Analysis
-
max time kernel
84s -
max time network
89s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
20-06-2024 14:36
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win10v2004-20240611-en
Errors
General
-
Target
http://google.com
Malware Config
Signatures
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation geometry dash auto speedhack.exe Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation geometry dash auto speedhack.exe -
Executes dropped EXE 8 IoCs
pid Process 5356 geometry dash auto speedhack.exe 5520 geometry dash auto speedhack.exe 5536 geometry dash auto speedhack.exe 5564 geometry dash auto speedhack.exe 5588 geometry dash auto speedhack.exe 5616 geometry dash auto speedhack.exe 5660 geometry dash auto speedhack.exe 3504 geometry dash auto speedhack.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
flow ioc 156 raw.githubusercontent.com 157 raw.githubusercontent.com 158 raw.githubusercontent.com -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 geometry dash auto speedhack.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 962319.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1600 msedge.exe 1600 msedge.exe 1632 msedge.exe 1632 msedge.exe 1888 identity_helper.exe 1888 identity_helper.exe 3052 msedge.exe 3052 msedge.exe 5520 geometry dash auto speedhack.exe 5520 geometry dash auto speedhack.exe 5536 geometry dash auto speedhack.exe 5536 geometry dash auto speedhack.exe 5520 geometry dash auto speedhack.exe 5520 geometry dash auto speedhack.exe 5564 geometry dash auto speedhack.exe 5564 geometry dash auto speedhack.exe 5616 geometry dash auto speedhack.exe 5520 geometry dash auto speedhack.exe 5520 geometry dash auto speedhack.exe 5616 geometry dash auto speedhack.exe 5588 geometry dash auto speedhack.exe 5536 geometry dash auto speedhack.exe 5588 geometry dash auto speedhack.exe 5536 geometry dash auto speedhack.exe 5564 geometry dash auto speedhack.exe 5564 geometry dash auto speedhack.exe 5564 geometry dash auto speedhack.exe 5588 geometry dash auto speedhack.exe 5564 geometry dash auto speedhack.exe 5588 geometry dash auto speedhack.exe 5536 geometry dash auto speedhack.exe 5616 geometry dash auto speedhack.exe 5536 geometry dash auto speedhack.exe 5616 geometry dash auto speedhack.exe 5520 geometry dash auto speedhack.exe 5520 geometry dash auto speedhack.exe 5536 geometry dash auto speedhack.exe 5536 geometry dash auto speedhack.exe 5616 geometry dash auto speedhack.exe 5616 geometry dash auto speedhack.exe 5564 geometry dash auto speedhack.exe 5564 geometry dash auto speedhack.exe 5588 geometry dash auto speedhack.exe 5588 geometry dash auto speedhack.exe 5520 geometry dash auto speedhack.exe 5520 geometry dash auto speedhack.exe 5520 geometry dash auto speedhack.exe 5588 geometry dash auto speedhack.exe 5520 geometry dash auto speedhack.exe 5588 geometry dash auto speedhack.exe 5564 geometry dash auto speedhack.exe 5616 geometry dash auto speedhack.exe 5564 geometry dash auto speedhack.exe 5616 geometry dash auto speedhack.exe 5536 geometry dash auto speedhack.exe 5536 geometry dash auto speedhack.exe 5536 geometry dash auto speedhack.exe 5616 geometry dash auto speedhack.exe 5616 geometry dash auto speedhack.exe 5536 geometry dash auto speedhack.exe 5564 geometry dash auto speedhack.exe 5564 geometry dash auto speedhack.exe 5588 geometry dash auto speedhack.exe 5588 geometry dash auto speedhack.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe -
Suspicious use of FindShellTrayWindow 35 IoCs
