beb5387f649a2e184d9d3cdd7629d2fd6d307eb9b8e270e67aa228ffca9e7002

Analysis

max time kernel
315s
max time network
393s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
24/02/2024, 17:22

Target

roblox-game-copier.py
Size

10.1MB
MD5

db446fea3293f681c526238d13caf08c
SHA1

0322e807ce999a7b5317aa4c663e06c95a76ecfa
SHA256

beb5387f649a2e184d9d3cdd7629d2fd6d307eb9b8e270e67aa228ffca9e7002
SHA512

cd2e5cce6c5a47ecb0d663b6bc87a9a2b65be9e064327213f4388de744d2723110de0ad24ce3968bb6a13eb05d388b1073e334199d59302fc71fbd221ee4cead
SSDEEP

3072:8e7NXdE//jpnUaK8HlQ89X/J3uT3Tt4+HShPC18LEAkgAbiUwP:8eZtE/bpWwlz12HShPzI8

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-885525822-3215264538-2232956653-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-885525822-3215264538-2232956653-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1296	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\roblox-game-copier.py
1⤵
- Modifies registry class
PID:4272

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact