Overview

overview

3

Static

static

3

Geometry D...hd.xml

windows7-x64

1

Geometry D...hd.xml

windows10-2004-x64

3

Geometry D...hd.xml

windows7-x64

1

Geometry D...hd.xml

windows10-2004-x64

3

Geometry D...et.xml

windows7-x64

1

Geometry D...et.xml

windows10-2004-x64

3

Geometry D...hd.xml

windows7-x64

1

Geometry D...hd.xml

windows10-2004-x64

3

Geometry D...hd.xml

windows7-x64

1

Geometry D...hd.xml

windows10-2004-x64

3

Geometry D...01.xml

windows7-x64

1

Geometry D...01.xml

windows10-2004-x64

3

Geometry D...ta.xml

windows7-x64

1

Geometry D...ta.xml

windows10-2004-x64

1

Geometry D...wn.xml

windows7-x64

1

Geometry D...wn.xml

windows10-2004-x64

3

Geometry D...ta.xml

windows7-x64

1

Geometry D...ta.xml

windows10-2004-x64

3

Geometry D...hd.xml

windows7-x64

1

Geometry D...hd.xml

windows10-2004-x64

3

Geometry D...hd.xml

windows7-x64

1

Geometry D...hd.xml

windows10-2004-x64

3

Geometry D...et.xml

windows7-x64

1

Geometry D...et.xml

windows10-2004-x64

3

Geometry D...01.xml

windows7-x64

1

Geometry D...01.xml

windows10-2004-x64

3

Geometry D...02.xml

windows7-x64

1

Geometry D...02.xml

windows10-2004-x64

3

Geometry D...03.xml

windows7-x64

1

Geometry D...03.xml

windows10-2004-x64

3

Geometry D...hd.xml

windows7-x64

1

Geometry D...hd.xml

windows10-2004-x64

3

Analysis

  • max time kernel
    142s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    16/08/2023, 01:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Geometry Dash/Resources/SecretSheet.xml

  • Size

    8KB

  • MD5

    7eca932fc2d95fed5d4f10f0fd5e2fbf

  • SHA1

    357eca98a853c29d2f20bc4d4ca21bf800bd4053

  • SHA256

    e7e344f8af607b4fedc13c9e46e45d23d17366cf7e0c87fcc9b1771bb7fd4642

  • SHA512

    5943bd4f5071a2af1e1b32e5037f20047439ca3ed15a7b7c82ba8f76920bcd5d87b9c1bdcabf795efaf7ee3dcdf5c13fec670ff30597390e62906eec0212633e

  • SSDEEP

    96:/y+sYktkoxSYkEoN6GkYk2ZqCiGYcYkKKZLpKJYk/NLbaK7Yk/N20JkUYk/Nf/0D:a60b19i

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Geometry Dash\Resources\SecretSheet.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2636
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2956
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2972
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2108

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    db031aa9fddd90da943d8def42a0f857

    SHA1

    c190c3cb505f783d10fc88ec1132ae692a25bd7c

    SHA256

    44bd469ae3802df838b73e882ef9ec68b74ace8c2860dcb9186f46f86e894800

    SHA512

    0b6f726ee5308916b617bddd94d862c198b69a5389e83ef8bf5d0194a3a61b5726be2a8a8b2a4794351ed732179624c1e7098b152ee78e8d56cb14487dcd8f9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    764335fe9c47d86943aa491828d1f4cb

    SHA1

    c528d99e6c924372cdab342261ac897a6dd3ce6f

    SHA256

    50c63a011707e50810880342fec35cf0e9d1d82d35de468d5511fda1c91b25fe

    SHA512

    86a8de06a25348755a2077bdafe0f5a621f466c0ac982ad6507dadfd71a5d5420b1cf2cf5321751664c3a6acf78d47806f43168971709774cdbd7ed8919fc02c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fd9f90ba6e7a6c5ad0743e0ab20241d0

    SHA1

    acf34943ac660410438180c60c043027524b77e9

    SHA256

    2d6f6651224638577d2cacc5c51dcc9f282b092b0ec63aa2d79cd760c08ae456

    SHA512

    9a6da6eb0ddd1b82c1137b48c31a5828268ff5f86f00473d8eedd24ccdb111037c5eb1a57c8e31960b07aedf82da35e52c932c530f1e106ebfafc5fee89e3035

