Overview

overview

6

Static

static

URLScan

urlscan

1

https://ro.blox.com/...

windows7-x64

6

https://ro.blox.com/...

windows10-2004-x64

5

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-10-2022 11:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://ro.blox.com/Ebh5?pid=share&is_retargeting=true&af_dp=roblox%3A%2F%2Fnavigation%2Fgame_details%3FgameId%3D3701795391&af_web_dp=https%3A%2F%2Fwww.roblox.com%2Fgames%2F10064361907

Score
5/10
googlephishing

Malware Config

Signatures

  • Detected potential entity reuse from brand google.
    phishinggoogle
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://ro.blox.com/Ebh5?pid=share&is_retargeting=true&af_dp=roblox%3A%2F%2Fnavigation%2Fgame_details%3FgameId%3D3701795391&af_web_dp=https%3A%2F%2Fwww.roblox.com%2Fgames%2F10064361907
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:860
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:860 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4364
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2264
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff830c94f50,0x7ff830c94f60,0x7ff830c94f70
      2⤵
        PID:5064
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1628,9937380977441377002,5551890705391395795,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1704 /prefetch:2
        2⤵
          PID:3452
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,9937380977441377002,5551890705391395795,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2032 /prefetch:8
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3068
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1628,9937380977441377002,5551890705391395795,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2348 /prefetch:8
          2⤵
            PID:3508
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,9937380977441377002,5551890705391395795,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
            2⤵
              PID:4852
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,9937380977441377002,5551890705391395795,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
              2⤵
                PID:1696
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,9937380977441377002,5551890705391395795,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
                2⤵
                  PID:4284
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,9937380977441377002,5551890705391395795,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4556 /prefetch:8
                  2⤵
                    PID:3592
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,9937380977441377002,5551890705391395795,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4572 /prefetch:8
                    2⤵
                      PID:2224
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,9937380977441377002,5551890705391395795,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4804 /prefetch:8
                      2⤵
                        PID:1116
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,9937380977441377002,5551890705391395795,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4880 /prefetch:8
                        2⤵
                          PID:2508
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,9937380977441377002,5551890705391395795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2964 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:2520
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,9937380977441377002,5551890705391395795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3692
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,9937380977441377002,5551890705391395795,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4852 /prefetch:8
                          2⤵
                            PID:2460
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,9937380977441377002,5551890705391395795,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4720 /prefetch:8
                            2⤵
                              PID:3152
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,9937380977441377002,5551890705391395795,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5204 /prefetch:8
                              2⤵
                                PID:5008
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,9937380977441377002,5551890705391395795,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
                                2⤵
                                  PID:4364
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4080

                                Network

                                MITRE ATT&CK Matrix ATT&CK v6

                                Initial Access

                                Execution

                                Persistence

                                Privilege Escalation

                                Defense Evasion

                                Modify Registry

                                1
                                T1112

                                Credential Access

                                Discovery

                                Query Registry

                                1
                                T1012

                                System Information Discovery

                                1
                                T1082

                                Lateral Movement

                                Collection

                                Exfiltration

                                Command and Control

                                Impact

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
                                  Filesize

                                  1KB

                                  MD5

                                  c37caff982b12eb129a2de1e75d724bc

                                  SHA1

                                  b5edeea9591c9be2013790ef3bd877b8819ee0c7

                                  SHA256

                                  4505b9febf6bce99f403bf3a4c01f013ac38cc20ddfd03936cf0ab58d2705ab7

                                  SHA512

                                  3094a87766700b24cee84ce50a821f6311e8332e5f48bd13931cf18f7f66133b77df28d8ca22582e5a4f1c15173bdcb5142fa6914c4f642f52b41725d8b4bbb2

                                  Download Submit
                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_14F2E352CCFE495001982FFDAAC3BE84
                                  Filesize

                                  471B

                                  MD5

                                  51e8be01fe1e4cf7fbec97f2268fe684

                                  SHA1

                                  25edd63df37f972dbdd8d149b26c4be60179d32b

                                  SHA256

                                  d364b01cf59a8eafc6ed2e79eab3c22b7daa341240a5dcbd272b8b48d530aeee

                                  SHA512

                                  1f608ab520f948f88b7700a760b61e11868467ca874fd8891d23805ee18bdb211bb86a4b8881a7dd8a2a91a5ae4f959fcab3fcf9678c70c52e5220f81df6bc74

