Overview
overview
8Static
static
7Geometry D...st.xml
windows10-1703-x64
1Geometry D...st.xml
windows10-1703-x64
1Geometry D...ct.xml
windows10-1703-x64
1Geometry D...01.xml
windows10-1703-x64
1Geometry D...ll.xml
windows10-1703-x64
1Geometry D...it.xml
windows10-1703-x64
1Geometry D...ct.xml
windows10-1703-x64
1Geometry D...ep.ps1
windows10-1703-x64
1Geometry D...fo.dll
windows10-1703-x64
1Geometry D...od.dll
windows10-1703-x64
3Geometry D...32.dll
windows10-1703-x64
3Geometry D...nv.dll
windows10-1703-x64
3Geometry D...ns.dll
windows10-1703-x64
8Geometry D...2d.dll
windows10-1703-x64
3Geometry D...rl.dll
windows10-1703-x64
8Geometry D...rl.dll
windows10-1703-x64
3Geometry D...ff.dll
windows10-1703-x64
1Geometry D...32.dll
windows10-1703-x64
1Geometry D...00.dll
windows10-1703-x64
3Geometry D...20.dll
windows10-1703-x64
3Geometry D...00.dll
windows10-1703-x64
3Geometry D...20.dll
windows10-1703-x64
3Geometry D...E2.dll
windows10-1703-x64
1Geometry D...dr.dll
windows10-1703-x64
1Geometry D....5.dll
windows10-1703-x64
1Geometry D....4.dll
windows10-1703-x64
1Geometry D...er.dll
windows10-1703-x64
8Geometry D...et.dll
windows10-1703-x64
1Geometry D...e3.dll
windows10-1703-x64
3Geometry D...pi.dll
windows10-1703-x64
1Geometry D...ts.dll
windows10-1703-x64
3Geometry D...b1.dll
windows10-1703-x64
3Analysis
-
max time kernel
136s -
max time network
145s -
platform
windows10-1703_x64 -
resource
win10-20230915-en -
resource tags
arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system -
submitted
19/09/2023, 18:38
Static task
static1
Behavioral task
behavioral1
Sample
Geometry Dash/Resources/speedEffect_vfast.xml
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral2
Sample
Geometry Dash/Resources/speedEffect_vvfast.xml
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral3
Sample
Geometry Dash/Resources/starEffect.xml
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral4
Sample
Geometry Dash/Resources/starEffect01.xml
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral5
Sample
Geometry Dash/Resources/starFall.xml
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral6
Sample
Geometry Dash/Resources/stoneHit.xml
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral7
Sample
Geometry Dash/Resources/trailEffect.xml
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral8
Sample
Geometry Dash/Resources/xStep.ps1
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral9
Sample
Geometry Dash/betterinfo/v2/betterinfo.dll
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral10
Sample
Geometry Dash/fmod.dll
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral11
Sample
Geometry Dash/glew32.dll
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral12
Sample
Geometry Dash/iconv.dll
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral13
Sample
Geometry Dash/libExtensions.dll
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral14
Sample
Geometry Dash/libcocos2d.dll
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral15
Sample
Geometry Dash/libcurl.dll
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral16
Sample
Geometry Dash/libcurl.dll
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral17
Sample
Geometry Dash/libtiff.dll
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral18
Sample
Geometry Dash/minhook.x32.dll
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral19
Sample
Geometry Dash/msvcp100.dll
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral20
Sample
Geometry Dash/msvcp120.dll
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral21
Sample
Geometry Dash/msvcr100.dll
