Analysis
-
max time kernel
144s -
max time network
139s -
platform
windows10-1703_x64 -
resource
win10-20240221-en -
resource tags
arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system -
submitted
26-02-2024 15:11
Behavioral task
behavioral1
Sample
ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe
Resource
win10-20240221-en
3 signatures
150 seconds
General
-
Target
ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe
-
Size
67KB
-
MD5
6d7056b8ffda89562aae758e22b063b4
-
SHA1
dcc45297abc6d3facb19746245b1d18e55307e4b
-
SHA256
8a1364d1d1254b51557f2b76e8abfe37bbd6b5220894f32e4fad64b115bd7ece
-
SHA512
08f0e1a19c252b028758b5454746e38f21eadc10e8c47ec9e15b4f4ff4a614b72306be07373f94d68665fd1a4053195af1101c01d556ea0aac75bef43664c423
-
SSDEEP
1536:+LE3nYi9bScWq2dH3RZ7dWWTA9/AWL+kYmfxdJu:+oXYi9bcqChhdW+Er+mxdJ
Score
7/10
Malware Config
Signatures
-
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
description pid Process Token: SeDebugPrivilege 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: 33 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: SeIncBasePriorityPrivilege 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: 33 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: SeIncBasePriorityPrivilege 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: 33 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: SeIncBasePriorityPrivilege 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: 33 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: SeIncBasePriorityPrivilege 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: 33 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: SeIncBasePriorityPrivilege 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: 33 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: SeIncBasePriorityPrivilege 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: 33 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: SeIncBasePriorityPrivilege 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: 33 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: SeIncBasePriorityPrivilege 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: 33 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: SeIncBasePriorityPrivilege 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: 33 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: SeIncBasePriorityPrivilege 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: 33 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: SeIncBasePriorityPrivilege 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: 33 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: SeIncBasePriorityPrivilege 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: 33 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: SeIncBasePriorityPrivilege 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: 33 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: SeIncBasePriorityPrivilege 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: 33 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: SeIncBasePriorityPrivilege 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: 33 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: SeIncBasePriorityPrivilege 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: 33 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe Token: SeIncBasePriorityPrivilege 4640 ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe"C:\Users\Admin\AppData\Local\Temp\ROBLOX HACKING LOLLLL XD XD XD XD XD XDX D XD XD X DXX DXDX DXDXD X DX DX DX DX DXD.exe"1⤵
- Drops startup file
- Suspicious use of AdjustPrivilegeToken
PID:4640