a48650af2785567749c8e5dee1433acf71ddfffc3f602a8c0e3dbcc817098131

Resubmissions

14/04/2025, 00:41

250414-a1r8saxyax 6

13/04/2025, 22:45

13/04/2025, 22:45

13/04/2025, 22:35

21/03/2025, 16:44

Analysis

max time kernel
114s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
13/04/2025, 22:35

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

GeometryDash.exe
Size

10.1MB
MD5

a0cf271bbf8d028b7ee5fbc429fce92b
SHA1

9604147c8a4cad0dfda9ef8d1de2d759e0e0c609
SHA256

a48650af2785567749c8e5dee1433acf71ddfffc3f602a8c0e3dbcc817098131
SHA512

c771393a5f9668cb55a006b4e51196eb8191b75b57461077ab37b5cc6fe83f7ce054c22bdcb6ca46ac9c64dea7555d94df627b85b2483db2696ef4ce9e413da0
SSDEEP

98304:6CBk0KiW1Ih0LRCh5jtk0LIQR23zkKmo2VxfS+VxfS:6CBk0KjI+RCh5Bk0LIQg3zkKX2LfL

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "161"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2096	svchost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4412	LogonUI.exe

C:\Users\Admin\AppData\Local\Temp\GeometryDash.exe
"C:\Users\Admin\AppData\Local\Temp\GeometryDash.exe"
1⤵
PID:2392

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2096

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa396c055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
582e0655acd12884189e39da588a524c

SHA1
36fdc0135006ef154de1dbe942d508442db2e585

SHA256
0c8f5d2211aab339ee571006f793ccb16f192a38a8dc3f78d97bc3827b91820c

SHA512
5825fa37edf90a91b2dcc5432fdd8d08478b8a98c8a150e956b1f88c528cebc99164c3fc61be3a386cc63d4a0661d397537af6791811d343c66cfcf49291bece

Download Submit
memory/2096-40-0x000002BDD7BB0000-0x000002BDD7BB1000-memory.dmp

Filesize
4KB

Download
memory/2096-42-0x000002BDD7BB0000-0x000002BDD7BB1000-memory.dmp

Filesize
4KB

Download
memory/2096-33-0x000002BDD7BB0000-0x000002BDD7BB1000-memory.dmp

Filesize
4KB

Download
memory/2096-34-0x000002BDD7BB0000-0x000002BDD7BB1000-memory.dmp

Filesize
4KB

Download
memory/2096-35-0x000002BDD7BB0000-0x000002BDD7BB1000-memory.dmp

Filesize
4KB

Download
memory/2096-36-0x000002BDD7BB0000-0x000002BDD7BB1000-memory.dmp

Filesize
4KB

Download
memory/2096-37-0x000002BDD7BB0000-0x000002BDD7BB1000-memory.dmp

Filesize
4KB

Download
memory/2096-38-0x000002BDD7BB0000-0x000002BDD7BB1000-memory.dmp

Filesize
4KB

Download
memory/2096-39-0x000002BDD7BB0000-0x000002BDD7BB1000-memory.dmp

Filesize
4KB

Download
memory/2096-43-0x000002BDD77E0000-0x000002BDD77E1000-memory.dmp

Filesize
4KB

Download
memory/2096-32-0x000002BDD7B90000-0x000002BDD7B91000-memory.dmp

Filesize
4KB

Download
memory/2096-41-0x000002BDD7BB0000-0x000002BDD7BB1000-memory.dmp

Filesize
4KB

Download
memory/2096-16-0x000002BDC75A0000-0x000002BDC75B0000-memory.dmp

Filesize
64KB

Download
memory/2096-44-0x000002BDD77D0000-0x000002BDD77D1000-memory.dmp

Filesize
4KB

Download
memory/2096-46-0x000002BDD77E0000-0x000002BDD77E1000-memory.dmp

Filesize
4KB

Download
memory/2096-49-0x000002BDD77D0000-0x000002BDD77D1000-memory.dmp

Filesize
4KB

Download
memory/2096-52-0x000002BDD7710000-0x000002BDD7711000-memory.dmp

Filesize
4KB

Download
memory/2096-0-0x000002BDC74A0000-0x000002BDC74B0000-memory.dmp

Filesize
64KB

Download
memory/2096-64-0x000002BDD7910000-0x000002BDD7911000-memory.dmp

Filesize
4KB

Download
memory/2096-66-0x000002BDD7920000-0x000002BDD7921000-memory.dmp

Filesize
4KB

Download
memory/2096-67-0x000002BDD7920000-0x000002BDD7921000-memory.dmp

Filesize
4KB

Download
memory/2096-68-0x000002BDD7A30000-0x000002BDD7A31000-memory.dmp

Filesize
4KB

Download