Overview

overview

7

Static

static

7

Geometry D...xt.zip

windows7-x64

1

Geometry D...xt.zip

windows10-2004-x64

1

Geometry D...et.png

windows7-x64

1

Geometry D...et.png

windows10-2004-x64

3

Geometry D...hd.png

windows7-x64

1

Geometry D...hd.png

windows10-2004-x64

3

Geometry D...16.png

windows7-x64

1

Geometry D...16.png

windows10-2004-x64

3

Geometry D...st.mp3

windows7-x64

1

Geometry D...st.mp3

windows10-2004-x64

6

Geometry D....plist

windows7-x64

3

Geometry D....plist

windows10-2004-x64

3

Geometry D....plist

windows7-x64

3

Geometry D....plist

windows10-2004-x64

3

Geometry D...d1.mp3

windows7-x64

1

Geometry D...d1.mp3

windows10-2004-x64

6

Geometry D...hd.xml

windows7-x64

1

Geometry D...hd.xml

windows10-2004-x64

3

Geometry D...hd.xml

windows7-x64

1

Geometry D...hd.xml

windows10-2004-x64

3

Geometry D...et.xml

windows7-x64

1

Geometry D...et.xml

windows10-2004-x64

3

Geometry D...01.xml

windows7-x64

1

Geometry D...01.xml

windows10-2004-x64

3

Geometry D...02.xml

windows7-x64

1

Geometry D...02.xml

windows10-2004-x64

3

Geometry D...03.xml

windows7-x64

1

Geometry D...03.xml

windows10-2004-x64

3

Geometry D...hd.xml

windows7-x64

1

Geometry D...hd.xml

windows10-2004-x64

3

Geometry D...hd.xml

windows7-x64

1

Geometry D...hd.xml

windows10-2004-x64

3

Analysis

  • max time kernel
    142s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    18-07-2023 21:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Geometry Dash 2.11 Funcional/Resources/SecretSheet.xml

  • Size

    8KB

  • MD5

    7eca932fc2d95fed5d4f10f0fd5e2fbf

  • SHA1

    357eca98a853c29d2f20bc4d4ca21bf800bd4053

  • SHA256

    e7e344f8af607b4fedc13c9e46e45d23d17366cf7e0c87fcc9b1771bb7fd4642

  • SHA512

    5943bd4f5071a2af1e1b32e5037f20047439ca3ed15a7b7c82ba8f76920bcd5d87b9c1bdcabf795efaf7ee3dcdf5c13fec670ff30597390e62906eec0212633e

  • SSDEEP

    96:/y+sYktkoxSYkEoN6GkYk2ZqCiGYcYkKKZLpKJYk/NLbaK7Yk/N20JkUYk/Nf/0D:a60b19i

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Geometry Dash 2.11 Funcional\Resources\SecretSheet.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2524
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2856
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2972
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2812

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    22fd01b2778b4fb8900e244c5ab5e5df

    SHA1

    5d5e9364c7ab34f8b6166f7dbdc6c051e95bac55

    SHA256

    cb3e92c75ab18bd147de630f1cadf4aab1924b2f6a8271b92e9af70ebf70da42

    SHA512

    b69c3bd120ee8f29634823ee54a5ee41016e769ff88114e221a2842aad17e04587a83f0a3be28162feee65f07409fde7c7a98890e3e706160bb467afd41104a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    931b33a11674f6096295a9a299e31a4b

    SHA1

    41b447e5df7a59318d219c12281bee7394a24021

    SHA256

    c2853369eb1f50f82c25c878e45da7dfb999d5af93ce27f89972a539002f20d1

    SHA512

    289418f0998284a170777cc13a0f89391c5fb92ab5bcbece16330c4a62d233c5e8e11f213bf91b463a7e4e59bec65f8840a36f4c7b6bf2ec432e96245974aa04

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    51c57e0e45af6dc1c0f0e6c7f8e1da42

    SHA1

    abb989d0630eb032761a9d1900486e09652addf8

    SHA256

    a5bf92f97df552f0d38ef5145a538f57ca216624b400a161aa702ab319b4861b

    SHA512

    fa5dc1ede9d6e6ade2032ecc76fee22e5ed8416df781bd987656f22e3346f32169d44472b32a0ee8eded6ebb41299b49ae3bd6a6a6f42a19134a28858ccba165

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3a3d954f95a33a2af9ce19ecace632f2

    SHA1

    ee7ca8221eabdc8c129abe7ebe3b73317ba8c293

    SHA256

    5ebcc7efde43c13cb2b6517637dd9db7afe4ce56429b69afa1f16f090836f107

    SHA512

    5b4dc11f19ac10887e79cb3b2c0380e64e56402232fb27142787a6ecd5ecc026873ab39a5b70874d9dee4a3d58c1aff3a49ca8698074cf67d97216132e790a0f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5cabba2edad8ce0ad3938fa45679c696

    SHA1

    b69fa04aa367ed08e8bd0981fe8f02c34eba9826

    SHA256

    ba34bec7c04c964e1f7f749bb05a0e53245b711a2f27b377745492f255f3cba4

    SHA512

    95cac23ec42dc0b11b712b9d9f4497a3ea947913e667b075b2449ac24ee0209ff44f43bbeecfd2c793e1fb17c68fd7d04a525526bc1cb23bb5633e5024dfb0d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0b4e022cb5fe22c39d7c3acc65662568

    SHA1

    5bf81f3538960dc78d0cc14f1c604b3072c77a9d

    SHA256

    83118080103ec7c8005d1445fa48700ef946f1e79b6523f05282cc3b62abd70e

    SHA512

    17ff425b0201682f5c3fe5f6094cf369fac8053bb633cfb60e890ca99b297116e1d16b0032a173f3b10b83402a938e0a783619ff1dd7b0651b3eaae413e0de78

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9eb8432385a8651b892db834a5a05946

    SHA1

    221b02cd17e4e9b2680dc1a16cb16ddc618de53f

    SHA256

    2b4ba2ae1dabbf0e10e5e4797eab2a5a7282668db1a62ff6739e547ca4e93563

    SHA512

    ed32e87a2e488a0a6226237db0feda656b216f921bbf28aab6b05869ab1d685125d196e5ff1bcff5a7abdc9bd970e80e0f1e483a8717a5e9b64e868502580734

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ff5af5a46c1699092182a79d7dfaff6a

    SHA1

    6c271c8105ff3c487f51648faaa34b8db334bfac

    SHA256

    d4b746060008bd6391e71127b371ddd0bb01b98e0ade6b2be435dc1bc77a14cb

    SHA512

    5737bb8dfc15d9007018f2b177212396f254d4b3b5f76585cf2f3441a789a3aa5d58727ae94a272a5294a204643889d6b4ed87109c69c702c0c44193a17b95b7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2AKN11NC\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDFE5.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE066.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HAEVIXCB.txt
    Filesize

    606B

    MD5

    c50aa995294a1e22a86159e3cd02af3a

    SHA1

    fd5e69b5fe10caa30a13c12e3e572eafac886d74

    SHA256

    ea3bfec08c2d49bd4afe335ae7eb557dae551a27a789a4bd5dd8efb153a415f8

    SHA512

    00eb34f7eeb135736ef2b28bb24f0d2c89ccb11616b42be521efc844cfceafaaa37e78903ce511c2d9ce35e709122d712ba4db15e822c990d72d0f49aa1099e8

    Download Submit