1a9b22442ac88a280251dd30bc3143ed16d3685b4a457d4f604b530bc6a963e0

Analysis

max time kernel
136s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 00:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Roblox Player.lnk
Size

1KB
MD5

fde4e79f610460a10de3be3c221fbadb
SHA1

9b4f2ca5d8319f65c2ffae8f0017cc96c3727fd0
SHA256

1a9b22442ac88a280251dd30bc3143ed16d3685b4a457d4f604b530bc6a963e0
SHA512

b441e3df1ce82924ac4af8e25e064032334fa53c180a17ac65ecef10884d1e0110d54afeef1a1561e791480336463b7e94a695c873f38bdccf64bee9dfd2ffe4

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Control Panel 64 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Contrast = "0"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Colors\MenuText = "128 0 0"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Colors\InactiveTitleText = "67 78 84"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #1 = "0"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #14 = "16777215"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\WindowMetrics\SmCaptionHeight = "-255"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #13 = "16750899"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Colors\TitleText = "0 0 0"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Colors\AppWorkspace = "171 171 171"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\WindowMetrics\CaptionHeight = "-315"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #7 = "0"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\WindowMetrics\IconSpacing = "-1125"	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Font #1 = f4ffffff0000000000000000000000009001000000000001000000005300650067006f006500200055004900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Font #4 = f4ffffff0000000000000000000000009001000000000001000000005300650067006f006500200055004900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Size #6 = "17"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #2 = "13743257"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #5 = "16777215"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Colors\ButtonAlternateFace = "0 0 0"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\WindowMetrics\SmCaptionFont = f4ffffff0000000000000000000000009001000000000001000000005300650067006f006500200055004900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Colors\Window = "255 255 255"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Size #0 = "1"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Colors\GradientActiveTitle = "185 209 234"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Colors\WindowFrame = "100 100 100"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Flat Menus = "1"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\WindowMetrics\IconVerticalSpacing = "-1125"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Size #5 = "17"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #28 = "15918295"	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Font #5 = f4ffffff0000000000000000000000009001000000000001000000005300650067006f006500200055004900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #10 = "11842740"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #22 = "14935011"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #26 = "13395456"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\WindowMetrics\ScrollWidth = "-255"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Colors\Background = "0 0 0"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #0 = "13158600"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Size #8 = "19"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Colors\Menu = "255 255 255"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Colors\Hilight = "51 153 255"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Colors\ButtonFace = "240 240 240"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Size #4 = "21"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\WindowMetrics\ScrollHeight = "-255"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Colors\Scrollbar = "200 200 200"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Colors\ButtonDkShadow = "105 105 105"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #27 = "15389113"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #29 = "16750899"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #24 = "14811135"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Colors\InactiveBorder = "244 247 252"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Colors\ButtonHilight = "255 255 255"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Colors\InfoWindow = "255 255 225"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #9 = "0"	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\WindowMetrics\StatusFont = f4ffffff0000000000000000000000009001000000000001000000005300650067006f006500200055004900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #8 = "0"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #15 = "15790320"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\WindowMetrics\AppliedDPI = "96"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #11 = "16578548"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #12 = "11250603"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #20 = "16777215"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Colors\HilightText = "255 255 255"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Colors\MenuHilight = "51 153 255"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #3 = "14405055"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\WindowMetrics\MenuHeight = "-285"	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Desktop\UserPreferencesMask = 9e3e078012000000	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #6 = "6579300"	rundll32.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2616	SndVol.exe
2616	SndVol.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
2616	SndVol.exe
2616	SndVol.exe
2616	SndVol.exe
2616	SndVol.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Roblox Player.lnk"
1⤵
PID:2244

C:\Windows\system32\SndVol.exe
SndVol.exe -f 45417622 23650
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2616

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:1816

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" shell32.dll,Control_RunDLL desk.cpl,Advanced,@Advanced
1⤵
- Modifies Control Panel
PID:1372

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2560

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2868

C:\Program Files\Windows Mail\wab.exe
"C:\Program Files\Windows Mail\wab.exe" /contact "C:\Users\Admin\Desktop\WaitWrite.contact"
1⤵
PID:1184

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2616-29-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download