pid Process 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 5356 geometry dash auto speedhack.exe 5520 geometry dash auto speedhack.exe 5536 geometry dash auto speedhack.exe 5564 geometry dash auto speedhack.exe 5588 geometry dash auto speedhack.exe 5616 geometry dash auto speedhack.exe 5660 geometry dash auto speedhack.exe 3504 geometry dash auto speedhack.exe 5588 geometry dash auto speedhack.exe 5536 geometry dash auto speedhack.exe 5616 geometry dash auto speedhack.exe 5520 geometry dash auto speedhack.exe 5564 geometry dash auto speedhack.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1632 wrote to memory of 4316 1632 msedge.exe 83 PID 1632 wrote to memory of 4316 1632 msedge.exe 83 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 4648 1632 msedge.exe 85 PID 1632 wrote to memory of 1600 1632 msedge.exe 86 PID 1632 wrote to memory of 1600 1632 msedge.exe 86 PID 1632 wrote to memory of 1780 1632 msedge.exe 87 PID 1632 wrote to memory of 1780 1632 msedge.exe 87 PID 1632 wrote to memory of 1780 1632 msedge.exe 87 PID 1632 wrote to memory of 1780 1632 msedge.exe 87 PID 1632 wrote to memory of 1780 1632 msedge.exe 87 PID 1632 wrote to memory of 1780 1632 msedge.exe 87 PID 1632 wrote to memory of 1780 1632 msedge.exe 87 PID 1632 wrote to memory of 1780 1632 msedge.exe 87 PID 1632 wrote to memory of 1780 1632 msedge.exe 87 PID 1632 wrote to memory of 1780 1632 msedge.exe 87 PID 1632 wrote to memory of 1780 1632 msedge.exe 87 PID 1632 wrote to memory of 1780 1632 msedge.exe 87 PID 1632 wrote to memory of 1780 1632 msedge.exe 87 PID 1632 wrote to memory of 1780 1632 msedge.exe 87 PID 1632 wrote to memory of 1780 1632 msedge.exe 87 PID 1632 wrote to memory of 1780 1632 msedge.exe 87 PID 1632 wrote to memory of 1780 1632 msedge.exe 87 PID 1632 wrote to memory of 1780 1632 msedge.exe 87 PID 1632 wrote to memory of 1780 1632 msedge.exe 87 PID 1632 wrote to memory of 1780 1632 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1632 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa3f246f8,0x7ffaa3f24708,0x7ffaa3f247182⤵PID:4316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,8776709902276361467,5498935050511567131,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵PID:4648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,8776709902276361467,5498935050511567131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,8776709902276361467,5498935050511567131,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:82⤵PID:1780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8776709902276361467,5498935050511567131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:4960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8776709902276361467,5498935050511567131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:3132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8776709902276361467,5498935050511567131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵PID:2836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,8776709902276361467,5498935050511567131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 /prefetch:82⤵PID:4352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,8776709902276361467,5498935050511567131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8776709902276361467,5498935050511567131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:12⤵PID:3492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8776709902276361467,5498935050511567131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:12⤵PID:1676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8776709902276361467,5498935050511567131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:12⤵PID:3220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8776709902276361467,5498935050511567131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:12⤵PID:4416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8776709902276361467,5498935050511567131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:12⤵PID:3524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8776709902276361467,5498935050511567131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵PID:3228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8776709902276361467,5498935050511567131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵PID:4640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,8776709902276361467,5498935050511567131,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2228 /prefetch:82⤵PID:6136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8776709902276361467,5498935050511567131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:12⤵PID:1380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,8776709902276361467,5498935050511567131,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6300 /prefetch:82⤵PID:5176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,8776709902276361467,5498935050511567131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3052
-
-
C:\Users\Admin\Downloads\geometry dash auto speedhack.exe"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5356 -
C:\Users\Admin\Downloads\geometry dash auto speedhack.exe"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5520
-
-
C:\Users\Admin\Downloads\geometry dash auto speedhack.exe"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5536
-
-
C:\Users\Admin\Downloads\geometry dash auto speedhack.exe"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5564
-
-
C:\Users\Admin\Downloads\geometry dash auto speedhack.exe"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5588
-
-
C:\Users\Admin\Downloads\geometry dash auto speedhack.exe"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5616
-
-
C:\Users\Admin\Downloads\geometry dash auto speedhack.exe"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe" /main3⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:5660 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt4⤵PID:1088
-
-
C:\Windows\SysWOW64\calc.exe"C:\Windows\System32\calc.exe"4⤵PID:5240
-
-
-
-
C:\Users\Admin\Downloads\geometry dash auto speedhack.exe"C:\Users\Admin\Downloads\geometry dash auto speedhack.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3504
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5048
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2664
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:932
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:5340
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c5abc082d9d9307e797b7e89a2f755f4
SHA154c442690a8727f1d3453b6452198d3ec4ec13df
SHA256a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c
-
Filesize
152B
MD5b4a74bc775caf3de7fc9cde3c30ce482
SHA1c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA51255578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5fbfeef98b9a2d39db205f9a8c5946c99
SHA17e33d5c9b64f72c71d1c8d2cb13d18623a050740
SHA256b4ef23f83b1ddce0f38760b29d04e42cf8b46db24a23701e8f5b2d8ba554f05a
SHA512cf91f067d21b5a712c044de74b8c7d0e9d3e2ff414301518ec0de0a883c129ea0dbd7ea19e4b179d6286217d9751fd1e61833a3cdfd514256539a4b625197b8d
-
Filesize
3KB
MD56ffbe0906f4a324a4e48389174399170
SHA1e5c519ad64d926b25c75cc6abd397548a131f9e1
SHA25615e81645a3034fa40b2eba5e4c0f7c001b23cd3808ca384b12f8836ac65b6f83
SHA512a020bd13005584d4531a915c45c19b32b64936255fd847c34dc1d73803658d4906fb52f83fec6f2fb32c22af462eafd0f1cc7f1b934d6abe2bb0d3788eae7598
-
Filesize
5KB
MD53ab8782013ec45c1567f8cc053eed9a2
SHA1f05861aed8e9cf4f2c39cfd1e37d7e67391c95f5
SHA256ee049aeda7d6ee0bdfeba713277d5f728338d7289c364357fd298027f464fdd2
SHA51229e31601c3c518fff7d909449a09f9601ab276174db47a475996eac259600fd6936bf495ebf137feb3a700d3d7f9e2f98e00882b892c6febd47cf569401942a4
-
Filesize
6KB
MD59c8198b6e4844cbdf4a95fbacb000a97
SHA1069058263a971a8dfc748cce99e50b7df204fc60
