Overview

overview

7

Static

static

3

WorldBox.G...tor.js

windows10-ltsc 2021-x64

3

WorldBox.G...tor.js

windows10-ltsc 2021-x64

3

WorldBox.G...64.exe

windows10-ltsc 2021-x64

1

WorldBox.G...er.dll

windows10-ltsc 2021-x64

1

WorldBox.G...up.exe

windows10-ltsc 2021-x64

7

WorldBox.G...up.exe

windows10-ltsc 2021-x64

7

WorldBox.G...st.exe

windows10-ltsc 2021-x64

6

WorldBox.G...64.exe

windows10-ltsc 2021-x64

7

WorldBox.G...86.exe

windows10-ltsc 2021-x64

7

WorldBox.G...st.msi

windows10-ltsc 2021-x64

6

WorldBox.G...dk.dll

windows10-ltsc 2021-x64

1

WorldBox.G...ox.exe

windows10-ltsc 2021-x64

5

WorldBox.G...ty.dll

windows10-ltsc 2021-x64

1

WorldBox.G...re.dll

windows10-ltsc 2021-x64

1

WorldBox.G...S3.dll

windows10-ltsc 2021-x64

1

WorldBox.G...en.dll

windows10-ltsc 2021-x64

1

WorldBox.G...gs.dll

windows10-ltsc 2021-x64

1

WorldBox.G...ss.dll

windows10-ltsc 2021-x64

1

WorldBox.G...rp.dll

windows10-ltsc 2021-x64

1

WorldBox.G...C5.dll

windows10-ltsc 2021-x64

1

WorldBox.G...en.dll

windows10-ltsc 2021-x64

1

WorldBox.G...ty.dll

windows10-ltsc 2021-x64

1

WorldBox.G...ce.dll

windows10-ltsc 2021-x64

1

WorldBox.G...64.dll

windows10-ltsc 2021-x64

1

WorldBox.G...cs.dll

windows10-ltsc 2021-x64

3

WorldBox.G...pp.dll

windows10-ltsc 2021-x64

3

WorldBox.G...rm.dll

windows10-ltsc 2021-x64

3

WorldBox.G...on.dll

windows10-ltsc 2021-x64

3

WorldBox.G...on.dll

windows10-ltsc 2021-x64

3

WorldBox.G...on.dll

windows10-ltsc 2021-x64

1

WorldBox.G...re.dll

windows10-ltsc 2021-x64

1

WorldBox.G...mp.dll

windows10-ltsc 2021-x64

1

Analysis

  • max time kernel
    1313s
  • max time network
    1397s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    21-11-2024 15:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WorldBox.God.Simulator.v0.22.9.558/Game/worldbox.exe

  • Size

    638KB

  • MD5

    3c4f1e12277c21f2c58ff0499bb0334b

  • SHA1

    3ccbc8febb2c32e2c50f40632f0bc4c752b331f9

  • SHA256

    c662058aaa67a28679305ec1419a7f1c341cf5741e94255891f12d86e782e30f

  • SHA512

    9e203586c645aac195bc789c018c921f94f9be187bd96c4bba9109dd56222739800e341d84c2b7ade0123a846fcf1b5010e30703fdb86d273af153a96ab0dc38

  • SSDEEP

    3072:HgXpJozm2lkCspYDbMwqrWunCrKQJgHm3RV6ESwMvGj5a5vSHE:epC62lkCTIWunOKQ4m3RV6NwcGASHE

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 48 IoCs
  • Drops file in Windows directory 48 IoCs
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WorldBox.God.Simulator.v0.22.9.558\Game\worldbox.exe
    "C:\Users\Admin\AppData\Local\Temp\WorldBox.God.Simulator.v0.22.9.558\Game\worldbox.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Checks processor information in registry
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3632
    • C:\Users\Admin\AppData\Local\Temp\WorldBox.God.Simulator.v0.22.9.558\Game\UnityCrashHandler64.exe
      "C:\Users\Admin\AppData\Local\Temp\WorldBox.God.Simulator.v0.22.9.558\Game\UnityCrashHandler64.exe" --attach 3632 2095694417920
      2⤵
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1076
      • C:\Users\Admin\AppData\Local\Temp\WorldBox.God.Simulator.v0.22.9.558\Game\UnityCrashHandler64.exe
        "C:\Users\Admin\AppData\Local\Temp\WorldBox.God.Simulator.v0.22.9.558\Game\UnityCrashHandler64.exe" "3632" "2095694417920"
        3⤵
          PID:2504
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x2f4 0x460
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4612

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Unity\CrashReports\CrashReport2024-11-21_153940934.json.gz
      Filesize

