fdca31d917022c94f32a0194f558db3bad4e89874f316b61950d670bdf0deff0

Analysis

max time kernel
1793s
max time network
1565s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 10:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Geometry Dash.rar
Size

187.6MB
MD5

cee4903fa492beaffd7d73b0ade93beb
SHA1

3026927c470de783eb369199dd63510d62a8b748
SHA256

fdca31d917022c94f32a0194f558db3bad4e89874f316b61950d670bdf0deff0
SHA512

63690af2314dd1297bfdf215b0e0d7ee12b45842e82b322f7333956d0e8e18809af4b893863f4b4cc51f8379241ef353bc47c722e5676bca40497d182e0c892d
SSDEEP

3145728:xEznNs3enIOLBwQFbjcCT2RzkdTBBDlSKJUqrtkw/KKaMO432MOavo2bFibH6vAt:xES3KDLOyqxgF9lSKJJpkXn43VOaw2hi

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

Processes:

rundll32.exerundll32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_Classes\Local Settings	rundll32.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

vlc.exe

pid process

1424 vlc.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

vlc.exe

pid process

1424 vlc.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

vlc.exe

description pid process

Token: 33 1424 vlc.exe
Token: SeIncBasePriorityPrivilege 1424 vlc.exe

description	pid	process
Token: 33	1424	vlc.exe
Token: SeIncBasePriorityPrivilege	1424	vlc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

vlc.exe

pid	process
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

vlc.exe

pid	process
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe
1424	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

vlc.exe

pid process

1424 vlc.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

cmd.exerundll32.exerundll32.exe

description	pid	process	target process
PID 2956 wrote to memory of 2860	2956	cmd.exe	rundll32.exe
PID 2956 wrote to memory of 2860	2956	cmd.exe	rundll32.exe
PID 2956 wrote to memory of 2860	2956	cmd.exe	rundll32.exe
PID 2860 wrote to memory of 2580	2860	rundll32.exe	rundll32.exe
PID 2860 wrote to memory of 2580	2860	rundll32.exe	rundll32.exe
PID 2860 wrote to memory of 2580	2860	rundll32.exe	rundll32.exe
PID 2580 wrote to memory of 1424	2580	rundll32.exe	vlc.exe
PID 2580 wrote to memory of 1424	2580	rundll32.exe	vlc.exe
PID 2580 wrote to memory of 1424	2580	rundll32.exe	vlc.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Geometry Dash.rar"
1⤵
- Suspicious use of WriteProcessMemory
PID:2956

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Geometry Dash.rar
2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2860

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Geometry Dash.rar
3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2580

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Geometry Dash.rar"
4⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
1KB

MD5
bfaa5053ad423637e8e4cd9b0acccb60

SHA1
6f46e6a4bce73f2cdfc11198fae7d4461e927ddc

SHA256
5df64b2c5aef49494ecc541147afc11b9353bd72a736c94a5a16cf28fcb37749

SHA512
5fa708d6610d3406fdd842d43f3066eb12c1ec7247468409a045ed29092a27d4b965df26777a13d02a8acb2c21f87241a84f8781c15b08965f2e4ee59008e81b

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
1KB

MD5
8438bfeb0d69042f595e37e1322976cf

SHA1
54f3fc756b1dad7a91cdcce6c50fec54f5970965

SHA256
26cebd6fcf47500c5a67a5ae322bd0565b056274b79df15c949d117030583ad7

SHA512
0e7352f9908d6c3f107de11677e991d67d42f4ebf3fbfd31db7f1716e40ef3edda90218824fead362ed3791998272a38c44c9c8824b2f51be001bba596f43449

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
3KB

MD5
6b33d6da9bb29070a3e7c2895a12fff8

SHA1
d27ba5b7c22108f8f19d0996f609a5be3eae2b3c

SHA256
2806c75ef3ac7931f6766fb690b8eae073df5d6ddb5ab752b59bba4b1eeab79f

SHA512
76386f536fbeae928a70bff917c1b6a7690ff5fece0317a33bab2b8de78629147e4375ad27e3c19a0ba51d82362f85128377779d8c364c43f1e4885613d03417

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
3KB

MD5
46f93db19d9ca8c44e590ce371116b58

SHA1
153fc808eacb10537565b9e4c676925e5e0d8ddb

SHA256
7656a5e98ee78eb7d7140946988ae92bbd5708166e30cad11e7e5cdcd90bdf44

SHA512
8ba60edc41f0698b4d9eb0912d16677f70d1dde1c0b1c8f83e4a433a8d922327d949d3d508abcab61910b265c1f302bb60645f6b0e94cc98d6cd49b2eee44acc

