Overview

overview

8

Static

static

3

geode-inst...in.exe

windows10-1703-x64

geode-inst...in.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows10-1703-x64

8

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-1703-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows10-1703-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Geode.dll

windows10-1703-x64

1

Geode.dll

windows10-2004-x64

1

GeodeUninstaller.exe

windows10-1703-x64

7

GeodeUninstaller.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows10-1703-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-1703-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows10-1703-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

GeodeUpdater.exe

windows10-1703-x64

1

GeodeUpdater.exe

windows10-2004-x64

1

VC_redist.x86.exe

windows10-1703-x64

4

VC_redist.x86.exe

windows10-2004-x64

4

XInput9_1_0.dll

windows10-1703-x64

1

XInput9_1_0.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    1725s
  • max time network
    1182s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-03-2024 06:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    geode-installer-v2.0.0-beta.22-win.exe

  • Size

    25.2MB

  • MD5

    22d4c8570252cb5f3b4a0213038d5de1

  • SHA1

    62d93ddb19bdf8913d058719f40859e5b6eb2b9a

  • SHA256

    87ea69570136c63736d95fd3950e11c67fd37ab1053410bc9e4aca66805a4cd9

  • SHA512

    d21a1ef49defa738795b753ae52adc0187bcd90a632a9c4356731d4eef3956191bc8ed0c19ce383004b2fbefd8aa1e2246b1f15ce13b069ab27f1b61a62c1c91

  • SSDEEP

    786432:ubykU7bkuYNrDrDntXB7Ep+zJfKcf2zuP95:uekaGrXDntXB7E4zH2895

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\geode-installer-v2.0.0-beta.22-win.exe
    "C:\Users\Admin\AppData\Local\Temp\geode-installer-v2.0.0-beta.22-win.exe"
    1⤵
    • Loads dropped DLL
    PID:2372
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:2004
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2784

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsd3624.tmp\LangDLL.dll
      Filesize

      5KB

      MD5

      50016010fb0d8db2bc4cd258ceb43be5

      SHA1

      44ba95ee12e69da72478cf358c93533a9c7a01dc

      SHA256

      32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e

      SHA512

      ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsd3624.tmp\nsDialogs.dll
      Filesize

      9KB

      MD5

      1d8f01a83ddd259bc339902c1d33c8f1

      SHA1

      9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

      SHA256

      4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

      SHA512

      28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

      Download Submit

    • memory/2784-14-0x00000233F5150000-0x00000233F5160000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2784-30-0x00000233F5250000-0x00000233F5260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2784-46-0x00000233FD840000-0x00000233FD841000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-47-0x00000233FD860000-0x00000233FD861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-48-0x00000233FD860000-0x00000233FD861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-49-0x00000233FD860000-0x00000233FD861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-50-0x00000233FD860000-0x00000233FD861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-51-0x00000233FD860000-0x00000233FD861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-52-0x00000233FD860000-0x00000233FD861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-53-0x00000233FD860000-0x00000233FD861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-54-0x00000233FD860000-0x00000233FD861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-55-0x00000233FD860000-0x00000233FD861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-56-0x00000233FD860000-0x00000233FD861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-57-0x00000233FD490000-0x00000233FD491000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-58-0x00000233FD480000-0x00000233FD481000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-60-0x00000233FD490000-0x00000233FD491000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-63-0x00000233FD480000-0x00000233FD481000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-66-0x00000233FD3C0000-0x00000233FD3C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-78-0x00000233FD5C0000-0x00000233FD5C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-80-0x00000233FD5D0000-0x00000233FD5D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-81-0x00000233FD5D0000-0x00000233FD5D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-82-0x00000233FD6E0000-0x00000233FD6E1000-memory.dmp

      Filesize

      4KB

      Download