Overview

overview

7

Static

static

3

geometrydash.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1797s
  • max time network
    1168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/04/2024, 11:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    geometrydash.exe

  • Size

    25.2MB

  • MD5

    ea35b2b268cf13e11a557aec8fd20552

  • SHA1

    46aafe4ed67bbfbb2da0e7ce5fa01b497deba5eb

  • SHA256

    3d40d3891da9487cbefa54922209a0dacf6e8809dac0547b2484d7256857760b

  • SHA512

    ef1b0c2e80f493bd2c0480ce63e696e1b4ae9f0ae4782ec9c18908c178fc460d26d2bc9c9be1b7eca55a16cd0e8dafc50b651075f2effee66eb55210a3f948f2

  • SSDEEP

    393216:4nztg5o+szmx4EmpiwjMhdBooT6U7i9E1Bznrt93Y0yBa3tWovE0wHKhv4LZn6Q+:gQo+szlEmDgdhVAIXDtCa918HKhIBgEq

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\geometrydash.exe
    "C:\Users\Admin\AppData\Local\Temp\geometrydash.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:3300
  • C:\Windows\System32\GameBarPresenceWriter.exe
    "C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
    1⤵
      PID:3200
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2268
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x52c 0x478
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2320

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\46d31d97-cc89-4e7a-ba67-42e98910c09b.FusionApp\Easing.mfx
      Filesize

      168KB

      MD5

      052d1c7eed7b50a18eddc10dfad3ae22

      SHA1

      6f88687f930e73106d2b8af00f5317eca74e0c61

      SHA256

      1b5e79e999c4cff19fe0260bdeaeeaea0fcda6057bf6d17bf0f121e9797d20ef

      SHA512

      ef89c692a47d2ad66d6f4e722e9b330a85cca0faea2f022abfc3da3c1d32fc7c0cf01d6a6e36fddd0b82c97eebc707c9e00e2431792d551b7178fb8d50452966

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\46d31d97-cc89-4e7a-ba67-42e98910c09b.FusionApp\Platform.mfx
      Filesize

      21KB

      MD5

      f028a9790936f628964ffb256405aebb

      SHA1

      2dbecca5034f39a78e88cdf962208f742ff43302

      SHA256

      722e0aeb4d6424e95df58c01e5b787a7bcc0b1e1f1c0cf86b18388c42980cfcd

      SHA512

      f0d3d204e8ec563092d4dbb60dce0370acda92fe39b07e8f021dbc28f56041dc8ddc382b1326cfa8fb694a16a57ebdc56f0824cbf5c9abbe47498e973bff3b32

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\46d31d97-cc89-4e7a-ba67-42e98910c09b.FusionApp\mmf2d3d9.dll
      Filesize

      1.1MB

      MD5

      72bb9180f8905c0da95566b778cdac5e

      SHA1

      e96145e8120514092b35f67f1f120b958997f921

      SHA256

      3cde7a9181ab63a42cd3535d279d0ab1397b7b78fa3ddddef832757ab2024101

      SHA512

      c2c8d8c74c53a78545e69f27a7fe1a6d1291888158962e93e16e6ec9950f86e74c68bd2eb50d04db0bff58e8dc93455aa384245991c5afe34abee36fef53710f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\46d31d97-cc89-4e7a-ba67-42e98910c09b.FusionApp\mmfs2.dll
      Filesize

      510KB

      MD5

      1e0e5acec2f2d3567c40491e39aa8f50

      SHA1

      101ec3bbd32c005b12b38c0f7988faa9329a019f

      SHA256

      6c9ff6036404e71b0bc2c12bc739eeef0d9200925f5796487af2aa4ef5c5ef97

      SHA512

      80bbdd2dcc44494a53b14098b7e99db7c20b40650938454105b423e70906ad7371274ed73d3fccd114b9396112a695aebf37f6916976a972154cd562d10e01de

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\46d31d97-cc89-4e7a-ba67-42e98910c09b.FusionApp\mp3flt.sft
      Filesize

      24KB

      MD5

      dadc138be9d36e6e4b8e4bf9ef2de4bc

      SHA1

      2758db786c544ec7889f26edf9bc4634c9240af0

      SHA256

      ddeafda7b28bf7545e3ba164aa4a74219eb961c36bb974e0f5085a07daf18f44

      SHA512

      63a21c5eda225c7fb8a67595c3180d4fdc1bc37d3b45f839e1b562ef946bf5b2237a9ff17c3f6f5de489779bbb9652ac2a1a74b83f153883bd436756acf249e1

      Download Submit

    • memory/3300-14-0x0000000002660000-0x0000000002690000-memory.dmp

      Filesize

      192KB

      Download