                                  Download Submit
                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_1ACD2B4A039DF3260017F7BF28EE7323
                                  Filesize

                                  471B

                                  MD5

                                  9258de3968ca063250558ee06c75757b

                                  SHA1

                                  56415f416ce29130b0a0b6fc919e2cdc0fd4d693

                                  SHA256

                                  2474d99b3d10370e1efad3804a6f32452287e6b8e24d8254c69e8619a62624d0

                                  SHA512

                                  9614a7a937fc8c599944722ffd4ad07b18487df908a14fd7212b3b5d0039fdf4907053bb2e207553282077b48ce832b5d96790bf989ab6847db42122d8ccc842

                                  Download Submit
                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                                  Filesize

                                  471B

                                  MD5

                                  f525b778e6901e8c416e2920e4e3dc0b

                                  SHA1

                                  917ce8ae6d64bdd4dd438488176253022c57a083

                                  SHA256

                                  c9eee793aa4aa79f35d393f9f1d863483aaf4004dea6ac19bda868e92a71f8bd

                                  SHA512

                                  f6f47a4935c09769b8df316e1b459c7b153ed26ac409d4bf2ce62a1635dba4eaf7ce77de5ce83100d6f3ce7aadffed7591fb7cee7ac10a0c081a2d3c613f1ad8

                                  Download Submit
                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
                                  Filesize

                                  724B

                                  MD5

                                  5a11c6099b9e5808dfb08c5c9570c92f

                                  SHA1

                                  e5dc219641146d1839557973f348037fa589fd18

                                  SHA256

                                  91291a5edc4e10a225d3c23265d236ecc74473d9893be5bd07e202d95b3fb172

                                  SHA512

                                  c2435b6619464a14c65ab116ab83a6e0568bdf7abc5e5a5e19f3deaf56c70a46360965da8b60e1256e9c8656aef9751adb9e762731bb8dbab145f1c8224ac8f9

                                  Download Submit
                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_8456CE0951A5B3D70FA7C7024ACD6963
                                  Filesize

                                  472B

                                  MD5

                                  bbc303dd66c264bbeae5d46bdf29c54f

                                  SHA1

                                  a02c9ab679779abe2ed8efe3ea1139ee1391046c

                                  SHA256

                                  4d0b710e7a88731b64d197eae6444b1fa4a9064ac9736689518d1c498157716d

                                  SHA512

                                  5e4176ab158988cdc615b1edca8bd186ec2b7c32c7afead06395ac2dd25cea52908ceb8b5efe405e79cd5b58bf6cc513b9c74640fbdf17268f6a2e617016d9cb

                                  Download Submit
                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
                                  Filesize

                                  410B

                                  MD5

                                  ff1a15f41ab8415ba394cad0cfe4e5b3

                                  SHA1

                                  3b26e463372d43c0eb936bdacd3626580965dc46

                                  SHA256

                                  fc3363946034740070480558f21bc1fb4bf35c2e7081e6688a261426094f285f

                                  SHA512

                                  c779e6dc998580b28ef9a98c1999c211e157519161b4aafaa7292e757b6e17517ad88734c96525aeb74f9260240513ec40b757a07855a7d588afade677a0a099

                                  Download Submit
                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_14F2E352CCFE495001982FFDAAC3BE84
                                  Filesize

                                  406B

                                  MD5

                                  5e25388a4073423ae639937f976145b0

                                  SHA1

                                  297673727132c2ff094b8970f196f87652d0e362

                                  SHA256

                                  9903e84018dc5e31846872f8a8f43a32f48def5341f3f2d8aca8729d9b464e0a

                                  SHA512

                                  1ae2efc3abac22c9fda265a30faa9928b2771f9ea51774d50a266f18e6e37bd656d81f7785d00a5aee169982a2fbc5e8e8e100be582b75c3bc15ff6c7009650d

