Overview

overview

6

Static

static

3

Geometry D...11.zip

windows10-2004-x64

1

Geometry D...sc.xml

windows10-2004-x64

1

Geometry D...MD.xml

windows10-2004-x64

1

Geometry D...sc.xml

windows10-2004-x64

1

Geometry D...ts.mp3

windows10-2004-x64

6

Geometry D...ck.mp3

windows10-2004-x64

6

Geometry D...se.mp3

windows10-2004-x64

6

Geometry D...de.mp3

windows10-2004-x64

6

Geometry D....plist

windows10-2004-x64

3

Geometry D...ng.mp3

windows10-2004-x64

6

Geometry D...hd.xml

windows10-2004-x64

1

Geometry D...hd.png

windows10-2004-x64

3

Geometry D...hd.xml

windows10-2004-x64

1

Geometry D...hd.png

windows10-2004-x64

3

Geometry D...et.xml

windows10-2004-x64

1

Geometry D...et.png

windows10-2004-x64

3

Geometry D...ls.dat

windows10-2004-x64

3

Geometry D...Go.mp3

windows10-2004-x64

6

Geometry D...ep.mp3

windows10-2004-x64

6

Geometry D...nk.mp3

windows10-2004-x64

6

Geometry D...es.mp3

windows10-2004-x64

6

Geometry D...ub.mp3

windows10-2004-x64

6

Geometry D...ed.mp3

windows10-2004-x64

6

Geometry D...ut.mp3

windows10-2004-x64

6

Geometry D...hd.xml

windows10-2004-x64

1

Geometry D...hd.png

windows10-2004-x64

3

Geometry D...hd.xml

windows10-2004-x64

1

Geometry D...hd.png

windows10-2004-x64

3

Geometry D...et.xml

windows10-2004-x64

1

Geometry D...et.png

windows10-2004-x64

3

Geometry D...es.mp3

windows10-2004-x64

6

Geometry D...ix.mp3

windows10-2004-x64

6

Analysis

  • max time kernel
    1717s
  • max time network
    1168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    24-10-2023 02:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Geometry Dash v2.11/Geometry Dash v2.11/Resources/DJRubRub.mp3

  • Size

    546KB

  • MD5

    59eb62374f457e117d6a9c6459736c07

  • SHA1

    7a87a03a18e6c9fccd7ad5bf2abf5b859c9b7086

  • SHA256

    a6cc07375277f57db062b0453771608f80dc40443f74ee29ba3ef01164452c71

  • SHA512

    1f0da2eaa7c4a1ab1baa88ea9cdad8500d10df1c0b3fea58c2ffc774ab1989079d2029c92a5972bdc1adb0dcb0c3194af37e77ce701715beda97ea228c5f8dfc

  • SSDEEP

    12288:PY6uPMGQTmIftjEQInNrl1GKdKgQ6mWdOj4lEvM:AhXQTXjZ6N7GKUghmWg8WE

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Geometry Dash v2.11\Geometry Dash v2.11\Resources\DJRubRub.mp3"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2664
    • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
      "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Geometry Dash v2.11\Geometry Dash v2.11\Resources\DJRubRub.mp3"
      2⤵
        PID:8
      • C:\Windows\SysWOW64\unregmp2.exe
        "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:5044
        • C:\Windows\system32\unregmp2.exe
          "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
          3⤵
          • Enumerates connected drives
          • Suspicious use of AdjustPrivilegeToken
          PID:4984

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
      Filesize

      64KB

      MD5

      c289f7259baed12e33754d3026f684e1

      SHA1

      491afcac12a30761ab823f559da09e1334dc38e6

      SHA256

      445a2f0ea31d752d08b1793b371f5a3686852a6780e3f208f2a775799982d19f

      SHA512

      d9eba47afa6e659cdb82ba2d0c2310033e4cb1dc4aa2bad45d096acf74ed6d045f38661549765945bb7f48241c0f50b22315b8ea25a09336014a5e63b27a3ea7

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
      Filesize

      9KB

      MD5

      7050d5ae8acfbe560fa11073fef8185d

      SHA1

      5bc38e77ff06785fe0aec5a345c4ccd15752560e

      SHA256

      cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

      SHA512

      a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
      Filesize

      1KB

      MD5

      b9ea79e3f0d83c8cba9a22034afc0b6f

      SHA1

      adbfa08cdc6f35e2fdcaa084b2edef4a6e7593ba

      SHA256

      8e08e6a4612e92f6e75c5d6584adfbdc570ebdf24da2e18a67bd401a13a79305

      SHA512

      67f6c1be3a28fd37df8a7581588393dfbcb258c00ebab7283e5b35c2d94320fba4b7e16dfa20930c6dcde9426ca9cd804eabb59d6c2ee6d9cc30af3d98051e19

      Download Submit