Analysis
-
max time kernel
12s -
max time network
14s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
23-05-2024 06:20
Static task
static1
General
-
Target
geek.exe
-
Size
6.7MB
-
MD5
ef78997488e6121971404a3f25686fee
-
SHA1
53a260990106e5271cb525f87be008e299beaa85
-
SHA256
d96df1051e62aa40baefd51235be45f8038745582a5d3428b63123fd2ced60db
-
SHA512
8a021950ae41a76659cacdba57d4a090b839dc9a39866b1ca3b6efc533d2542cdb40dbf5004c58d1793329a60126052d7372b0b3d4e9165cfa48938f0e77e573
-
SSDEEP
98304:jo2mCHer41qIJVUR0LRn2ufOFL//bHAKYmg77UQ1mfa/ews4VOp9mD:U4wIY0LRnHfq37g7oQcfa/ewsWOpsD
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Executes dropped EXE 1 IoCs
Processes:
geek64.exepid process 1520 geek64.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
geek64.exepid process 1520 geek64.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
Processes:
geek.exegeek64.exepid process 4912 geek.exe 1520 geek64.exe 1520 geek64.exe 1520 geek64.exe 1520 geek64.exe 1520 geek64.exe 1520 geek64.exe 1520 geek64.exe 1520 geek64.exe 1520 geek64.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
geek.exedescription pid process target process PID 4912 wrote to memory of 1520 4912 geek.exe geek64.exe PID 4912 wrote to memory of 1520 4912 geek.exe geek64.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\geek.exe"C:\Users\Admin\AppData\Local\Temp\geek.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\geek64.exeC:\Users\Admin\AppData\Local\Temp\geek64.exe2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\geek64.exeFilesize
3.7MB
MD5c84a3c776bf83d55f901288db3b8b8a0
SHA1515df2a9fb35beef25d070b688d692646f0a1c8f
SHA256b8d968872fe7ed8de7eeb89ff6e1ce2029521f7c744c088ae2c4807b396d28ae
SHA512e471e4ffa1511b5239474577eda92ccb98918eb1633284af20ed80a3cd8366dc4b3ecbe2482b9325e6c543b1acf07731973290265b0ac3c94ea6c436b12e9064
-
C:\Users\Admin\AppData\Roaming\Geek Uninstaller\prefs.xmlFilesize
578B
MD52543007851b35a26053762205a1a2d6e
SHA15711940d51aedb551bc42d9226801f1fe78b200e
SHA256b89e43b334010de29c9d948b9daed12d82371e50ecc5d25f6c144f0b07a89c27
SHA51299f361c8f74caae00d92724b0565c1ee259d4aba644616d2936ca9ca4247bbb6917a4e6c71938c5087d96750f9f269dff7ef6d50114d0462c39cabfaa004ac81