Overview

overview

7

Static

static

1

geek.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    12s
  • max time network
    14s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    23-05-2024 06:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    geek.exe

  • Size

    6.7MB

  • MD5

    ef78997488e6121971404a3f25686fee

  • SHA1

    53a260990106e5271cb525f87be008e299beaa85

  • SHA256

    d96df1051e62aa40baefd51235be45f8038745582a5d3428b63123fd2ced60db

  • SHA512

    8a021950ae41a76659cacdba57d4a090b839dc9a39866b1ca3b6efc533d2542cdb40dbf5004c58d1793329a60126052d7372b0b3d4e9165cfa48938f0e77e573

  • SSDEEP

    98304:jo2mCHer41qIJVUR0LRn2ufOFL//bHAKYmg77UQ1mfa/ews4VOp9mD:U4wIY0LRnHfq37g7oQcfa/ewsWOpsD

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\geek.exe
    "C:\Users\Admin\AppData\Local\Temp\geek.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4912
    • C:\Users\Admin\AppData\Local\Temp\geek64.exe
      C:\Users\Admin\AppData\Local\Temp\geek64.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1520

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\geek64.exe
    Filesize

    3.7MB

    MD5

    c84a3c776bf83d55f901288db3b8b8a0

    SHA1

    515df2a9fb35beef25d070b688d692646f0a1c8f

    SHA256

    b8d968872fe7ed8de7eeb89ff6e1ce2029521f7c744c088ae2c4807b396d28ae

    SHA512

    e471e4ffa1511b5239474577eda92ccb98918eb1633284af20ed80a3cd8366dc4b3ecbe2482b9325e6c543b1acf07731973290265b0ac3c94ea6c436b12e9064

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Geek Uninstaller\prefs.xml
    Filesize

    578B

    MD5

    2543007851b35a26053762205a1a2d6e

    SHA1

    5711940d51aedb551bc42d9226801f1fe78b200e

    SHA256

    b89e43b334010de29c9d948b9daed12d82371e50ecc5d25f6c144f0b07a89c27

    SHA512

    99f361c8f74caae00d92724b0565c1ee259d4aba644616d2936ca9ca4247bbb6917a4e6c71938c5087d96750f9f269dff7ef6d50114d0462c39cabfaa004ac81

    Download Submit