Analysis

  • max time kernel
    149s
  • max time network
    210s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    13-04-2023 03:55

General

  • Target

    Geometry Dash 2.11 By CpuTutos .v/Resources/speedEffect_slow.xml

  • Size

    2KB

  • MD5

    5facd568c76db253d91fc7e0e285c27d

  • SHA1

    f2c4485563780735bee182414b3e26d242a0cc82

  • SHA256

    361e00862c199d0be00a64389d8a8ab030893106819871478d155147bae172f4

  • SHA512

    dceb12c673ff4d0b326c9a0e690bb718990214e6d0d7d1976961115c409f4c71373e2e5753eaf98111b4b27e34d226870b927f7616dae2a015af85ae06d99770

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Geometry Dash 2.11 By CpuTutos .v\Resources\speedEffect_slow.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1148
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1044
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1044 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1680

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    aae2cf42056ecaa8f5f43983c2c8ed8a

    SHA1

    b9f9b8005f44acba6bcb570080183159d73ca4b8

    SHA256

    e19cd3b7ba4d49fef23038118723e52ea88a5d1b13228648260544d3d9a1a54b

    SHA512

    f7f09d2e7399dff8808447fea678920c98837bbf530e6aa14fba9a80f8a704fb51f1d9ec4f64082a19e1b85550ac6497b0a8d19f940c40723c2d9f7621622128

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Temp\Cab4D3.tmp

    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

  • C:\Users\Admin\AppData\Local\Temp\Tar2DBC.tmp

    Filesize

    161KB

    MD5

    73b4b714b42fc9a6aaefd0ae59adb009

    SHA1

    efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

    SHA256

    c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

    SHA512

    73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DVTF7RUG.txt

    Filesize

    604B

    MD5

    1e45eb3a7bb4efb8f7daa3be6bcb8932

    SHA1

    35788b9fa9f4e23dc7c69476cc199511b1d5e6c0

    SHA256

    cd2577aa9d4675f2eedf4b0ec34b357a0d45428003bbd3cf68a2e6140b199d8b

    SHA512

    cbc046d950083f9cdb7bb797aae9275e9bcc63624d579eb19a094f5745dd581a29ce7035976b2ca2275d7fd7e30e022ef1e724e7b601ad8f7fa48af70f395bc4