Analysis
-
max time kernel
325s -
max time network
329s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
22/02/2024, 21:22
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/topics/robux-generator-free-download
Resource
win10-20240221-en
Behavioral task
behavioral2
Sample
https://github.com/topics/robux-generator-free-download
Resource
win10v2004-20240221-en
General
-
Target
https://github.com/topics/robux-generator-free-download
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531105700747458" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2988 chrome.exe 2988 chrome.exe 2396 chrome.exe 2396 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2988 chrome.exe 2988 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe Token: SeShutdownPrivilege 2988 chrome.exe Token: SeCreatePagefilePrivilege 2988 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe 2988 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2988 wrote to memory of 3672 2988 chrome.exe 30 PID 2988 wrote to memory of 3672 2988 chrome.exe 30 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 5040 2988 chrome.exe 88 PID 2988 wrote to memory of 2952 2988 chrome.exe 90 PID 2988 wrote to memory of 2952 2988 chrome.exe 90 PID 2988 wrote to memory of 3060 2988 chrome.exe 89 PID 2988 wrote to memory of 3060 2988 chrome.exe 89 PID 2988 wrote to memory of 3060 2988 chrome.exe 89 PID 2988 wrote to memory of 3060 2988 chrome.exe 89 PID 2988 wrote to memory of 3060 2988 chrome.exe 89 PID 2988 wrote to memory of 3060 2988 chrome.exe 89 PID 2988 wrote to memory of 3060 2988 chrome.exe 89 PID 2988 wrote to memory of 3060 2988 chrome.exe 89 PID 2988 wrote to memory of 3060 2988 chrome.exe 89 PID 2988 wrote to memory of 3060 2988 chrome.exe 89 PID 2988 wrote to memory of 3060 2988 chrome.exe 89 PID 2988 wrote to memory of 3060 2988 chrome.exe 89 PID 2988 wrote to memory of 3060 2988 chrome.exe 89 PID 2988 wrote to memory of 3060 2988 chrome.exe 89 PID 2988 wrote to memory of 3060 2988 chrome.exe 89 PID 2988 wrote to memory of 3060 2988 chrome.exe 89 PID 2988 wrote to memory of 3060 2988 chrome.exe 89 PID 2988 wrote to memory of 3060 2988 chrome.exe 89 PID 2988 wrote to memory of 3060 2988 chrome.exe 89 PID 2988 wrote to memory of 3060 2988 chrome.exe 89 PID 2988 wrote to memory of 3060 2988 chrome.exe 89 PID 2988 wrote to memory of 3060 2988 chrome.exe 89
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/topics/robux-generator-free-download1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2988 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7fff80ed9758,0x7fff80ed9768,0x7fff80ed97782⤵PID:3672
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1868,i,3672259273013142615,12740280484998034945,131072 /prefetch:22⤵PID:5040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1868,i,3672259273013142615,12740280484998034945,131072 /prefetch:82⤵PID:3060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1868,i,3672259273013142615,12740280484998034945,131072 /prefetch:82⤵PID:2952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1868,i,3672259273013142615,12740280484998034945,131072 /prefetch:12⤵PID:5064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1868,i,3672259273013142615,12740280484998034945,131072 /prefetch:12⤵PID:2420
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1868,i,3672259273013142615,12740280484998034945,131072 /prefetch:82⤵PID:2856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1868,i,3672259273013142615,12740280484998034945,131072 /prefetch:82⤵PID:3896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1868,i,3672259273013142615,12740280484998034945,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2396
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3160
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD510847009286c8c720c54409f8b4b1f6b
SHA16af5041ae4ece710e655216fcf4a6f8a70c1258d
SHA256a7053f4fccf0b99cf5d3576a05c2a6b716eb280f4194a65dc207f200b782b48f
SHA512a10e7a3a4a6a17be4b26de907d313db5c8b8601cbf67c41815e5d4628f3f2387418e7902c09abda321fcd58526d7fa09866f27a24abcb8cb6a8cbb74225627c7
-
Filesize
1KB
MD5b77e3c162ca006caec3c4ff01077f45a
SHA1d78ea906e9d4f052662f840fe5fff8f486f12127
SHA256480eac836c527c932fe815034a19685f8195a30a8c1f2516ac0b9822601aea2d
SHA512a2b0e0fce91c214ded98a1685d7c2d2433d8996f1f1aa7de10e01796f4f172ef98ab0fccdf56d9d4bc40d680ed2e963334fff8fe2ea465c125749cfbbb0f2143
-
Filesize
1KB
MD5608344c5b803ef985a7d4185aa0f3af2
SHA1c466dcf88ea4b29a4f81e10a6cb9814ddd9013b5
SHA256612a328bde234cc6e589630e830df5b4a86bfa785e1a8907c870e6f9c4f02b2a
SHA51203e1d8ce94c44e0e1ddf9d9de4996b68e9ae8bf72b57468f59ef10d69950a43413602a073c17fd0422e5c570b6d8bc6565bb92384c25a808740173db9dd2dea4
-
Filesize
6KB
MD58b8e5b8efba19c980683486d440e35e4
SHA17a0091b7c004186f380505edacd595297a111fd0
SHA2567a6fc5a77ce43ca2fedb1afec2c3cd17b620b1f42ea9729189f7aedf77f9a789
SHA51257beda3b930e610034c5640a389d38d11bb34fdc38ffaea42977b5ec54fd477672dcea4f4d4b0b7bd4fd8f0c0e872f41eb3e94d41a54f3cffa509010e0606583
-
Filesize
130KB
MD5bb14a480b065e07f9ba99ab1719727f9
SHA1943c1c6612b4ad642fa90f6d145272cd6cba5411
SHA256ce0b96386f49f6dfc5988bf587581a6308d0e53f17e6b748b3a9f66435802d3b
SHA512b57f71d5c5b44bf47fdfad60d32adcc9340e0bd4c31c382b60d1728ea5a6e96521fe85ed0167b2382d0af21eb52487c3bea8e63a9ac328acd81c18ec19fc32da
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd