dfdbce9b765c26599aa350287d6b218d05dc0797bde8f2ad0ac63fcdd18a811b

Analysis

max time kernel
47s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29-09-2022 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RobloxPlayerLauncher (1).exe
Size

5.4MB
MD5

ab239093b6ec030b98a7dd3ef43ab07c
SHA1

249c0cc5d4bafbb440f40fb2d4ac450a57115873
SHA256

dfdbce9b765c26599aa350287d6b218d05dc0797bde8f2ad0ac63fcdd18a811b
SHA512

57e1a8538ca2dd4041908eef3a5cb099fcf87a2018ffa37457e7c302a8e780586a000a0f9a28778dbe6a7a075293eb11ffc18fd0da29963fddd0b5d45c391ce7
SSDEEP

98304:yL8XpCsgHtJQi9UWvGf8YTewg8nwQHlSpXqxCJirVRo1vJn:yLmpEHvUWvovewgmtlSEUJim

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI17682\python39.dll	upx
\Users\Admin\AppData\Local\Temp\_MEI17682\python39.dll	upx

Loads dropped DLL 7 IoCs

Processes:

RobloxPlayerLauncher (1).exe

pid	process
1716	RobloxPlayerLauncher (1).exe
1716	RobloxPlayerLauncher (1).exe
1716	RobloxPlayerLauncher (1).exe
1716	RobloxPlayerLauncher (1).exe
1716	RobloxPlayerLauncher (1).exe
1716	RobloxPlayerLauncher (1).exe
1716	RobloxPlayerLauncher (1).exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

RobloxPlayerLauncher (1).exe

description	pid	process	target process
PID 1768 wrote to memory of 1716	1768	RobloxPlayerLauncher (1).exe	RobloxPlayerLauncher (1).exe
PID 1768 wrote to memory of 1716	1768	RobloxPlayerLauncher (1).exe	RobloxPlayerLauncher (1).exe
PID 1768 wrote to memory of 1716	1768	RobloxPlayerLauncher (1).exe	RobloxPlayerLauncher (1).exe

C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher (1).exe
"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher (1).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1768

C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher (1).exe
"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher (1).exe"
2⤵
- Loads dropped DLL
PID:1716

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI17682\api-ms-win-core-file-l1-2-0.dll
Filesize
11KB

MD5
28f9d73b929edf71e172ec6ce3ecf3d1

SHA1
51bda76e4a5c3cb77c5963433bb0d8ed4cb30ffe

SHA256
8336d3e57593d6572759339026436958a7961ace014827f6837e87a34ab87ad1

SHA512
28c8d37e9e0fd071ab2bdaebbffc71e9a1e262b494ce5e0c8e156752de0a2d2a7996a9c2a0189d60fa9ee68abbc2ae3dcd8cdb00294a498871728ba78155b81e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17682\api-ms-win-core-file-l2-1-0.dll
Filesize
11KB

MD5
5de61cd0a2e276c1c647ad6aaf239e66

SHA1
6565296115014516fafb8e3815176b34a5968bc5

SHA256
db09449ad24e6e29a912d71de89bf0b47a9d0d5740788db2b31b2b2c79937374

SHA512
dd979cdd3b0e47f35b0d47378208a90464bb0e8fe69551655a110d098c1c326370247e71449a0522d76e051b2003502ed51612002e18ee258b96338ba38542e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17682\api-ms-win-core-localization-l1-2-0.dll
Filesize
14KB

MD5
1171ca9d1389e900ce2a417dd64d25e4

SHA1
770d5ab804db98627e0543b3b15c34d5967bc71b

SHA256
df89ddfcf2a1be3aa4b35c99085bc861a48c5348891a5e7fc5280652fa917418

SHA512
577908db29313e48a9db0296e8db38ec44017f133c6b2e86db53460852016989476a4809dbaf8383deb468732e62162ce2b45c5d526e3d30c8a98552756f7810

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17682\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
12KB

MD5
d90b90aa2220db2654440c2e0e94ce2b

SHA1
4fd27aba02dd15304225a4b4baf92f49a71901da

SHA256
5378d6758333398483c20e0f622c461b4853980ba8e1d1b916dd960f1dfae11a

SHA512
195eb75d07430da1b02b7837b02ede11175c7203121fafb086a5c7d5e87d67467b834e32016e0f0251a261165425011689ce93c126e6c7746b3fb3af49b79883

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17682\api-ms-win-core-timezone-l1-1-0.dll
Filesize
12KB

MD5
b5a238976412a7e93f7741a0da827d11

SHA1
57912158d16fd3b43f1ac6d5bfe0f36072faf424

SHA256
d72ac7b9a9dfda2dbab08e2a9f612e451a0eaa6bb94cffa26bee931fe1b10053

SHA512
dca95198000416bb47a6b42a1e485d31b1577c8cb867ef177c744a85ccefae326ba5e2cfd818fd41a6c049440a27ecb5896572213dc02e8e1d435c77cdc54b41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17682\python39.dll
Filesize
1.4MB

