Analysis

  • max time kernel
    71s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    02-02-2024 15:24

General

  • Target

    Robux_Generator_2023/Installer.exe

  • Size

    14.3MB

  • MD5

    e0bf4b95b5fc778d1263591470f1bfdf

  • SHA1

    900bfbf77b4159bc3e75ee2a400474875fcb1614

  • SHA256

    48b24b0bb4f81a9171a6cdca553dcc341875cb23c8509293f119510df6a8b8a1

  • SHA512

    ae92b93e2ad8d40501b5acf1012a1136f92ea8e4194a453b88b7ca905ac7ad407fa4259610b8befdb3ad1cc38fdadfea865f8ca8498007fae86f7ce1550be7bc

  • SSDEEP

    393216:/qu7L/qdQusl7Q+q9RoWOv+9fa2Nwl5SRVzwkB:yCLydQu2QdborvSiawlUVzw

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Robux_Generator_2023\Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\Robux_Generator_2023\Installer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1160
    • C:\Users\Admin\AppData\Local\Temp\Robux_Generator_2023\Installer.exe
      "C:\Users\Admin\AppData\Local\Temp\Robux_Generator_2023\Installer.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of FindShellTrayWindow
      PID:1260
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2984
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe"
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2304
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:1200

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\_MEI11602\python310.dll

        Filesize

        4.3MB

        MD5

        deaf0c0cc3369363b800d2e8e756a402

        SHA1

        3085778735dd8badad4e39df688139f4eed5f954

        SHA256

        156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d

        SHA512

        5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989