Overview
overview
8Static
static
3geode-inst...in.exe
windows10-1703-x64
geode-inst...in.exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows10-1703-x64
8$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows10-1703-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows10-1703-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3Geode.dll
windows10-1703-x64
1Geode.dll
windows10-2004-x64
1GeodeUninstaller.exe
windows10-1703-x64
7GeodeUninstaller.exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows10-1703-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows10-1703-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows10-1703-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3GeodeUpdater.exe
windows10-1703-x64
1GeodeUpdater.exe
windows10-2004-x64
1VC_redist.x86.exe
windows10-1703-x64
4VC_redist.x86.exe
windows10-2004-x64
4XInput9_1_0.dll
windows10-1703-x64
1XInput9_1_0.dll
windows10-2004-x64
1Analysis
-
max time kernel
1725s -
max time network
1182s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
22-03-2024 06:40
Static task
static1
Behavioral task
behavioral1
Sample
geode-installer-v2.0.0-beta.22-win.exe
Resource
win10-20240221-en
Behavioral task
behavioral2
Sample
geode-installer-v2.0.0-beta.22-win.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win10-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
Geode.dll
Resource
win10-20240221-en
Behavioral task
behavioral10
Sample
Geode.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
GeodeUninstaller.exe
Resource
win10-20240221-en
Behavioral task
behavioral12
Sample
GeodeUninstaller.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10-20240214-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/System.dll
Resource
win10-20240221-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10-20240221-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral19
Sample
GeodeUpdater.exe
Resource
win10-20240221-en
Behavioral task
behavioral20
Sample
GeodeUpdater.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
VC_redist.x86.exe
Resource
win10-20240221-en
Behavioral task
behavioral22
Sample
VC_redist.x86.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
XInput9_1_0.dll
Resource
win10-20240221-en
Behavioral task
behavioral24
Sample
XInput9_1_0.dll
Resource
win10v2004-20240226-en
General
-
Target
geode-installer-v2.0.0-beta.22-win.exe
-
Size
25.2MB
-
MD5
22d4c8570252cb5f3b4a0213038d5de1
-
SHA1
62d93ddb19bdf8913d058719f40859e5b6eb2b9a
-
SHA256
87ea69570136c63736d95fd3950e11c67fd37ab1053410bc9e4aca66805a4cd9
-
SHA512
d21a1ef49defa738795b753ae52adc0187bcd90a632a9c4356731d4eef3956191bc8ed0c19ce383004b2fbefd8aa1e2246b1f15ce13b069ab27f1b61a62c1c91
-
SSDEEP
786432:ubykU7bkuYNrDrDntXB7Ep+zJfKcf2zuP95:uekaGrXDntXB7E4zH2895
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
Processes:
geode-installer-v2.0.0-beta.22-win.exepid process 2372 geode-installer-v2.0.0-beta.22-win.exe 2372 geode-installer-v2.0.0-beta.22-win.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
svchost.exedescription pid process Token: SeManageVolumePrivilege 2784 svchost.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\geode-installer-v2.0.0-beta.22-win.exe"C:\Users\Admin\AppData\Local\Temp\geode-installer-v2.0.0-beta.22-win.exe"1⤵
- Loads dropped DLL
PID:2372
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:2004
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2784
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD550016010fb0d8db2bc4cd258ceb43be5
SHA144ba95ee12e69da72478cf358c93533a9c7a01dc
SHA25632230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e
SHA512ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233
-
Filesize
9KB
MD51d8f01a83ddd259bc339902c1d33c8f1
SHA19f7806af462c94c39e2ec6cc9c7ad05c44eba04e
SHA2564b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed
SHA51228bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567