04d1ffad25e9541cf1c0d2a054aba4b2cd2ca03c764cbf62bf8900cb92a38221

Submit
Reports

Overview

overview

Static

static

TheWorldPo...me.dll

windows7-x64

TheWorldPo...me.dll

windows10-2004-x64

TheWorldPo...ent.js

windows7-x64

TheWorldPo...ent.js

windows10-2004-x64

TheWorldPo...ld.dll

windows7-x64

TheWorldPo...ld.dll

windows10-2004-x64

TheWorldPo...mo.dll

windows7-x64

TheWorldPo...mo.dll

windows10-2004-x64

TheWorldPo...32.dll

windows7-x64

TheWorldPo...32.dll

windows10-2004-x64

TheWorldPo...dt.dll

windows7-x64

TheWorldPo...dt.dll

windows10-2004-x64

TheWorldPo...ad.dll

windows7-x64

TheWorldPo...ad.dll

windows10-2004-x64

TheWorldPo...ad.dll

windows7-x64

TheWorldPo...ad.dll

windows10-2004-x64

TheWorldPo...rl.dll

windows7-x64

TheWorldPo...rl.dll

windows10-2004-x64

TheWorldPo...er.dll

windows7-x64

TheWorldPo...er.dll

windows10-2004-x64

TheWorldPo...ex.dll

windows7-x64

TheWorldPo...ex.dll

windows10-2004-x64

TheWorldPo...cp.dll

windows7-x64

TheWorldPo...cp.dll

windows10-2004-x64

TheWorldPo...it.dll

windows7-x64

TheWorldPo...it.dll

windows10-2004-x64

TheWorldPo...it.dll

windows7-x64

TheWorldPo...it.dll

windows10-2004-x64

TheWorldPo...ei.dll

windows7-x64

TheWorldPo...ei.dll

windows10-2004-x64

TheWorldPo...ces.js

windows7-x64

TheWorldPo...ces.js

windows10-2004-x64

Analysis

max time kernel
31s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27-11-2022 07:12

Sharing

Copy URL

Twitter E-mail

Static task

static1

upx

2 signatures

Behavioral task

behavioral1

Sample

TheWorldPortable/Application/6.2.0.128/chrome.dll

Resource

win7-20220812-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

TheWorldPortable/Application/6.2.0.128/chrome.dll

Resource

win10v2004-20220812-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral3

Sample

TheWorldPortable/Application/6.2.0.128/chrome_100_percent.js

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

TheWorldPortable/Application/6.2.0.128/chrome_100_percent.js

Resource

win10v2004-20220901-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

TheWorldPortable/Application/6.2.0.128/chrome_child.dll

Resource

win7-20221111-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral6

Sample

TheWorldPortable/Application/6.2.0.128/chrome_child.dll

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral7

Sample

TheWorldPortable/Application/6.2.0.128/ffmpegsumo.dll

Resource

win7-20220901-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral8

Sample

TheWorldPortable/Application/6.2.0.128/ffmpegsumo.dll

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral9

Sample

TheWorldPortable/Application/6.2.0.128/gcswf32.dll

Resource

win7-20221111-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral10

Sample

TheWorldPortable/Application/6.2.0.128/gcswf32.dll

Resource

win10v2004-20220812-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral11

Sample

TheWorldPortable/Application/6.2.0.128/icudt.dll

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral12

Sample

TheWorldPortable/Application/6.2.0.128/icudt.dll

Resource

win10v2004-20220901-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral13

Sample

TheWorldPortable/Application/6.2.0.128/plugins/np115upload.dll

Resource

win7-20220812-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral14

Sample

TheWorldPortable/Application/6.2.0.128/plugins/np115upload.dll

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral15

Sample

TheWorldPortable/Application/6.2.0.128/plugins/np360upload.dll

Resource

win7-20221111-en

persistence

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral16

Sample

TheWorldPortable/Application/6.2.0.128/plugins/np360upload.dll

Resource

win10v2004-20220812-en

persistence

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral17

Sample

TheWorldPortable/Application/6.2.0.128/plugins/npAliSecCtrl.dll

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral18

Sample

TheWorldPortable/Application/6.2.0.128/plugins/npAliSecCtrl.dll

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral19

Sample

TheWorldPortable/Application/6.2.0.128/plugins/npUploader.dll

Resource

win7-20220812-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral20

Sample

TheWorldPortable/Application/6.2.0.128/plugins/npUploader.dll

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral21

Sample

TheWorldPortable/Application/6.2.0.128/plugins/npactivex.dll

Resource

win7-20221111-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral22

Sample

TheWorldPortable/Application/6.2.0.128/plugins/npactivex.dll

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral23

Sample

TheWorldPortable/Application/6.2.0.128/plugins/npalidcp.dll

Resource

win7-20220901-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral24

Sample

TheWorldPortable/Application/6.2.0.128/plugins/npalidcp.dll

Resource

win10v2004-20221111-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral25

Sample

TheWorldPortable/Application/6.2.0.128/plugins/npaliedit.dll

Resource

win7-20221111-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral26

Sample

TheWorldPortable/Application/6.2.0.128/plugins/npaliedit.dll

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral27

Sample

TheWorldPortable/Application/6.2.0.128/plugins/nptxftnWebKit.dll

Resource

win7-20221111-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral28

Sample

TheWorldPortable/Application/6.2.0.128/plugins/nptxftnWebKit.dll

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral29

Sample

TheWorldPortable/Application/6.2.0.128/plugins/npxunlei.dll

Resource

win7-20221111-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral30

Sample

TheWorldPortable/Application/6.2.0.128/plugins/npxunlei.dll

Resource

win10v2004-20221111-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral31

Sample

TheWorldPortable/Application/6.2.0.128/resources.js

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

TheWorldPortable/Application/6.2.0.128/resources.js

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

TheWorldPortable/Application/6.2.0.128/plugins/np115upload.dll
Size

997KB
MD5

3117f37b4de68b1f636692e77c2040f0
SHA1

f5eadcda13224c9c5c9ec3cd57f8493e01e56581
SHA256

e4152ca924b79782ccf1a0608c11be14dc158c8dfe6c1d369f53346b2c3c95ae
SHA512

da5c04f85ebeb578fdac9bc952ed5a74326967ed074839a29ec47cf8cca4bcb374731d21f0c9a266d54eb5c2be9406316c460b74e0aca2718351bae9a2e61247
SSDEEP

12288:xAHUuGYlk9Qz78atIo7NKJ5Pqf3yl+6itzV5mujee+Dv+rssQVD11Cmcckq:xSUQL7H7NKJbE6itR5m3ebrWUmR

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 848 wrote to memory of 1964	848	rundll32.exe	26
PID 848 wrote to memory of 1964	848	rundll32.exe	26
PID 848 wrote to memory of 1964	848	rundll32.exe	26
PID 848 wrote to memory of 1964	848	rundll32.exe	26
PID 848 wrote to memory of 1964	848	rundll32.exe	26
PID 848 wrote to memory of 1964	848	rundll32.exe	26
PID 848 wrote to memory of 1964	848	rundll32.exe	26

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\TheWorldPortable\Application\6.2.0.128\plugins\np115upload.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\TheWorldPortable\Application\6.2.0.128\plugins\np115upload.dll,#1
  2⤵
  PID:1964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1964-55-0x0000000075041000-0x0000000075043000-memory.dmp

Filesize
8KB

Download