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c763072581fde4fd64f59986163baf44

    SHA1

    501c87d4e051814428e2a7f1e75225b3a101348a

    SHA256

    786282725708a75fa07b50ea57fa01d30abb8e0616094fcc74af8cac6e25e2e7

    SHA512

    1759851879d0fa14a8e62070be4b565a9bdbc7b4f105e5ba8d0f3f0c81691f5a84672ea3a830a76b0f4d4f6c6eabb54cb09e1d8929d377d3fc81263468fed0ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    450f7c15cfdc2647a9e0797932238725

    SHA1

    da8541e2eba010ef4f9629bb2ba902901670931e

    SHA256

    147f1da9eb735fb9b68d372a81a8868465bc7aac11b3d151c141f48f95a5de8c

    SHA512

    cefbc6d93cf112904308d475ee5c13593c5eb0fa3ba839713bc0e8c82324a035b132e3bd918e5399c48e3bc114f880c8b7dd93920c7ebb65d9e14d259424390f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9c96669d1a8d6d189e4eb1355547a7ed

    SHA1

    e5a32179838c324ae25556426a4f61ad37200375

    SHA256

    641f4ef6d4cd65681bc8267dae596530faaad1dd3c5b8920c6237bbcef90f63f

    SHA512

    93effed225100443b58c979db5f8f36bb9ba364155b018dedefec092b96bb3b97521c1e6e32d474df51dc0ae428e6984544d7384a851c28dc5f5276978da1f8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a1428a27518569a59e54d4a3b56cbdde

    SHA1

    c5f0cece50318fa94683aa6359cfe614aee5345b

    SHA256

    54afa34eb38eec2246c32b436bfa5b00b4f19a6c9da2ffb9828815243ea67ef1

    SHA512

    c9d999974825f3e8047d66e20aefe92e9e614ac7d4fbac7126297bdaa00f14679218536c7526d0bea437f4732866aff25e142ef9ed39272cd80891c74cde86a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e336b599d5b2caabea630148d757dc63

    SHA1

    943a978f43b4cb5493ec92203f91cae8e7fbf04d

    SHA256

    d7e7dcc243978b8d3c7d95bb34b64abf4e5e6b46964c9d370911cadbd866b243

    SHA512

    b7523f9be29b00c422dc8092d5bedfc901eff4b3e4f0f92202e0b301fde7dc6a29a8ee3e107f0a0d93f02d63fca49291cd15ac8a290bdac47c2f7935a24036f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cea025152cdc54d706ac6b7dafcd5825

    SHA1

    23ec277dda6e3f9830f4c0b5c3cd0f825999d537

    SHA256

    af541a2f91ee3ccf4a05a320c0a13ee215296c9d5832631da561b4bc1ff3c33d

    SHA512

    4d790e40e2c12de894322c6fa99df861e4808fb2528c306bc5cc2b69c77c1d956d5c522f538fd6d4c2d2cf3181eb3a267b182067d5d91ec05a89a0c3bf41facd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9a5b3efbf241ec32b002da92cf729984

    SHA1

    c290e7d6bbbf4c76332752868f176904a518bbad

    SHA256

    3349f496e7d61f19e412c93020929672a60a60d9f6f5b6afdf54d70dce1c1492

    SHA512

    ace91e6fb147c6d4cd6f82b7386e60d713dfe9790ce1f60f15749ec36ec6cdc1712ea0949d310127eb716fe5fefe9f9e2f1caa9f872a03db12ae35ca446cc7df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f0d211fa12aa76f9c829bceaf56cfa1f

    SHA1

    a4ba63ba51e2e5a8433b9cebe6932c0ef16499d4

    SHA256

    3600f9ae44a7097909a17efb8853931ca919a3c1facea3f999d7dbbf4d7427f5

    SHA512

    8ab606ce9f88540f0d816cd0f14e94821fc6c3ec4bee5ca932d43f3761495bd9fc65e9683de7cfcf5c9cd7e1167f87904dfbc387289dfea5b169613ac93ed289

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCEE6.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCF37.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit