f12322b1ba54f2dc90680656c67b77ca62621272ad176f7f6a6e12fa21c5286b | Triage

Resubmissions

02-02-2023 22:37

230202-2j18xage93 10

02-02-2023 22:37

230202-2jth3abg7y 1

02-02-2023 22:36

230202-2jc63sbg7v 3

02-02-2023 22:32

230202-2gam6sbg5s 8

02-02-2023 17:37

230202-v7ftjseh33 6

02-02-2023 17:37

230202-v66ctahh7w 1

02-02-2023 17:36

230202-v6yyqseg67 1

02-02-2023 04:42

230202-fb1rhsfa39 8

02-02-2023 04:40

230202-fa1p5agh5y 3

02-02-2023 04:40

230202-fan2bsgh5t 1

Analysis

max time kernel
69s
max time network
80s
platform
windows10-1703_x64
resource
win10-20220812-es
resource tags

arch:x64arch:x86image:win10-20220812-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
02-02-2023 04:40

Sharing

Report Analysis Logs

General

Target

Roblox Studio.lnk
Size

1KB
MD5

f445877eac985486c7b4e378971bf183
SHA1

0783fc1b30774a67870b32532f8ff487dde25b99
SHA256

f12322b1ba54f2dc90680656c67b77ca62621272ad176f7f6a6e12fa21c5286b
SHA512

2b8c756abb5fdec107bcbbeeb90b7ab97ebd95149c371fb12068fe0185458eb69dc89f1d1b9e256b1994989725b3188375f8aa6af41e6be0e616d64f4c15602b

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Roblox Studio.lnk"
1⤵
PID:4148

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...