Overview

overview

3

Static

static

3

3d Cube.exe

windows7-x64

1

3d Cube.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 15:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d Cube.exe

  • Size

    386KB

  • MD5

    e60b7761cd7921c3db59d3d8d1e275bf

  • SHA1

    bc84e83c4e10062d53e1580c3abffc7baa2f58bc

  • SHA256

    7be9823dd9169cb1a26ba0dbba759be609187ef1da80a0aa4859a9a7b21e44fc

  • SHA512

    360302d2e18302ad201b387f754e85bfa93545c11a4f7bc544c3bc21397a5c6153d07b0811ed64f4b9169eb3b0ceb95fc40a9e4b54693286013d0c490f2e104e

  • SSDEEP

    6144:jH3hnd2wCqFZm4kfnHpKSoVCJrMr1wx9k57pA3SOLmsL4m8:jH3pd2ospnkbCIT7q3St7

Score
1/10

Malware Config

Signatures

  • Kills process with taskkill 4 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d Cube.exe
    "C:\Users\Admin\AppData\Local\Temp\3d Cube.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1356
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2780
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /f /im explorer
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:2692
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im dwm
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3012
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /f /im dwm
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:2720
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im explorer
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2352
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /f /im explorer
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:2568
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im dwm
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2336
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /f /im dwm
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1356-0-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1356-12-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1356-13-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download