SHA256f3a7b9229395fc27e7b824f8d197530746d0ce8ee4fae9d67727426bf44eb7d5
SHA5126b2519e492d3d090154f3126ee476859f8c1f1b3b5a54b35b1c74232e57a3d3d16e1d58a9813cc3053dedc8d3bbf634fb46bdb04d1af42a41b36ad61fb1a4635
-
Filesize
7KB
MD5a42a649361f73c275337528752af9674
SHA181ae92770a85c388d949b8c0e6ed81f941aa3a9e
SHA25687a2d2a5cce3fd4c5f3e938410d5b26f06a1fe0f675f9af57407d13c132cfd2b
SHA512b9d60084f2f7d7ca20071d268f122c50666825dd4523c83f1f293c1159397d0e6c4577a239a68ba4d7dc35033de164212b43f626c5597b6bd85a833d3e21e935
-
Filesize
6KB
MD582574b89413fbf7be20c85bfb15d5694
SHA189c6fc5fdf572f47a8754cfba2360197b9b72b41
SHA2562ffc208baa2ed1fffc669cda23cf9ae12824e0084c0f57abaa5df0b581380773
SHA512f5ef3edc39fa8672490577525178bf94b4e4c2e7b89a6c2e4367e4be2b97c975bd092d596381265f3305fdab3b15a5ad6bf166561f8ccbeeff00d48d4917d37a
-
Filesize
7KB
MD5a3c4ba267bd2b435c89ac2aa6998877f
SHA196c63d5434e594f299bfa973c77c8c3934fea428
SHA2567f7dd8389cb79c4fa4dafcf8e21fb44f308146817d917497e4c9b06efe65bc9a
SHA512b27c56acd25f01984c2a773c37fef8084b52dfeb6dcbdb014460ad736a07e7e14f80abecfd6f409f277c4c6713b7d5de650dc2a69b51b3e27a839ceaf95b3adb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize90B
MD5217683738680487395378915dbbdd3b6
SHA1c6cde68653ad010e01e12bd2cac5bb5f58ae8a3d
SHA2561858499ec8fceaf591dc609f50de44456cbcca59abfafabd43bbb7be54611fee
SHA512f3c596ebc13f7fe18e4bb8876a13fc8fed3b035f0ea7f40171c9ddd2bc1166f680b13157e545e12f69b894587861d258e93edd2759b6ef769dcd93efe4a73a6b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize26B
MD52892eee3e20e19a9ba77be6913508a54
SHA17c4ef82faa28393c739c517d706ac6919a8ffc49
SHA2564f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2
SHA512b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae
-
Filesize
1KB
MD59d1b86518eb0a4eefce746ec4e3ce440
SHA1ae89f0b928bf17dbf5e7823dcb450f0dd33882c1
SHA2566f1a78932a713cea0c0cce8f0b05afa0056e1670b5a61f7a9d82b951ccbf6bf5
SHA512bccf0078f0511c9904921576092063dec72f528e0559a6de5b1d565ba3bb732e52f40daaf6885f234b995a71213921fce72af4bc7f633c782cf8ba012121fbd4
-
Filesize
1KB
MD51c44d0c852a2e2fb8dc21c64b1acc05e
SHA194c5c52183a0ea34ade32f9c2a4b06e1e55a612a
SHA2562f611fff3a2bc05f38933a5748c7aac3f8668e53cc92ef02d583927903bcc5fe
SHA51258614edbe2ed0d9dd3843eb896b120acc9b90765ffb290804dc722d0659a7edc83bac5a8946a38e1767f5883221d306c8e5e20cba36b467751264d52fc4c4dc6
-
Filesize
707B
MD5bf580f5f17626eb55a20bcc6045adc3e
SHA1ebfb886d8b8742d43492f0ea4199e11d3dc378a2
SHA2560e1cfcc0557313109143646149c120d59dd32b717f20ba7ac93fd5fbb56b156e
SHA512be3bd631700d2ee696e160075b13875925b35f734d0df7e1aa83ee28d813776e65e3daa071c55e74a4698f82da9b468cf8d78ff06b8e3923d1a7459f31b6b4c4
-
Filesize
204B
MD513afdd92ec4359abf5b7202071e40a4c
SHA1940306cf2b56c785c7d3a6a3ff84a7d2ea2dd7e5
SHA2566c644f2755366012038d66cc8177e7229c4f4995dabb742b1ba4849d3b3322be
SHA51266f124ee9a11ccea66a46703901f5666ae84f65bd62158848c6f952b5caeddf7d4faaf3374a13da7cfb8dcaec5910a6202c3d30936795f959d0cae339c260ff0
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD57022342f369b5fba906d8d841cc633cd
SHA1cdcc1d2ae63887f7afcc4fbc67ee661d4b912599
SHA2563f87fa3ac2afe9b190bb5a5527859e64f5f37e3cd9900848a38797d7101ffe55
SHA5123e584d4d3ab11002700f54e33f20ad0c4a88d37aa23f4cf5fa0dc46d29cfab0e098816f0b90093c5b02892eae965d9a4157cd8f9796564ccac727faed41f105b
-
Filesize
11KB
MD5fde4db7287a908bfee2551ba01146bac
SHA12be1d9df0cf1ae80526056ca4c2b88daed6faf03
SHA25664dcb71a9d02eb6089a35116a27d134679ad264f1d4dd552139ac278d335bb5e
SHA512505548b789d33a132dfa41a4d723dd28900c0d2bc73e95b156368f0e33b9a8de580af015f7780296ef469b3463efc4ab2e1f8619aa96362ce7163dd8dc55c184
-
Filesize
14KB
MD519dbec50735b5f2a72d4199c4e184960
SHA16fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
-
Filesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf