Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
04-12-2023 09:00
Behavioral task
behavioral1
Sample
Roblox-UWP-Executor-main/Execution.dll
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Roblox-UWP-Executor-main/Execution.dll
Resource
win10v2004-20231127-en
Behavioral task
behavioral3
Sample
Roblox-UWP-Executor-main/XYZ.dll
Resource
win7-20231023-en
Behavioral task
behavioral4
Sample
Roblox-UWP-Executor-main/XYZ.dll
Resource
win10v2004-20231130-en
Behavioral task
behavioral5
Sample
Roblox-UWP-Executor-main/XYZ.exe
Resource
win7-20231129-en
General
-
Target
Roblox-UWP-Executor-main/Execution.dll
-
Size
208KB
-
MD5
fb437fa76df479d1c7f32326494d3922
-
SHA1
f6ead50a07b938b326fab77f053658b00c1bf789
-
SHA256
df655e9b4aad5c8c90828755126d8211d6ddd18aa9a38590ffbda6f6969df590
-
SHA512
9925f8c5634721171158a28b14c59ba8421c85f1b31a6d0d393dc9e9e5195052fb619adfcdc2d77fc6bf78eb550674097d2cee67bcc7ec26313f5e94e784fd57
-
SSDEEP
6144:AlniJt1wpYpuXYrlXbp2m/8nTyOcTQftV+k:u4EorlXb78nfcTQ1x
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2040 wrote to memory of 2056 2040 rundll32.exe 28 PID 2040 wrote to memory of 2056 2040 rundll32.exe 28 PID 2040 wrote to memory of 2056 2040 rundll32.exe 28 PID 2040 wrote to memory of 2056 2040 rundll32.exe 28 PID 2040 wrote to memory of 2056 2040 rundll32.exe 28 PID 2040 wrote to memory of 2056 2040 rundll32.exe 28 PID 2040 wrote to memory of 2056 2040 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Roblox-UWP-Executor-main\Execution.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2040 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Roblox-UWP-Executor-main\Execution.dll,#12⤵PID:2056
-