0425127fffb9ca1ce12df88b1e033aad8245659c5f9ba971cfb96c52630ce7a3

Analysis

max time kernel
86s
max time network
91s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2023, 16:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WORLDBOX - God Simulator[KQI8pkR7B].exe
Size

511KB
MD5

ec4460d73c83a3fb4dee1caa45c16937
SHA1

487377cbca81d3e5a59cd8afb7d994bc856ce67b
SHA256

0425127fffb9ca1ce12df88b1e033aad8245659c5f9ba971cfb96c52630ce7a3
SHA512

384a7d10b4a1609ca4a4371ccbca511e1dba8c2f163c03baa38a3a297e435f627a521c7b66495bb7397d817aecbd1d7ce0f1f6c3a019a192906421ca922da892
SSDEEP

12288:z+ocIPZW655TpkOH9iYRvPR4VXzg7N8QCmX3p5WTQjGHdj:zPc1M5zHlgVXE7jrnpaQi9j

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
1548	WORLDBOX - God Simulator[KQI8pkR7B].exe
1548	WORLDBOX - God Simulator[KQI8pkR7B].exe
1548	WORLDBOX - God Simulator[KQI8pkR7B].exe
1548	WORLDBOX - God Simulator[KQI8pkR7B].exe
1548	WORLDBOX - God Simulator[KQI8pkR7B].exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\WORLDBOX - God Simulator[KQI8pkR7B].exe
"C:\Users\Admin\AppData\Local\Temp\WORLDBOX - God Simulator[KQI8pkR7B].exe"
1⤵
- Loads dropped DLL
PID:1548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsc7F44.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7F44.tmp\System.dll

Filesize
12KB

MD5
3e5dbc37b5790b6a1137f0441afc93b0

SHA1
1a6e3344004f130bbd7cf19e719b9ad066f4f032

SHA256
6979a3766120389868145d5dcf1310b084a15046b389273fde7ede870e213ca0

SHA512
c0a8eaed8d9d9e3ce438446aa2a3c30fc46d006c412fe5e7cb180e839172d514f0f92bd77582e33ff6189bcba0777f800e3eb7d39019e7fefde8d016abd8565f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7F44.tmp\UAC.dll

Filesize
18KB

MD5
113c5f02686d865bc9e8332350274fd1

SHA1
4fa4414666f8091e327adb4d81a98a0d6e2e254a

SHA256
0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d

SHA512
e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7F44.tmp\nsDialogs.dll

Filesize
9KB

MD5
5bfdc8fb2d2bc96d3c6ad3fa5001fb60

SHA1
3ef791e834af931221d1f52f557d79dad2731763

SHA256
56db8561e64c05a5e1978a4320084b239f8c288183a07f674863f6187ae7ffdb

SHA512
b3ca9ecfe1591a3bbf95d703918c3770dad24e7480b803a38d09158f69d4e1d7be2550bc6c06c0fe8b05282cf5297eac8b9afc28d8835bb182a39d43627ec1c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7F44.tmp\nsJSON.dll

Filesize
23KB

MD5
f4d89d9a2a3e2f164aea3e93864905c9

SHA1
4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a

SHA256
64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb

SHA512
dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

Download Submit