Analysis
-
max time kernel
71s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
02-02-2024 15:24
Behavioral task
behavioral1
Sample
Robux_Generator_2023/Installer.exe
Resource
win7-20231215-en
General
-
Target
Robux_Generator_2023/Installer.exe
-
Size
14.3MB
-
MD5
e0bf4b95b5fc778d1263591470f1bfdf
-
SHA1
900bfbf77b4159bc3e75ee2a400474875fcb1614
-
SHA256
48b24b0bb4f81a9171a6cdca553dcc341875cb23c8509293f119510df6a8b8a1
-
SHA512
ae92b93e2ad8d40501b5acf1012a1136f92ea8e4194a453b88b7ca905ac7ad407fa4259610b8befdb3ad1cc38fdadfea865f8ca8498007fae86f7ce1550be7bc
-
SSDEEP
393216:/qu7L/qdQusl7Q+q9RoWOv+9fa2Nwl5SRVzwkB:yCLydQu2QdborvSiawlUVzw
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
Installer.exepid process 1260 Installer.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
7zFM.exedescription pid process Token: SeRestorePrivilege 2304 7zFM.exe Token: 35 2304 7zFM.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
Installer.exepid process 1260 Installer.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Installer.exedescription pid process target process PID 1160 wrote to memory of 1260 1160 Installer.exe Installer.exe PID 1160 wrote to memory of 1260 1160 Installer.exe Installer.exe PID 1160 wrote to memory of 1260 1160 Installer.exe Installer.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Robux_Generator_2023\Installer.exe"C:\Users\Admin\AppData\Local\Temp\Robux_Generator_2023\Installer.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1160 -
C:\Users\Admin\AppData\Local\Temp\Robux_Generator_2023\Installer.exe"C:\Users\Admin\AppData\Local\Temp\Robux_Generator_2023\Installer.exe"2⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:1260
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2984
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2304
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:1200
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.3MB
MD5deaf0c0cc3369363b800d2e8e756a402
SHA13085778735dd8badad4e39df688139f4eed5f954
SHA256156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d
SHA5125cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989