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
3KB

MD5
82a6d751a218422a26711fb75d1f5c93

SHA1
5d6c7a6b9fc305809a065f0ce9e82e2941720053

SHA256
82e6b9c2d10f518ddddbf3272c5338f2811d89776581df80711796e9b9e32040

SHA512
b9cf808a85c75ded1c2f88185bb85e46f1bbc8509be92abca889892dba7a33f370170a822685a424e706b170cbc22c8bebf5845d1bf39c2db75079ff3e136403

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

Filesize
18B

MD5
bc4d1d2452253edcd23f78b2c9b472bc

SHA1
5d466fe1535504704fa53eafd2807a0b0b226d7e

SHA256
a9acf25808d20bfe5c619656dc67b55c128c7ec2846194074c33314e0aaba855

SHA512
fe882e925dfaeea88a4b032f950842cdd64835df610f5b371c36e2adc4196c39b8d0c362268e21796e9aacacef33b20d3eb553a1b91fc089d0f223bd9ce1cc46

Download Submit
memory/1424-127-0x000007FEF2B20000-0x000007FEF2B34000-memory.dmp

Filesize
80KB

Download
memory/1424-81-0x000007FEF6360000-0x000007FEF6371000-memory.dmp

Filesize
68KB

Download
memory/1424-72-0x000007FEF6E30000-0x000007FEF6E41000-memory.dmp

Filesize
68KB

Download
memory/1424-74-0x000007FEF6830000-0x000007FEF6841000-memory.dmp

Filesize
68KB

Download
memory/1424-73-0x000007FEF69E0000-0x000007FEF69FD000-memory.dmp

Filesize
116KB

Download
memory/1424-71-0x000007FEF7520000-0x000007FEF7537000-memory.dmp

Filesize
92KB

Download
memory/1424-70-0x000007FEF7540000-0x000007FEF7551000-memory.dmp

Filesize
68KB

Download
memory/1424-69-0x000007FEF7560000-0x000007FEF7577000-memory.dmp

Filesize
92KB

Download
memory/1424-67-0x000007FEF5E00000-0x000007FEF60B6000-memory.dmp

Filesize
2.7MB

Download
memory/1424-68-0x000007FEF76B0000-0x000007FEF76C8000-memory.dmp

Filesize
96KB

Download
memory/1424-123-0x000007FEF2BA0000-0x000007FEF2BB4000-memory.dmp

Filesize
80KB

Download
memory/1424-98-0x000007FEF3960000-0x000007FEF3977000-memory.dmp

Filesize
92KB

Download
memory/1424-97-0x000007FEF3B00000-0x000007FEF3B11000-memory.dmp

Filesize
68KB

Download
memory/1424-96-0x000007FEF4630000-0x000007FEF4642000-memory.dmp

Filesize
72KB

Download
memory/1424-95-0x000007FEF4650000-0x000007FEF4661000-memory.dmp

Filesize
68KB

Download
memory/1424-94-0x000007FEF4670000-0x000007FEF4693000-memory.dmp

Filesize
140KB

Download
memory/1424-93-0x000007FEF46A0000-0x000007FEF46B8000-memory.dmp

Filesize
96KB

Download
memory/1424-92-0x000007FEF46C0000-0x000007FEF46E4000-memory.dmp

Filesize
144KB

Download
memory/1424-91-0x000007FEF46F0000-0x000007FEF4718000-memory.dmp

Filesize
160KB

Download
memory/1424-90-0x000007FEF4720000-0x000007FEF4777000-memory.dmp

Filesize
348KB

Download
memory/1424-115-0x000007FEF3420000-0x000007FEF3434000-memory.dmp

Filesize
80KB

Download
memory/1424-119-0x000007FEF2D50000-0x000007FEF2D9D000-memory.dmp

Filesize
308KB

Download
memory/1424-118-0x000007FEF31A0000-0x000007FEF31E2000-memory.dmp

Filesize
264KB

Download
memory/1424-117-0x000007FEF31F0000-0x000007FEF3202000-memory.dmp

Filesize
72KB

Download
memory/1424-120-0x000007FEF2BE0000-0x000007FEF2D4B000-memory.dmp

Filesize
1.4MB

Download
memory/1424-116-0x000007FEF3210000-0x000007FEF3416000-memory.dmp

Filesize
2.0MB

Download
memory/1424-114-0x000007FEF3440000-0x000007FEF3451000-memory.dmp

Filesize
68KB

Download
memory/1424-128-0x000007FEF2AF0000-0x000007FEF2B1C000-memory.dmp

Filesize
176KB

Download
memory/1424-66-0x000007FEF7580000-0x000007FEF75B4000-memory.dmp

Filesize
208KB

Download
memory/1424-126-0x000007FEF2B40000-0x000007FEF2B55000-memory.dmp

Filesize
84KB

Download
memory/1424-79-0x000007FEF63A0000-0x000007FEF63B8000-memory.dmp

Filesize
96KB

Download
memory/1424-65-0x000000013F6A0000-0x000000013F798000-memory.dmp

Filesize
992KB

Download
memory/1424-76-0x000007FEF4920000-0x000007FEF4B2B000-memory.dmp

Filesize
2.0MB

Download
memory/1424-122-0x000007FEF2BC0000-0x000007FEF2BD2000-memory.dmp

Filesize
72KB

Download
memory/1424-121-0x000007FEF2760000-0x000007FEF29A1000-memory.dmp

Filesize
2.3MB

Download
memory/1424-113-0x000007FEF3460000-0x000007FEF3473000-memory.dmp

Filesize
76KB

Download
memory/1424-112-0x000007FEF3520000-0x000007FEF35E5000-memory.dmp

Filesize
788KB

Download
memory/1424-111-0x000007FEF35F0000-0x000007FEF3601000-memory.dmp

Filesize
68KB

Download
memory/1424-110-0x000007FEF3670000-0x000007FEF3683000-memory.dmp

Filesize
76KB

Download
memory/1424-109-0x000007FEF3690000-0x000007FEF36BF000-memory.dmp

Filesize
188KB

Download
memory/1424-99-0x000007FEF3850000-0x000007FEF395E000-memory.dmp

Filesize
1.1MB

Download
memory/1424-108-0x000007FEF36C0000-0x000007FEF3717000-memory.dmp

Filesize
348KB

Download
memory/1424-107-0x000007FEF3720000-0x000007FEF3731000-memory.dmp

Filesize
68KB

Download
memory/1424-106-0x000007FEF3650000-0x000007FEF3662000-memory.dmp

Filesize
72KB

Download
memory/1424-105-0x000007FEF75C0000-0x000007FEF75EA000-memory.dmp

Filesize
168KB

Download
memory/1424-104-0x000007FEF75F0000-0x000007FEF7606000-memory.dmp

Filesize
88KB

Download
memory/1424-103-0x000007FEF7610000-0x000007FEF7628000-memory.dmp

Filesize
96KB

Download
memory/1424-102-0x000007FEF7630000-0x000007FEF7642000-memory.dmp

Filesize
72KB

Download
memory/1424-101-0x000007FEF7650000-0x000007FEF7661000-memory.dmp

Filesize
68KB

Download
memory/1424-100-0x000007FEF7670000-0x000007FEF7681000-memory.dmp

Filesize
68KB

Download
memory/1424-75-0x000007FEF4B30000-0x000007FEF5BE0000-memory.dmp

Filesize
16.7MB

Download
memory/1424-89-0x000007FEF4780000-0x000007FEF4791000-memory.dmp

Filesize
68KB

Download
memory/1424-88-0x000007FEF47A0000-0x000007FEF481C000-memory.dmp

Filesize
496KB

Download
memory/1424-87-0x000007FEF4820000-0x000007FEF4887000-memory.dmp

Filesize
412KB

Download
memory/1424-86-0x000007FEF4890000-0x000007FEF48C0000-memory.dmp

Filesize
192KB

Download
memory/1424-85-0x000007FEF48C0000-0x000007FEF48D8000-memory.dmp

Filesize
96KB

Download
memory/1424-84-0x000007FEF48E0000-0x000007FEF48F1000-memory.dmp

Filesize
68KB

Download
memory/1424-83-0x000007FEF4900000-0x000007FEF491B000-memory.dmp

Filesize
108KB

Download
memory/1424-82-0x000007FEF6340000-0x000007FEF6351000-memory.dmp

Filesize
68KB

Download
memory/1424-124-0x000007FEF2B80000-0x000007FEF2B9E000-memory.dmp

Filesize
120KB

Download
memory/1424-80-0x000007FEF6380000-0x000007FEF6391000-memory.dmp

Filesize
68KB

Download
memory/1424-125-0x000007FEF2B60000-0x000007FEF2B77000-memory.dmp

Filesize
92KB

Download
memory/1424-78-0x000007FEF67B0000-0x000007FEF67D1000-memory.dmp

Filesize
132KB

Download
memory/1424-77-0x000007FEF67E0000-0x000007FEF6821000-memory.dmp

Filesize
260KB

Download