File name:

VectricCut3D1.110.b.taiwebs.com.rar

Full analysis: https://app.any.run/tasks/de86859c-0047-418f-94ff-4ee4d9da1b3a
Verdict: Malicious activity
Analysis date: April 11, 2024, 09:03:50
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

A8AC0051E460A4D50948705142247EF3

SHA1:

EFA73F9A6133EA94C2278C0F7CF7BE3AF4FD2497

SHA256:

1B8EA50ADC67ED1351947A128BC474F45838D529BD6429B542B062687C6ED13F

SSDEEP:

98304:AjfNp4l/V5WudFgF+N61sdORW5BC+nKgKIx+GjhmY6D76JKBVr8whmzXPvWPnOkN:06x2CZnsxty/fA6IUNeF

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Cut3D_1_110_Setup.exe (PID: 2260)
      • vectric.cut3d.1.11-tpc.exe (PID: 3968)
      • vectric.cut3d.1.11-tpc.exe (PID: 1732)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Cut3D_1_110_Setup.exe (PID: 2260)

    • Process drops legitimate windows executable

      • Cut3D_1_110_Setup.exe (PID: 2260)

    • The process creates files with name similar to system file names

      • Cut3D_1_110_Setup.exe (PID: 2260)

    • Creates a software uninstall entry

      • Cut3D_1_110_Setup.exe (PID: 2260)

    • Executable content was dropped or overwritten

      • Cut3D_1_110_Setup.exe (PID: 2260)
      • vectric.cut3d.1.11-tpc.exe (PID: 3968)
      • vectric.cut3d.1.11-tpc.exe (PID: 1732)
      • dllhost.exe (PID: 3884)

    • Reads the Internet Settings

      • vectric.cut3d.1.11-tpc.exe (PID: 1732)
      • Cut3D.exe (PID: 2980)

    • Reads security settings of Internet Explorer

      • vectric.cut3d.1.11-tpc.exe (PID: 1732)

    • Uses REG/REGEDIT.EXE to modify registry

      • vectric.cut3d.1.11-tpc.exe (PID: 1732)

  • INFO

    • Reads the computer name

      • Cut3D_1_110_Setup.exe (PID: 2260)
      • vectric.cut3d.1.11-tpc.exe (PID: 1732)
      • vectric.cut3d.1.11-tpc.exe (PID: 3968)
      • Cut3D.exe (PID: 2980)

    • Checks supported languages

      • Cut3D_1_110_Setup.exe (PID: 2260)
      • vectric.cut3d.1.11-tpc.exe (PID: 2308)
      • vectric.cut3d.1.11-tpc.exe (PID: 1732)
      • vectric.cut3d.1.11-tpc.exe (PID: 3968)
      • Cut3D.exe (PID: 2980)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 4008)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 4008)
      • dllhost.exe (PID: 3884)

    • Manual execution by a user

      • osk.exe (PID: 2448)
      • Cut3D_1_110_Setup.exe (PID: 2260)
      • Cut3D_1_110_Setup.exe (PID: 1860)
      • notepad.exe (PID: 2096)
      • vectric.cut3d.1.11-tpc.exe (PID: 2308)
      • notepad.exe (PID: 3140)
      • osk.exe (PID: 752)
      • vectric.cut3d.1.11-tpc.exe (PID: 1796)
      • notepad.exe (PID: 2960)
      • vectric.cut3d.1.11-tpc.exe (PID: 2612)
      • vectric.cut3d.1.11-tpc.exe (PID: 3968)
      • vectric.cut3d.1.11-tpc.exe (PID: 1732)
      • Cut3D.exe (PID: 2980)

    • Creates files in the program directory

      • Cut3D_1_110_Setup.exe (PID: 2260)
      • dllhost.exe (PID: 3884)
      • vectric.cut3d.1.11-tpc.exe (PID: 1732)

    • Create files in a temporary directory

      • Cut3D_1_110_Setup.exe (PID: 2260)
      • vectric.cut3d.1.11-tpc.exe (PID: 3968)
      • vectric.cut3d.1.11-tpc.exe (PID: 1732)

