Overview

overview

7

Static

static

1

Roblox.Acc....5.zip

windows7-x64

1

Roblox.Acc....5.zip

windows10-2004-x64

1

Auto Update.exe

windows7-x64

1

Auto Update.exe

windows10-2004-x64

3

RBX Alt Manager.exe

windows7-x64

3

RBX Alt Manager.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    106s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-04-2023 22:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Auto Update.exe

  • Size

    20KB

  • MD5

    525b4c5d9d68c69cf3f6e088faa07053

  • SHA1

    b576da130d226ecd0e1c37d4a9f31c7312e33a01

  • SHA256

    2b593604213a7f0e02a5ddd86b7b71f5fc169a098ce5e10154062419ae68c84c

  • SHA512

    c32344135e54f9a7641a541546819d7c5a605c66c83b4208d1952ca328812a06c0816eabaef9ac86c39d520d93a8b12bd20826267364b23001b8ce5e30e427db

  • SSDEEP

    384:yYoMRp5SEaIvrDyBKazEoHjqCmE17C8fpTeptYcF6/Vc03K:yJ0p9E4yxqtYcF6/Vc6K

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Auto Update.exe
    "C:\Users\Admin\AppData\Local\Temp\Auto Update.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1484
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 13440
      2⤵
      • Program crash
      PID:3384
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1484 -ip 1484
    1⤵
      PID:2840

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1484-133-0x0000000000570000-0x000000000057A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1484-134-0x00000000055C0000-0x0000000005B64000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/1484-135-0x0000000004F10000-0x0000000004FA2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/1484-136-0x0000000002A50000-0x0000000002A60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1484-137-0x0000000004FD0000-0x0000000004FDA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1484-138-0x0000000002A50000-0x0000000002A60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1484-139-0x0000000002A50000-0x0000000002A60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1484-140-0x0000000002A50000-0x0000000002A60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1484-142-0x000000000AEA0000-0x000000000AEAA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1484-143-0x000000000AED0000-0x000000000AEE2000-memory.dmp

      Filesize

      72KB

      Download