Overview

overview

6

Static

static

3

Geometry D...11.zip

windows10-2004-x64

1

Geometry D...sc.xml

windows10-2004-x64

1

Geometry D...MD.xml

windows10-2004-x64

1

Geometry D...sc.xml

windows10-2004-x64

1

Geometry D...ts.mp3

windows10-2004-x64

6

Geometry D...ck.mp3

windows10-2004-x64

6

Geometry D...se.mp3

windows10-2004-x64

6

Geometry D...de.mp3

windows10-2004-x64

6

Geometry D....plist

windows10-2004-x64

3

Geometry D...ng.mp3

windows10-2004-x64

6

Geometry D...hd.xml

windows10-2004-x64

1

Geometry D...hd.png

windows10-2004-x64

3

Geometry D...hd.xml

windows10-2004-x64

1

Geometry D...hd.png

windows10-2004-x64

3

Geometry D...et.xml

windows10-2004-x64

1

Geometry D...et.png

windows10-2004-x64

3

Geometry D...ls.dat

windows10-2004-x64

3

Geometry D...Go.mp3

windows10-2004-x64

6

Geometry D...ep.mp3

windows10-2004-x64

6

Geometry D...nk.mp3

windows10-2004-x64

6

Geometry D...es.mp3

windows10-2004-x64

6

Geometry D...ub.mp3

windows10-2004-x64

6

Geometry D...ed.mp3

windows10-2004-x64

6

Geometry D...ut.mp3

windows10-2004-x64

6

Geometry D...hd.xml

windows10-2004-x64

1

Geometry D...hd.png

windows10-2004-x64

3

Geometry D...hd.xml

windows10-2004-x64

1

Geometry D...hd.png

windows10-2004-x64

3

Geometry D...et.xml

windows10-2004-x64

1

Geometry D...et.png

windows10-2004-x64

3

Geometry D...es.mp3

windows10-2004-x64

6

Geometry D...ix.mp3

windows10-2004-x64

6

Analysis

  • max time kernel
    1792s
  • max time network
    1163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    24/10/2023, 02:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Geometry Dash v2.11/Geometry Dash v2.11/Resources/DryOut.mp3

  • Size

    1.3MB

  • MD5

    91d4f605f41b015b78f19d78847d199a

  • SHA1

    70bdb8156f8689c8e71f65c71d642f39dcd03bbc

  • SHA256

    0b2860dea77e9151af9e6197b1e52cc9544e9ef196a0db484123f40a78d53604

  • SHA512

    4650e6bf0da0a577d5fb424db1d51da5e477cfdae8f81af7583c97dcc4b266109e389afa5a293a913aeb34c7d6932c8849a5dfcf1485ebc9c9aa947993ad1383

  • SSDEEP

    24576:Aw2W0AdnlQbPi+qsQwEWL1j/IZo3VqMHg/s1Qmg3/1:H2WprE3qcEWRgZoFhAZv3d

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Geometry Dash v2.11\Geometry Dash v2.11\Resources\DryOut.mp3"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:864
    • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
      "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Geometry Dash v2.11\Geometry Dash v2.11\Resources\DryOut.mp3"
      2⤵
        PID:3792
      • C:\Windows\SysWOW64\unregmp2.exe
        "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1320
        • C:\Windows\system32\unregmp2.exe
          "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
          3⤵
          • Enumerates connected drives
          • Suspicious use of AdjustPrivilegeToken
          PID:3824

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
      Filesize

      256KB

      MD5

      551783e3886854b43c605087ed086858

      SHA1

      db1555275bb9f6986d25ab41322912331d138cba

      SHA256

      c8ae1c0084b89a3b5b28303a9d42cc1b0a9f62ab9a1aa631efb12148a7fcceaf

      SHA512

      e8e09ba7e2fa13a8285097cd298e0c606c7e49c2127b036956884d90d9add7e59d3d0bfa75b58891f87e0687f33ce1b5dded8cfab1ab8a9f36c8af13470fa85d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
      Filesize

      9KB

      MD5

      7050d5ae8acfbe560fa11073fef8185d

      SHA1

      5bc38e77ff06785fe0aec5a345c4ccd15752560e

      SHA256

      cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

      SHA512

      a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
      Filesize

      1KB

      MD5

      1ca2f673ffe8ff7256027557908047b9

      SHA1

      a8e65cece12c97f014b9cd87cd0f58ca68b325dc

      SHA256

      1dfc947b77e765f392b7b6817659de66bda13b6893d47360de1944c7bf9134b7

      SHA512

      6b10ba43ef637c90152ca8e0f4eba06608177e080980e65ab4fa5a32a434378e3ec73bf3f70284995eafbd67c28705cfd76e92cb987a725b5e82fc4ca4ee4097

      Download Submit