Overview

overview

3

Static

static

3

Geometry D...hd.xml

windows7-x64

1

Geometry D...hd.xml

windows10-2004-x64

3

Geometry D...hd.xml

windows7-x64

1

Geometry D...hd.xml

windows10-2004-x64

3

Geometry D...et.xml

windows7-x64

1

Geometry D...et.xml

windows10-2004-x64

3

Geometry D...hd.xml

windows7-x64

1

Geometry D...hd.xml

windows10-2004-x64

3

Geometry D...hd.xml

windows7-x64

1

Geometry D...hd.xml

windows10-2004-x64

3

Geometry D...01.xml

windows7-x64

1

Geometry D...01.xml

windows10-2004-x64

3

Geometry D...ta.xml

windows7-x64

1

Geometry D...ta.xml

windows10-2004-x64

1

Geometry D...wn.xml

windows7-x64

1

Geometry D...wn.xml

windows10-2004-x64

3

Geometry D...ta.xml

windows7-x64

1

Geometry D...ta.xml

windows10-2004-x64

3

Geometry D...hd.xml

windows7-x64

1

Geometry D...hd.xml

windows10-2004-x64

3

Geometry D...hd.xml

windows7-x64

1

Geometry D...hd.xml

windows10-2004-x64

3

Geometry D...et.xml

windows7-x64

1

Geometry D...et.xml

windows10-2004-x64

3

Geometry D...01.xml

windows7-x64

1

Geometry D...01.xml

windows10-2004-x64

3

Geometry D...02.xml

windows7-x64

1

Geometry D...02.xml

windows10-2004-x64

3

Geometry D...03.xml

windows7-x64

1

Geometry D...03.xml

windows10-2004-x64

3

Geometry D...hd.xml

windows7-x64

1

Geometry D...hd.xml

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    173s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/08/2023, 01:43 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Geometry Dash/Resources/SecretSheet-uhd.xml

  • Size

    9KB

  • MD5

    58b19583b080b8b31466e9e85db69945

  • SHA1

    2d53890f00d2855543e048a407f2ff3911777808

  • SHA256

    41a147659aafd6970a2c18bf3e68f10b0bd1cbb24da5acb7d7b2f910f717c5dd

  • SHA512

    5cbd2000477c6748b837f541e49d0b1f75a7228d10822dfe40e65b9a1eea189654fa146de3376e2390a555ee4bb54ca1ced50f9ccfa159348ac9addde63c8846

  • SSDEEP

    96:/y+sYkPlhV8SYkCxGikYkVVWUZcYkYC6VzXJYk/N+cYK7Yk/NKIl93Yk0ojx2Ykx:arjS

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Geometry Dash\Resources\SecretSheet-uhd.xml"
    1⤵
      PID:2652
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 2652 -s 476
        2⤵
        • Program crash
        PID:3716
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -pss -s 408 -p 2652 -ip 2652
      1⤵
        PID:1408

      Network

      • flag-us
        DNS
        59.128.231.4.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        59.128.231.4.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        8.3.197.209.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        8.3.197.209.in-addr.arpa
        IN PTR
        Response
        8.3.197.209.in-addr.arpa
        IN PTR
        vip0x008map2sslhwcdnnet
      • flag-us
        DNS
        108.211.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        108.211.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        69.31.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        69.31.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        158.240.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        158.240.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        26.165.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.165.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        18.31.95.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.31.95.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        254.49.247.8.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        254.49.247.8.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        86.8.109.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        86.8.109.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        11.173.189.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        11.173.189.20.in-addr.arpa
        IN PTR
        Response
      No results found
      • 8.8.8.8:53
        59.128.231.4.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        59.128.231.4.in-addr.arpa

      • 8.8.8.8:53
        8.3.197.209.in-addr.arpa
        dns
        70 B
         111 B
         1
        1

        DNS Request

        8.3.197.209.in-addr.arpa

      • 8.8.8.8:53
        108.211.229.192.in-addr.arpa
        dns
        74 B
         145 B
         1
        1

        DNS Request

        108.211.229.192.in-addr.arpa

      • 8.8.8.8:53
        69.31.126.40.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        69.31.126.40.in-addr.arpa

      • 8.8.8.8:53
        158.240.127.40.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        158.240.127.40.in-addr.arpa

      • 8.8.8.8:53
        26.165.165.52.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        26.165.165.52.in-addr.arpa

      • 8.8.8.8:53
        18.31.95.13.in-addr.arpa
        dns
        70 B
         144 B
         1
        1

        DNS Request

        18.31.95.13.in-addr.arpa

      • 8.8.8.8:53
        254.49.247.8.in-addr.arpa
        dns
        71 B
         125 B
         1
        1

        DNS Request

        254.49.247.8.in-addr.arpa

      • 8.8.8.8:53
        86.8.109.52.in-addr.arpa
        dns
        70 B
         144 B
         1
        1

        DNS Request

        86.8.109.52.in-addr.arpa

      • 8.8.8.8:53
        11.173.189.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        11.173.189.20.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2652-133-0x00007FFE134D0000-0x00007FFE134E0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2652-134-0x00007FFE53450000-0x00007FFE53645000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2652-135-0x00007FFE53450000-0x00007FFE53645000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2652-136-0x00007FFE50DD0000-0x00007FFE51099000-memory.dmp

        Filesize

        2.8MB

        Download

      • memory/2652-137-0x00007FFE134D0000-0x00007FFE134E0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2652-138-0x00007FFE53450000-0x00007FFE53645000-memory.dmp

        Filesize

        2.0MB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.