resources/starEffect.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Geometry Dash v2.11/Resources/starEffect01.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral26
Sample
Geometry Dash v2.11/Resources/starEffect01.xml
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Geometry Dash v2.11/Resources/starFall.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral28
Sample
Geometry Dash v2.11/Resources/starFall.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Geometry Dash v2.11/Resources/stoneHit.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral30
Sample
Geometry Dash v2.11/Resources/stoneHit.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Geometry Dash v2.11/Resources/trailEffect.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral32
Sample
Geometry Dash v2.11/Resources/trailEffect.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
Geometry Dash v2.11/Resources/portalEffect09.xml
-
Size
2KB
-
MD5
3673ac20133d1beb2a97fda0768fd941
-
SHA1
2e13fb89673f33dd0270c609469ecd3a2c7fb345
-
SHA256
6e5dd543547551e87432be91697d183ee0901506b374215afbd2a18606e0deae
-
SHA512
ad957ed4206ba33037c0df1b357bee5751a4ed2cb2e845e646a5068f7d9ed907b4ca570ab6d6b0b2e34652de775f3774e56d1fcf856ff71295a2a389a412e19b
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{76647A23-A721-11ED-B5DD-E2CDD1D11107} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31013678" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1322047406" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1312672350" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31013678" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 004d014f2e3bd901 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 209d544f2e3bd901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1322047406" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000055e705317208724f818ff84de6ddc69d00000000020000000000106600000001000020000000d204c1dbf4540accd1c954540f51fba7583b9623f844eb1985f6bc4d7f134163000000000e8000000002000020000000942abbf014f51e5c52878910977c943dac365a99b7349447384ae3c471809e3620000000786b599f54fa2cee80f0d44ec1889d95f36460f5186c1f0a469ef574fb28676f40000000689aa7612ee245e9847af02588facaab1021ef42ca6b956813995bd283db7be1beb174b38daa585f54af0544e36b3d4f754213aab6edb4fff5603e17ca48c3ff iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000055e705317208724f818ff84de6ddc69d00000000020000000000106600000001000020000000e63b3a80ce940ad1aeefb148a6684ba26d57de04b1d348aae5dda2e74469937e000000000e80000000020000200000005fc3e1a10d90bbb8daf923586eb56a7dcb530e124e865a53c75300be1486084920000000d4f80037b44f341883f7a338d4014638a726e0af5ab56e107c32d708c2f2986c4000000085f013959a06aec372d58d74fd53554b6871c764c3cb7cb289f0838d9d6bdaa873f43afef584cb8b6af2da5d57940e5f75dd92ddfb4de03abc21b041ce9343e7 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1312672350" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "382564748" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31013678" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31013678" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3100 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3100 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3100 iexplore.exe 3100 iexplore.exe 2752 IEXPLORE.EXE 2752 IEXPLORE.EXE 2752 IEXPLORE.EXE 2752 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 1844 wrote to memory of 3100 1844 MSOXMLED.EXE 82 PID 1844 wrote to memory of 3100 1844 MSOXMLED.EXE 82 PID 3100 wrote to memory of 2752 3100 iexplore.exe 84 PID 3100 wrote to memory of 2752 3100 iexplore.exe 84 PID 3100 wrote to memory of 2752 3100 iexplore.exe 84
Processes
-
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Geometry Dash v2.11\Resources\portalEffect09.xml"1⤵
- Suspicious use of WriteProcessMemory
PID:1844 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Geometry Dash v2.11\Resources\portalEffect09.xml2⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3100 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3100 CREDAT:17410 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2752
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD5bd813f25b25946e19e7b3acf153b3674
SHA11570516b96c7931bd565ac9102e79e1664216997
SHA2566c744ffa4555b4c92c632743742782df3e1b9c33004c73247574da26a759ea2c
SHA512145c738a3702f08d8d307188a4422e3842bc08aced2190f74601d8398d2001cb722e3c32bb6988e35a44a456fb042e6ae833a121da092d21dc2a04683932b47b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize434B
MD57c9a2a334485eca0109ad0f39217f9cd
SHA199798d5ebbc14c19e25df161e3c72c2f5d6e417b
SHA2560c1338bffa8fe179de9f120834cee4c77e756ea276fa2c390e1a187f55f8ce2b
SHA5123082b45b189a7b39a12c0aa9d8a7b05b8fc9f4e0b80e76bb360c41bcd4203bd5b5eaea8248b23ce1fff6faf6eac36c7c20b3c68a556e294c061bf96ee4cdf5aa