                                  Download Submit
                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_1ACD2B4A039DF3260017F7BF28EE7323
                                  Filesize

                                  414B

                                  MD5

                                  f85c812c9a82daf3c8aa0d8a1048687e

                                  SHA1

                                  91de558def7acc0aab723c7337b7de77d65a9bc2

                                  SHA256

                                  3eff102a6c42589ce357e7ee736ed436b4256581df5802e0a5deb9c904e8196d

                                  SHA512

                                  e7ec8a862ad52813f997b4f9457fdbbf75a4951aad3cfd9b1049473898393eea1edda7ee6230b4e1a831ec4ad90269a602dd850707bbc3cb4bfa503bc6161501

                                  Download Submit
                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                                  Filesize

                                  404B

                                  MD5

                                  539d4bce976131c4292fcc659508a7e9

                                  SHA1

                                  c41504215c2874f12b18beecf05c9382eb207496

                                  SHA256

                                  64e55eb145bc267700cca2b08efdd71043540345506555d68bfc8f833742e1b2

                                  SHA512

                                  ae779d4f52ac6db1d3ae40678be560d44f9cee51c2dc89fd4e58331433e10577010269b1547c393b4547f58c6b5d5d53faab7df030243cb5432424718b263a41

                                  Download Submit
                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
                                  Filesize

                                  392B

                                  MD5

                                  dff0116eb3325217a21495cd6c6ef504

                                  SHA1

                                  ef94d132da69cb8a7e3788934c8adbc8b7cdd24a

                                  SHA256

                                  d87ffef170498227d008434d4cab1ccc3464fabea7a2bb36b597f5da0764f9fc

                                  SHA512

                                  50e80749fa7f67f0311ea0b8e1db5a7581dd2ec18cc3ac1a7a546accbd0a9f9af538db4f1aacbf807d8095b30ca2beb3d33088e0b79099769a483bac3ecfc41d

                                  Download Submit
                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_8456CE0951A5B3D70FA7C7024ACD6963
                                  Filesize

                                  402B

                                  MD5

                                  4762f3b3aaacf258e8e049da12a07274

                                  SHA1

                                  5b194233b7c71e81b9f965447074aae24df9e815

                                  SHA256

                                  4701f58d3fb7ff20d1bfc8ee777bb00ce51c911a2e95bbeaf50b0c8c23d282aa

                                  SHA512

                                  4615e848e16537be7cf1a4e50ce88b7b608d5abe5f0ea9813d61575abcf035d4de14286a8b5f19b1cef17fa9af58729580e7002860c2eaa511b93ebd4ff4b5fc

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dqptnfu\imagestore.dat
                                  Filesize

                                  4KB

                                  MD5

                                  50390f96bbb17fd2df8a020e36b3115d

                                  SHA1

                                  3b9da66807333b47c2e4a3c821bcab25e71398b4

                                  SHA256

                                  98fd625e88f69a69a4baf204fdde2b5381f7ab106f2b441ceb54560a5db9a710

                                  SHA512

                                  f7e809a43f79e94c70e26f53c69ee9465af8fb3bc37c91a88d6649dcfc134ba4f15da1b51b9c05f8acc149115644279c837edae87d35e1c3d1e400bb6a005523

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dqptnfu\imagestore.dat
                                  Filesize

                                  10KB

                                  MD5

                                  84029a302bc0a382eff24a13f9dccabb

                                  SHA1

                                  c53bcfc183202d7811ed818b9673da96dd604ada

                                  SHA256

                                  9d818ba8745a1587eae36a8535a17af98294d9f9c3853cd1e83b8189e16cece5

                                  SHA512

                                  d29747a6b40cc1a44ecb7b0b9ff684ebbb432c4db73f2b89f7126f14e8cc83cc4d1055d6bd79759056e125394ea5e777fd0fc7edbd69b962b3122b60f3ebf885

                                  Download Submit
                                • \??\pipe\crashpad_2264_GHRZQXOYLZYGNKOG
                                  MD5

                                  d41d8cd98f00b204e9800998ecf8427e

                                  SHA1

                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                  SHA256

                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                  SHA512

                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                  Download Submit