MD5
267b57b92c42e03fb0b755cce98cb305

SHA1
b8ff299e6837a2cbbe28dc6facdc7de7650be842

SHA256
47502cbf3a458e94c4f9e2b7c00bf9a8af3a063e256bee1fc0f67e0a3017ed30

SHA512
c66723b2054cee070e7951475c11978701f680fd462d49dc7a069c654833855f5edf91e8d56390c120a6ba0f4650fe687a851525493f7bba13fa979c8c3eaaa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17682\ucrtbase.dll
Filesize
986KB

MD5
0c8809225ba552acbc2c5f6d4eb182a9

SHA1
8b30a9b49f55e422ad947a71a94c0a1fdc062ead

SHA256
8903d3c8c23aff0558d43180c7151f84c6acf81a0dc4b6b1d8282d9d948a2fac

SHA512
7683af9f7bfe50c97acae9e998fb104082735dcc8d4e974e71c987c5160e53265d82d6f86235c42ddedc61533daadf727a9322473f1dac3ed2cd30f4cd8ee0e5

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI17682\api-ms-win-core-file-l1-2-0.dll
Filesize
11KB

MD5
28f9d73b929edf71e172ec6ce3ecf3d1

SHA1
51bda76e4a5c3cb77c5963433bb0d8ed4cb30ffe

SHA256
8336d3e57593d6572759339026436958a7961ace014827f6837e87a34ab87ad1

SHA512
28c8d37e9e0fd071ab2bdaebbffc71e9a1e262b494ce5e0c8e156752de0a2d2a7996a9c2a0189d60fa9ee68abbc2ae3dcd8cdb00294a498871728ba78155b81e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI17682\api-ms-win-core-file-l2-1-0.dll
Filesize
11KB

MD5
5de61cd0a2e276c1c647ad6aaf239e66

SHA1
6565296115014516fafb8e3815176b34a5968bc5

SHA256
db09449ad24e6e29a912d71de89bf0b47a9d0d5740788db2b31b2b2c79937374

SHA512
dd979cdd3b0e47f35b0d47378208a90464bb0e8fe69551655a110d098c1c326370247e71449a0522d76e051b2003502ed51612002e18ee258b96338ba38542e7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI17682\api-ms-win-core-localization-l1-2-0.dll
Filesize
14KB

MD5
1171ca9d1389e900ce2a417dd64d25e4

SHA1
770d5ab804db98627e0543b3b15c34d5967bc71b

SHA256
df89ddfcf2a1be3aa4b35c99085bc861a48c5348891a5e7fc5280652fa917418

SHA512
577908db29313e48a9db0296e8db38ec44017f133c6b2e86db53460852016989476a4809dbaf8383deb468732e62162ce2b45c5d526e3d30c8a98552756f7810

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI17682\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
12KB

MD5
d90b90aa2220db2654440c2e0e94ce2b

SHA1
4fd27aba02dd15304225a4b4baf92f49a71901da

SHA256
5378d6758333398483c20e0f622c461b4853980ba8e1d1b916dd960f1dfae11a

SHA512
195eb75d07430da1b02b7837b02ede11175c7203121fafb086a5c7d5e87d67467b834e32016e0f0251a261165425011689ce93c126e6c7746b3fb3af49b79883

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI17682\api-ms-win-core-timezone-l1-1-0.dll
Filesize
12KB

MD5
b5a238976412a7e93f7741a0da827d11

SHA1
57912158d16fd3b43f1ac6d5bfe0f36072faf424

SHA256
d72ac7b9a9dfda2dbab08e2a9f612e451a0eaa6bb94cffa26bee931fe1b10053

SHA512
dca95198000416bb47a6b42a1e485d31b1577c8cb867ef177c744a85ccefae326ba5e2cfd818fd41a6c049440a27ecb5896572213dc02e8e1d435c77cdc54b41

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI17682\python39.dll
Filesize
1.4MB

MD5
267b57b92c42e03fb0b755cce98cb305

SHA1
b8ff299e6837a2cbbe28dc6facdc7de7650be842

SHA256
47502cbf3a458e94c4f9e2b7c00bf9a8af3a063e256bee1fc0f67e0a3017ed30

SHA512
c66723b2054cee070e7951475c11978701f680fd462d49dc7a069c654833855f5edf91e8d56390c120a6ba0f4650fe687a851525493f7bba13fa979c8c3eaaa6

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI17682\ucrtbase.dll
Filesize
986KB

MD5
0c8809225ba552acbc2c5f6d4eb182a9

SHA1
8b30a9b49f55e422ad947a71a94c0a1fdc062ead

SHA256
8903d3c8c23aff0558d43180c7151f84c6acf81a0dc4b6b1d8282d9d948a2fac

SHA512
7683af9f7bfe50c97acae9e998fb104082735dcc8d4e974e71c987c5160e53265d82d6f86235c42ddedc61533daadf727a9322473f1dac3ed2cd30f4cd8ee0e5

Download Submit
memory/1716-54-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads