10eabb4d8e673445cc7f5473c4e3ebe37421be2ccd483d33111512587414e619 | Triage

Submit
Reports

Overview

overview

Static

static

Robux_Gene...22.exe

windows7-x64

Robux_Gene...22.exe

windows10-2004-x64

Sharing

General

Target

Robux_Generator_2022.zip
Size

4.3MB
Sample

220904-ccfk7agcep
MD5

d323482a2b425bd6880358d4b035f1bd
SHA1

8cd0f96be01d58afdfc132df5520fe0b3b02ba2f
SHA256

10eabb4d8e673445cc7f5473c4e3ebe37421be2ccd483d33111512587414e619
SHA512

0dbf53915b1d6233e2895547e739afdd9e7c7d37c81a5dc338c022c38576fd3a4f3a2789200ed607819c0751cf1b98fada5716795a617f20b9ef5b0251ea13bc
SSDEEP

98304:S0jmvtGJ6AtTJuiE6uVkWjZemvRCYVVaj0UC5KDnGo/p504:S0h6AlJuiNuVrjZtvVVg9hf

Score

10^/10

discovery evasion exploit

Static task

static1

Behavioral task

behavioral1

Sample

Robux_Generator_2022.exe

Resource

win7-20220812-en

discovery evasion exploit

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

Robux_Generator_2022.exe

Resource

win10v2004-20220812-en

discovery evasion exploit

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  Robux_Generator_2022.exe
- Size
  
  4.3MB
- MD5
  
  5fd12b46ca997e856bb0defe34eb8632
- SHA1
  
  8d94ad02ed1ee5315280f4c586e08516a68b5f03
- SHA256
  
  43548a7cde8b897d0e82c12632fed61427fe5e049cabb9bf604ebda02b6dcadb
- SHA512
  
  4b4baf2016ff0590f77f775f9806bd1ba3689e1bb81601a2f82b3b9ee335c68b80aad6c53dacdd81b65126da41619ac9192f8d358e99f77bdf26f472f3bd9aed
- SSDEEP
  
  98304:MK6GiPaCLOaRwhwygfBCvw0EOSWUvmZ4FPDSnCN5KxZIoDIiXsSUwV:MvCZlEpCvw0o7QSAZvD1XnUwV
Score

10^/10

discovery evasion exploit
- Modifies security service
  evasion
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Impair Defenses

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexploit

behavioral2

discoveryevasionexploit

© 2018-2024

Terms | Privacy