Overview

overview

4

Static

static

4

GD/GeometryDash.exe

windows7-x64

1

GD/GeometryDash.exe

windows10-2004-x64

1

GD/Resourc...sc.xml

windows7-x64

1

GD/Resourc...sc.xml

windows10-2004-x64

3

GD/Resourc...MD.xml

windows7-x64

1

GD/Resourc...MD.xml

windows10-2004-x64

3

GD/Resourc...sc.xml

windows7-x64

1

GD/Resourc...sc.xml

windows10-2004-x64

3

GD/Resourc...hd.xml

windows7-x64

1

GD/Resourc...hd.xml

windows10-2004-x64

3

GD/Resourc...hd.xml

windows7-x64

1

GD/Resourc...hd.xml

windows10-2004-x64

3

GD/Resourc...et.xml

windows7-x64

1

GD/Resourc...et.xml

windows10-2004-x64

3

GD/Resourc...hd.xml

windows7-x64

1

GD/Resourc...hd.xml

windows10-2004-x64

3

GD/Resourc...hd.xml

windows7-x64

1

GD/Resourc...hd.xml

windows10-2004-x64

3

GD/Resourc...et.xml

windows7-x64

1

GD/Resourc...et.xml

windows10-2004-x64

3

GD/Resourc...hd.xml

windows7-x64

1

GD/Resourc...hd.xml

windows10-2004-x64

3

GD/Resourc...hd.xml

windows7-x64

1

GD/Resourc...hd.xml

windows10-2004-x64

3

GD/Resourc...01.xml

windows7-x64

1

GD/Resourc...01.xml

windows10-2004-x64

3

GD/Resourc...02.xml

windows7-x64

1

GD/Resourc...02.xml

windows10-2004-x64

3

GD/Resourc...hd.xml

windows7-x64

1

GD/Resourc...hd.xml

windows10-2004-x64

3

GD/Resourc...hd.xml

windows7-x64

1

GD/Resourc...hd.xml

windows10-2004-x64

3

Analysis

  • max time kernel
    269s
  • max time network
    339s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    22-07-2023 20:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GD/Resources/DungeonSheet-hd.xml

  • Size

    2KB

  • MD5

    81973b2057bca63dd6ca47a89414b35f

  • SHA1

    5f8b5fcc84c7310dd0fc75c21e9f1afda157620a

  • SHA256

    ebbc757cfa618a93a9170ab505da95ea178f49128113c6fe70c4b121ae3c2763

  • SHA512

    a27c4998a93c84470e430d5269d4c488c9c325885ee0c3f007a8a4857f259f9df19125d5797f17672f2a7fd2628f4b11566788b789cfcde9812caca70705c56d

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\GD\Resources\DungeonSheet-hd.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2728
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2268
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2740
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:596

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1be316edeabddab7fb872c245a04c951

    SHA1

    57c3b79fca47263e15d7381da98a080849a8fea0

    SHA256

    1469128841dad975de60b60b5f7d8ed905394a8addb6b759b95bd215a09254b0

    SHA512

    0afe8e87aff1ff4a95b027a31178824fc06f44b268be4c82c040ec02e0f7056e9b79cde4e4be51206b05e91bf9e7da24bb7e64dda74690450e39042301dd618f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    df757ab20b9b8e2b940eb17c731166b3

    SHA1

    99bc45ef6b4496d0cdadabc6a5f0d271381801b2

    SHA256

    4735d194776540193e585bd0f5a18e566581d5866ed52124f6f95da8d0eac574

    SHA512

    9620da7f610ed84e82a178e8fe122a3d8e5f3212964606086db9d1ef2d7c046ea9b0d5672817ca9ee4d5352f0386bb5f5610dfb1414536eace88cf3debe68a8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0816799a99e60158263813310bd41f8a