    • Reads the machine GUID from the registry

      • Cut3D.exe (PID: 2980)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
77
Monitored processes
16
Malicious processes
1
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe cut3d_1_110_setup.exe no specs cut3d_1_110_setup.exe notepad.exe no specs vectric.cut3d.1.11-tpc.exe no specs vectric.cut3d.1.11-tpc.exe notepad.exe no specs osk.exe no specs osk.exe vectric.cut3d.1.11-tpc.exe no specs vectric.cut3d.1.11-tpc.exe notepad.exe no specs Copy/Move/Rename/Delete/Link Object vectric.cut3d.1.11-tpc.exe regedit.exe no specs cut3d.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
392"C:\Windows\regedit.exe" /s "C:\Users\admin\AppData\Local\Temp\\regpatch.reg"C:\Windows\regedit.exevectric.cut3d.1.11-tpc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Editor
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\regedit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
752"C:\Windows\system32\osk.exe" C:\Windows\System32\osk.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Accessibility On-Screen Keyboard
Exit code:
3221226540
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\osk.exe
c:\windows\system32\ntdll.dll
1732"C:\Program Files\Cut3D 1.11\vectric.cut3d.1.11-tpc.exe" C:\Program Files\Cut3D 1.11\vectric.cut3d.1.11-tpc.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\program files\cut3d 1.11\vectric.cut3d.1.11-tpc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
1796"C:\Users\admin\Desktop\Vectric Cut3D 1.110\Crack_Patch\vectric.cut3d.1.11-tpc.exe" C:\Users\admin\Desktop\Vectric Cut3D 1.110\Crack_Patch\vectric.cut3d.1.11-tpc.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\vectric cut3d 1.110\crack_patch\vectric.cut3d.1.11-tpc.exe
c:\windows\system32\ntdll.dll
1860"C:\Users\admin\Desktop\Vectric Cut3D 1.110\Cut3D_1_110_Setup.exe" C:\Users\admin\Desktop\Vectric Cut3D 1.110\Cut3D_1_110_Setup.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\vectric cut3d 1.110\cut3d_1_110_setup.exe
c:\windows\system32\ntdll.dll
2096"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\Vectric Cut3D 1.110\Readme.txtC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2260"C:\Users\admin\Desktop\Vectric Cut3D 1.110\Cut3D_1_110_Setup.exe" C:\Users\admin\Desktop\Vectric Cut3D 1.110\Cut3D_1_110_Setup.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\vectric cut3d 1.110\cut3d_1_110_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
2308"C:\Users\admin\Desktop\Vectric Cut3D 1.110\Crack_Patch\vectric.cut3d.1.11-tpc.exe" C:\Users\admin\Desktop\Vectric Cut3D 1.110\Crack_Patch\vectric.cut3d.1.11-tpc.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
1985370584
Modules
Images
c:\users\admin\desktop\vectric cut3d 1.110\crack_patch\vectric.cut3d.1.11-tpc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
2448"C:\Windows\system32\osk.exe" C:\Windows\System32\osk.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Accessibility On-Screen Keyboard
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\osk.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2612"C:\Users\admin\Desktop\Vectric Cut3D 1.110\Crack_Patch\vectric.cut3d.1.11-tpc.exe" C:\Users\admin\Desktop\Vectric Cut3D 1.110\Crack_Patch\vectric.cut3d.1.11-tpc.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\vectric cut3d 1.110\crack_patch\vectric.cut3d.1.11-tpc.exe
c:\windows\system32\ntdll.dll
Total events
14 689
Read events
14 610
Write events
74
Delete events
5

Modification events

(PID) Process:(4008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(4008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(4008) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(4008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(4008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(4008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(4008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\VectricCut3D1.110.b.taiwebs.com.rar
(PID) Process:(4008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(4008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(4008) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
15
Suspicious files
6
Text files
219
Unknown types
9

Dropped files

PID
Process
Filename
Type
4008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb4008.23389\Vectric Cut3D 1.110\Crack_Patch\vectric.cut3d.1.11-tpc.exeexecutable
MD5:
SHA256:
4008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb4008.23389\Vectric Cut3D 1.110\Cut3D_1_110_Setup.exeexecutable
MD5:
SHA256:
4008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb4008.23389\Vectric Cut3D 1.110\Readme.txttext
MD5:
SHA256:
2260Cut3D_1_110_Setup.exeC:\Users\admin\AppData\Local\Temp\nsp993E.tmp\modern-wizard.bmpimage
MD5:
SHA256:
2260Cut3D_1_110_Setup.exeC:\Users\admin\AppData\Local\Temp\nsp993E.tmp\nsDialogs.dllexecutable
MD5:
SHA256:
2260Cut3D_1_110_Setup.exeC:\Users\admin\AppData\Local\Temp\nsp993E.tmp\System.dllexecutable
MD5:
SHA256:
2260Cut3D_1_110_Setup.exeC:\Users\admin\AppData\Local\Temp\nsp993E.tmp\StartMenu.dllexecutable
MD5:
SHA256:
2260Cut3D_1_110_Setup.exeC:\Program Files\Cut3D 1.11\Licence.txttext
MD5:
SHA256:
2260Cut3D_1_110_Setup.exeC:\Program Files\Cut3D 1.11\readme.txttext
MD5:
SHA256:
2260Cut3D_1_110_Setup.exeC:\Program Files\Cut3D 1.11\Defaults\VA3D_MachinistCutOut.defaultbinary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
VectricCut3D1.110.b.taiwebs.com.rar