83dfcb08ea4aa1b857d952a8a177db775d1a7e9cfc30b528848a4a29c8dbf0b9

Resubmissions

05/03/2024, 13:44

240305-q2bkesgb51 3

Analysis

max time kernel
208s
max time network
152s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 13:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rbxfpsunlocker.exe
Size

605KB
MD5

09d083f0e2c1e8a3561209902333ad8f
SHA1

d9692d3aba34a39aeb9e53cb3d25562b94e2e597
SHA256

83dfcb08ea4aa1b857d952a8a177db775d1a7e9cfc30b528848a4a29c8dbf0b9
SHA512

c71371263cacc4872a4bf621614940f08c9436062683be5de921ae6e509079e25ea380623e8945d40858819a664bd76590defb2a89949e8e5666190f1024ca6b
SSDEEP

12288:IKOjJsDc2+WC+D+4H/xeGofENaTSuGCC709:IKyacgDD+4fwG1NaTSw

Score

1^/10

Malware Config

Signatures

Modifies system certificate store 2 TTPs 2 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	rbxfpsunlocker.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	rbxfpsunlocker.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe
1720	rbxfpsunlocker.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1720	rbxfpsunlocker.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1720	rbxfpsunlocker.exe

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"
1⤵
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads