Analysis
-
max time kernel
22s -
max time network
40s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
29-06-2024 05:26
General
-
Target
windows-malware-master/MEMZ/geometry dash auto speedhack.exe
-
Size
14KB
-
MD5
19dbec50735b5f2a72d4199c4e184960
-
SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822
-
SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
-
SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
-
SSDEEP
192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 18 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\windows-malware-master\MEMZ\geometry dash auto speedhack.exe"C:\Users\Admin\AppData\Local\Temp\windows-malware-master\MEMZ\geometry dash auto speedhack.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\windows-malware-master\MEMZ\geometry dash auto speedhack.exe"C:\Users\Admin\AppData\Local\Temp\windows-malware-master\MEMZ\geometry dash auto speedhack.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\windows-malware-master\MEMZ\geometry dash auto speedhack.exe"C:\Users\Admin\AppData\Local\Temp\windows-malware-master\MEMZ\geometry dash auto speedhack.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\windows-malware-master\MEMZ\geometry dash auto speedhack.exe"C:\Users\Admin\AppData\Local\Temp\windows-malware-master\MEMZ\geometry dash auto speedhack.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\windows-malware-master\MEMZ\geometry dash auto speedhack.exe"C:\Users\Admin\AppData\Local\Temp\windows-malware-master\MEMZ\geometry dash auto speedhack.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\windows-malware-master\MEMZ\geometry dash auto speedhack.exe"C:\Users\Admin\AppData\Local\Temp\windows-malware-master\MEMZ\geometry dash auto speedhack.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\windows-malware-master\MEMZ\geometry dash auto speedhack.exe"C:\Users\Admin\AppData\Local\Temp\windows-malware-master\MEMZ\geometry dash auto speedhack.exe" /main2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