eb3a0dde867994262fd22df0f5011cda8f7152a43da08b9a52c25d7f24bc24c2 | Triage

Submit
Reports

Overview

overview

6

Static

static

3

exe.win-am...ox.exe

windows7-x64

1

exe.win-am...ox.exe

windows10-2004-x64

6

exe.win-am...ES.pyc

windows7-x64

3

exe.win-am...ES.pyc

windows10-2004-x64

3

exe.win-am...C4.dll

windows7-x64

1

exe.win-am...C4.dll

windows10-2004-x64

1

exe.win-am...sh.pyc

windows7-x64

3

exe.win-am...sh.pyc

windows10-2004-x64

3

exe.win-am...20.dll

windows7-x64

1

exe.win-am...20.dll

windows10-2004-x64

1

exe.win-am...__.pyc

windows7-x64

3

exe.win-am...__.pyc

windows10-2004-x64

3

exe.win-am...20.dll

windows7-x64

1

exe.win-am...20.dll

windows10-2004-x64

1

exe.win-am...bc.pyc

windows7-x64

3

exe.win-am...bc.pyc

windows10-2004-x64

3

exe.win-am...cm.pyc

windows7-x64

3

exe.win-am...cm.pyc

windows10-2004-x64

3

exe.win-am...fb.pyc

windows7-x64

3

exe.win-am...fb.pyc

windows10-2004-x64

3

exe.win-am...tr.pyc

windows7-x64

3

exe.win-am...tr.pyc

windows10-2004-x64

3

exe.win-am...ax.pyc

windows7-x64

3

exe.win-am...ax.pyc

windows10-2004-x64

3

exe.win-am...cb.pyc

windows7-x64

3

exe.win-am...cb.pyc

windows10-2004-x64

3

exe.win-am...cm.pyc

windows7-x64

3

exe.win-am...cm.pyc

windows10-2004-x64

3

exe.win-am...cb.pyc

windows7-x64

3

exe.win-am...cb.pyc

windows10-2004-x64

3

exe.win-am...fb.pyc

windows7-x64

3

exe.win-am...fb.pyc

windows10-2004-x64

Analysis

max time kernel
95s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 05:26

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

exe.win-amd64-3.11/Roblox.exe

Resource

win7-20230831-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

exe.win-amd64-3.11/Roblox.exe

Resource

win10v2004-20230915-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral3

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/AES.pyc

Resource

win7-20230831-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral4

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/AES.pyc

Resource

win10v2004-20230915-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral5

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_ARC4.dll

Resource

win7-20230831-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_ARC4.dll

Resource

win10v2004-20230915-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_EKSBlowfish.pyc

Resource

win7-20230831-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral8

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_EKSBlowfish.pyc

Resource

win10v2004-20230915-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral9

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_Salsa20.dll

Resource

win7-20230831-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_Salsa20.dll

Resource

win10v2004-20230915-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/__init__.pyc

Resource

win7-20230831-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral12

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/__init__.pyc

Resource

win10v2004-20230915-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral13

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_chacha20.dll

Resource

win7-20230831-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_chacha20.dll

Resource

win10v2004-20230915-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_cbc.pyc

Resource

win7-20230831-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral16

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_cbc.pyc

Resource

win10v2004-20230915-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral17

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_ccm.pyc

Resource

win7-20230831-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral18

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_ccm.pyc

Resource

win10v2004-20230915-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral19

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_cfb.pyc

Resource

win7-20230831-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral20

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_cfb.pyc

Resource

win10v2004-20230915-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral21

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_ctr.pyc

Resource

win7-20230831-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral22

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_ctr.pyc

Resource

win10v2004-20230915-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral23

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_eax.pyc

Resource

win7-20230831-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral24

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_eax.pyc

Resource

win10v2004-20230915-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral25

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_ecb.pyc

Resource

win7-20230831-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral26

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_ecb.pyc

Resource

win10v2004-20230915-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral27

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_gcm.pyc

Resource

win7-20230831-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral28

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_gcm.pyc

Resource

win10v2004-20230915-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral29

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_ocb.pyc

Resource

win7-20230831-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral30

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_ocb.pyc

Resource

win10v2004-20230915-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral31

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_ofb.pyc

Resource

win7-20230831-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral32

Sample

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_mode_ofb.pyc

Resource

win10v2004-20230915-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

exe.win-amd64-3.11/lib/Cryptodome/Cipher/_Salsa20.dll
Size

13KB
MD5

b625901b579272698580a7872c55d7d5
SHA1

dbe00e27164072acbee55fd8207861fb00cc618b
SHA256

e35223a351faa644929b8a610dbda5d3cf21bc6b0625e5607927db92c3488f94
SHA512

0631f5d094279086c47d2e1a1d4d8d30e87dbb8ee2ee70b2fd7277b93d89877a797bf73868f84aa88409ba3bd448089a9d339f91dd90d4bfb8a7b4a2d8736cfa
SSDEEP

192:eF/1nb2eqCQtkluknuz4ceS4QDuRA7cqgYvEP:U2P6luLtn4QDmmgYvEP

Score

1^/10

Malware Config

Signatures

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\exe.win-amd64-3.11\lib\Cryptodome\Cipher\_Salsa20.dll,#1
1⤵
PID:4556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2025

Terms | Privacy