      5KB

      MD5

      ae36ee2775bc098af8fa7ea21b853045

      SHA1

      aac1058751dc324a32c4efaef06bb5d695749361

      SHA256

      168a96566c61cef11b04652bca6af23806fcef77373edcd4468177bbb75462c1

      SHA512

      0214942cf292351c9d6f0845ee84b30b126d8b722b817f852fdc786e2568b5c96e9cf696d8f1b49c7b52a3828e31798a326b7135e0d244e0b3d55578277168ec

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Unity\CrashReports\CrashReport2024-11-21_153940934.json.meta
      Filesize

      65B

      MD5

      388fa3e1a722070c3fba4f8ba8bf4d02

      SHA1

      307812c85a9a47844752bd1d13709d4d8cc7c864

      SHA256

      8eaaadd1c9818f56e18182ccc069eeaf8cbbf25c2dc3dd1888ef303bedb17fa4

      SHA512

      c794837eb0dc83abe25aceb344b79e46ce3e33b66659379c50c74a41f78ffcdc4cd52d37df82beca679ab62e20b620c980afbd8e4a50a037b2e9826ef0ae7578

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\mkarpenko\WorldBox\Player.log
      Filesize

      16KB

      MD5

      e94dc06bbaadd3cf71c1761d9e9484e4

      SHA1

      65b6487b8ae80c5433109e6437e121970df7d767

      SHA256

      af3bbb5b94057d9d7de44d70534a4ed7346af1af51aa80db67c14ae147ddfb4e

      SHA512

      1a07063a737ef2cc2f9d57ee7cabe74ad7714f99f895dca3c14584559ec2bd72d2ed90d8575c345b71b0e636b2039a9c99aa13ca1407d340730eb18efa75fe55

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\mkarpenko\WorldBox\Unity\1fee820e-0c37-402a-927d-d35def5ef484\Analytics\ArchivedEvents\173220357400002.15c992cc\c
      Filesize

      1B

      MD5

      c81e728d9d4c2f636f067f89cc14862c

      SHA1

      da4b9237bacccdf19c0760cab7aec4a8359010b0

      SHA256

      d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35

      SHA512

      40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\mkarpenko\WorldBox\Unity\1fee820e-0c37-402a-927d-d35def5ef484\Analytics\ArchivedEvents\173220357400002.15c992cc\s
      Filesize

      440B

      MD5

      d372c2ac678d9947219809366e017849

      SHA1

      449659ac564590775fe0c60e8d00432dfcaae0c2

      SHA256

      68806da6e833f5cb5139413c9e749186fc079694b82997c2f238f800b7d7170f

      SHA512

      20450df81c03804ac30eceb4a85154bb250a7298c5c8051c344e070e6404f0765b1a4f401c029730a6d05d725281cce136d1929effe0d38e84e8c265a0c68b82

      Download Submit

    • memory/3632-88-0x000001E9DCE50000-0x000001E9DCE60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-25-0x000001E9B90B0000-0x000001E9B90D0000-memory.dmp

      Filesize

      128KB

      Download

    • memory/3632-7-0x000001E977970000-0x000001E977980000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-10-0x000001E977990000-0x000001E9779A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-9-0x000001E7F1220000-0x000001E7F1230000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-8-0x000001E7F1330000-0x000001E7F1340000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-11-0x000001E9B7AE0000-0x000001E9B7AF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-13-0x000001E9B7AF0000-0x000001E9B7B00000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-12-0x000001E955830000-0x000001E955850000-memory.dmp

      Filesize

      128KB

      Download

    • memory/3632-15-0x000001E9B7F30000-0x000001E9B7F40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-14-0x000001E976CD0000-0x000001E976CE0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-16-0x000001E9B7F90000-0x000001E9B7FA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-17-0x000001E9B7FA0000-0x000001E9B7FB0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-19-0x000001E9B8F80000-0x000001E9B8F90000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-18-0x000001E977910000-0x000001E977920000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-23-0x000001E9B90A0000-0x000001E9B90B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-22-0x000001E977940000-0x000001E977950000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-89-0x000001E9B9210000-0x000001E9B9220000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-24-0x000001E977960000-0x000001E977970000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-27-0x000001E9B90D0000-0x000001E9B90E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-26-0x000001E977970000-0x000001E977980000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-5-0x000001E977940000-0x000001E977950000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-48-0x000001E9B91F0000-0x000001E9B9200000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-47-0x000001E977990000-0x000001E9779A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-49-0x000001E9B7AE0000-0x000001E9B7AF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-50-0x000001E9B9200000-0x000001E9B9210000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-51-0x000001E9B7AF0000-0x000001E9B7B00000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-87-0x000001E9B9200000-0x000001E9B9210000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-54-0x000001E9B9320000-0x000001E9B9330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-53-0x000001E9B7F30000-0x000001E9B7F40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-4-0x000001E977910000-0x000001E977920000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-90-0x000001E9DCE60000-0x000001E9DCE70000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-73-0x000001E9B7F90000-0x000001E9B7FA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-76-0x000001E9DCC70000-0x000001E9DCC80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-75-0x000001E9B7FA0000-0x000001E9B7FB0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-78-0x000001E9DCDC0000-0x000001E9DCDD0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-77-0x000001E9B8F80000-0x000001E9B8F90000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-80-0x000001E9DCDD0000-0x000001E9DCDE0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-79-0x000001E9B90A0000-0x000001E9B90B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-82-0x000001E9DCDE0000-0x000001E9DCDF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-81-0x000001E9B90B0000-0x000001E9B90D0000-memory.dmp