    SHA1

    c848e1bb0180abf06f84aad7adfb0a90cee6e124

    SHA256

    4a0b16538c870a2f077f10b77276d076837af052fa5adc657f73b0828a2751f7

    SHA512

    6ab3a3ce740f777472a92d2273481060cb095b81e5d4ecd6486535a49f342ba5acf58fef469ffb49d84e32f1855ffc766dcecf1d8d8d64736b67b4f8b5c25da2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d6d6eec6b89b0fc7b149cfa4c723db5a

    SHA1

    f5c46da03570009849e2a52ae2db1c6bc0677688

    SHA256

    4e97139440a8169a7379a42ae5a6fa9fc3e7d85183e60b97c1272e79561973e8

    SHA512

    14d55fd3565f41a6785ea1ff2de96ed8f5f2a5e6a637278906d60ef17daf8ecd374a9f287b642fcdea2d16db9929b2bd0a3524c100fd2dc4d01e2f84432e6580

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e836540c3a2420d22061db589d2c8025

    SHA1

    4c77d8f3237bd815b3c7df83f948186895cfa12b

    SHA256

    9297b0d3b7b8a6e0169fdb18edd21d8f49a834c78f418ee7442e63a54b07c072

    SHA512

    7ff9d45ee4059f8b4bd729402ffaefbedcf502a7ba8ea077f81d19c57db116e2cbe1abb7bed5b6fa4d64da8b9946e8621c5252d34d6d70b9d4628cc7fc09f685

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d316f95dc66886431c836cc497bbf2c8

    SHA1

    34a25111f136a2424f9088c2116198452c826db5

    SHA256

    d974e44987c1232822fb96dc7de6b47e4c2646a580732cccf2ea2bdeffe347df

    SHA512

    1ebbd1441c48fc1a1ec51c447d9f51d897f5c772268f52bcacd5655ab117c38c686ae193d5e549bf9d488561285f67d2b8d2ba00c3d1cbdf19e554fbad9a78df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    10932c06a76dffdfa943b71e9e725507

    SHA1

    ad5d3b49eab2d141e20d76d5b57a1b26b07057c9

    SHA256

    7f6662513ee2edc01067448c9eaa6ce6fa6b831d59173b792e846cee4a5634a8

    SHA512

    e5e4104fd68ef9e0b0ec19228c81a5223cfaa526138992e9905d59726d734b482e815b8eaaca535af8f14d3a1b8aba55cda3db7f14168c2cb5c1d675990b338e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0663ebe9d5361a9683c5a7f045a5f1c0

    SHA1

    5acd854b56680c08c09b4f26a83c7728cfc224f9

    SHA256

    ec8fc4cefc56ce0a7649ce7bc92e839c476b0aa7fb75d79da6945b0a01a50a5a

    SHA512

    e4bcc8715d6255043003c715da4407a4bcafa00019601a80e5938ca7fc0b8fe349c8af42d98fa519c2fdca878bdf70676f6ac5c5d733b96e74fc08c9594792ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ffa4aeb33a4d2d724663668b079d6cbd

    SHA1

    2619d03d929ffd14f61f833a0e91e1bb3abd679b

    SHA256

    2e1acb89ddd799f3f23e850d126c10707ac3cae558362d995dc8c2d8d63970b3

    SHA512

    c4273608c052f675b0f19b18c30701e0706b7596691ef0a492b1d01d670244ee6a94d87aaa8a879184bde114c9e7d372e74f14fd5593686b7e09845ddaa64c68

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULULORKV\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabACA7.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB33F.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\1FLROLXS.txt
    Filesize

    606B

    MD5

    5d526f8cc57a2168390444f9600b0e59

    SHA1

    360da0ca91db2ddeacf7bf00ab64df4ba1b729c5

    SHA256

    04a9786ba9314e4d594d36ce4966e9260c87c7b838b15c0dcc2b8e7af4ee5c52

    SHA512

    f3ea0f4f123807553dfdb6ad9b707f6bcb3a463ace41dfea22bef755776643b7f606fb06eec7eae9ce9d46d48a45d8c118facd74c1a0e4bf951b47f3a31f9e23

    Download Submit