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral22
Sample
Geometry Dash/msvcr120.dll
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral23
Sample
Geometry Dash/pthreadVCE2.dll
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral24
Sample
Geometry Dash/quickldr.dll
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral25
Sample
Geometry Dash/quickldr/BetterEdit-v4.0.5.dll
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral26
Sample
Geometry Dash/quickldr/GDShare-v0.3.4.dll
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral27
Sample
Geometry Dash/quickldr/betterinfo-wrapper.dll
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral28
Sample
Geometry Dash/sdkencryptedappticket.dll
Resource
win10-20230831-en
windows10-1703-x64
Behavioral task
behavioral29
Sample
Geometry Dash/sqlite3.dll
Resource
win10-20230915-en
windows10-1703-x64
Behavioral task
behavioral30
Sample
Geometry Dash/steam_api.dll
Resource
win10-20230831-en
windows10-1703-x64
Behavioral task
behavioral31
Sample
Geometry Dash/websockets.dll
Resource
win10-20230831-en
windows10-1703-x64
Behavioral task
behavioral32
Sample
Geometry Dash/zlib1.dll
Resource
win10-20230831-en
windows10-1703-x64
General
-
Target
Geometry Dash/quickldr/betterinfo-wrapper.dll
-
Size
454KB
-
MD5
f7894cfef5841f4187bc7e9e85ac519f
-
SHA1
639f83342d414ada4ed98d490d79d7db80183031
-
SHA256
32c00ec5e2f9b20ba9126e7de3ed49b0a54660176adee8e493ecdd6b08f42ddd
-
SHA512
c5ed13d4f01282ef310b11019db8710b80525a2a1ff026956221d97a5bff6111953145b1a84d10f6d44e339313ab6c1567491ee5908568debe17ee095f785b19
-
SSDEEP
12288:f5Nz6eEOQeG4L0zTtlLhoRehjivmKpCoWDGE8KvTPMqq3W1UNG:RB6neG0WGE8KvTPMq/uNG
Malware Config
Signatures
-
Blocklisted process makes network request 28 IoCs
flow pid Process 3 4320 rundll32.exe 5 4320 rundll32.exe 10 4320 rundll32.exe 11 4320 rundll32.exe 13 4320 rundll32.exe 16 4320 rundll32.exe 17 4320 rundll32.exe 22 4320 rundll32.exe 24 4320 rundll32.exe 26 4320 rundll32.exe 28 4320 rundll32.exe 31 4320 rundll32.exe 32 4320 rundll32.exe 35 4320 rundll32.exe 37 4320 rundll32.exe 38 4320 rundll32.exe 43 4320 rundll32.exe 45 4320 rundll32.exe 48 4320 rundll32.exe 50 4320 rundll32.exe 51 4320 rundll32.exe 53 4320 rundll32.exe 55 4320 rundll32.exe 57 4320 rundll32.exe 60 4320 rundll32.exe 67 4320 rundll32.exe 69 4320 rundll32.exe 71 4320 rundll32.exe -
Downloads MZ/PE file
-
Loads dropped DLL 2 IoCs
pid Process 4320 rundll32.exe 4320 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3524 wrote to memory of 4320 3524 rundll32.exe 69 PID 3524 wrote to memory of 4320 3524 rundll32.exe 69 PID 3524 wrote to memory of 4320 3524 rundll32.exe 69
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Geometry Dash\quickldr\betterinfo-wrapper.dll",#11⤵
- Suspicious use of WriteProcessMemory
PID:3524 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Geometry Dash\quickldr\betterinfo-wrapper.dll",#12⤵
- Blocklisted process makes network request
- Loads dropped DLL
PID:4320
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
531KB
MD55881497cfe50f075bfa86344febf4028
SHA18dd1ea3a4b194ad4bbc963b7e4d668816aaa6c5e
SHA25694171d8ab49f8ef517eb28c851ce94738f9e5b17112082088b0591f29f62bcb6
SHA512ce950afd9c6009c4c220138b08348ce261ee0f26bc46c1d5c195a1b828d8436ad2e36f0913774b190658504e9eab39fa7ddf79b52bc5e975bf4b3b8279aa1652
-
Filesize
18KB
MD571d921951eb008c82cc6b98ce71f2c67
SHA191fa98d3496e5474123c94a0980a03c53dc567e8
SHA25680b6a91f55324f5907a9f4305ff46eef36197008fd4dd954ef9388c1d3307ff7
SHA512d8e294f90bb7178b69c03cfb817aeb65cec08e7fbfabbe6dd5e739e6fce94add8b37c5d3d98a109b597fc01e917d1e12b1f19df2f19fbd65b63e867be5620843