      Filesize

      128KB

      Download

    • memory/3632-84-0x000001E9DCE30000-0x000001E9DCE40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-83-0x000001E9B90D0000-0x000001E9B90E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-86-0x000001E9DCE40000-0x000001E9DCE50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-85-0x000001E9B91F0000-0x000001E9B9200000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-0-0x000001E7F1330000-0x000001E7F1340000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-52-0x000001E9B9210000-0x000001E9B9220000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-6-0x000001E977960000-0x000001E977970000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-74-0x000001E9D9330000-0x000001E9D9340000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-92-0x000001E9DDE40000-0x000001E9DDE60000-memory.dmp

      Filesize

      128KB

      Download

    • memory/3632-91-0x000001E9B9320000-0x000001E9B9330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-94-0x000001E9DE020000-0x000001E9DE030000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-93-0x000001E9D9330000-0x000001E9D9340000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-96-0x000001E9DE030000-0x000001E9DE040000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-95-0x000001E9DCC70000-0x000001E9DCC80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-98-0x000001E9DE040000-0x000001E9DE070000-memory.dmp

      Filesize

      192KB

      Download

    • memory/3632-97-0x000001E9DCDC0000-0x000001E9DCDD0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-100-0x000001E9DE2C0000-0x000001E9DE2D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-99-0x000001E9DCDD0000-0x000001E9DCDE0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-102-0x000001E9DE310000-0x000001E9DE320000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-101-0x000001E9DCDE0000-0x000001E9DCDF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-103-0x000001E9DCE30000-0x000001E9DCE40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-104-0x000001E9DE320000-0x000001E9DE350000-memory.dmp

      Filesize

      192KB

      Download

    • memory/3632-106-0x000001E9DE350000-0x000001E9DE360000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-105-0x000001E9DCE40000-0x000001E9DCE50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-108-0x000001E9DE360000-0x000001E9DE370000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-107-0x000001E9DCE50000-0x000001E9DCE60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-110-0x000001E9DE370000-0x000001E9DE380000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-109-0x000001E9DCE60000-0x000001E9DCE70000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-112-0x000001E9DE380000-0x000001E9DE390000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-111-0x000001E9DDE40000-0x000001E9DDE60000-memory.dmp

      Filesize

      128KB

      Download

    • memory/3632-114-0x000001E9DE390000-0x000001E9DE3A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-113-0x000001E9DE020000-0x000001E9DE030000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-116-0x000001E9DE3B0000-0x000001E9DE3C0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-115-0x000001E9DE030000-0x000001E9DE040000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-123-0x000001E9DE040000-0x000001E9DE070000-memory.dmp

      Filesize

      192KB

      Download

    • memory/3632-131-0x000001E9DE2C0000-0x000001E9DE2D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-132-0x000001E9DE310000-0x000001E9DE320000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-133-0x000001E9DE320000-0x000001E9DE350000-memory.dmp

      Filesize

      192KB

      Download

    • memory/3632-3-0x000001E976CD0000-0x000001E976CE0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-2-0x000001E955830000-0x000001E955850000-memory.dmp

      Filesize

      128KB

      Download

    • memory/3632-1-0x000001E7F1220000-0x000001E7F1230000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-141-0x000001E9DE350000-0x000001E9DE360000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-148-0x000001E7F1330000-0x000001E7F1340000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-149-0x000001E7F1220000-0x000001E7F1230000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-152-0x000001E977910000-0x000001E977920000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-160-0x000001E9B7F90000-0x000001E9B7FA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-159-0x000001E9B7F30000-0x000001E9B7F40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-158-0x000001E9B7AF0000-0x000001E9B7B00000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-157-0x000001E9B7AE0000-0x000001E9B7AF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-156-0x000001E977990000-0x000001E9779A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-155-0x000001E977970000-0x000001E977980000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-154-0x000001E977960000-0x000001E977970000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-153-0x000001E977940000-0x000001E977950000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-151-0x000001E976CD0000-0x000001E976CE0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3632-150-0x000001E955830000-0x000001E955850000-memory.dmp

      Filesize

      128KB

      Download