Overview

overview

5

Static

static

3

NetflixCE ...io.exe

windows7-x64

5

NetflixCE ...io.exe

windows10-2004-x64

5

NetflixCE ...ct.lua

windows7-x64

3

NetflixCE ...ct.lua

windows10-2004-x64

3

NetflixCE ...64.pot

windows7-x64

1

NetflixCE ...64.pot

windows10-2004-x64

1

NetflixCE ...ua.exe

windows7-x64

1

NetflixCE ...ua.exe

windows10-2004-x64

1

NetflixCE ...er.exe

windows7-x64

1

NetflixCE ...er.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    47s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23-04-2024 22:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NetflixCE V4/NetflixCE/RobloxStudio.exe

  • Size

    16.1MB

  • MD5

    8e6a15de31285c621f54e28f2a916234

  • SHA1

    5d00229772679367c103cd38428aa9943bbeab10

  • SHA256

    648397280c2b3660755a91900faccbc2f9431f891ae3ecccd8c54950abcaff11

  • SHA512

    7b1b1f6fc3186db8752805f66baf846a9930a6edb516e312c381fe018a47be184f478e3f604a41a7d76d42ff1b4bcd6463c8738d558aa9f806a6cf40dccdaee2

  • SSDEEP

    393216:b3Z8A06vEQ3ITvzx46SxiILGRKuc3W/R8q:b3ZIzx46YNLRWpN

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 50 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 16 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NetflixCE V4\NetflixCE\RobloxStudio.exe
    "C:\Users\Admin\AppData\Local\Temp\NetflixCE V4\NetflixCE\RobloxStudio.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3024

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3024-0-0x00000000042B0000-0x00000000042B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3024-3-0x00000000042B0000-0x00000000042B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3024-7-0x00000000042C0000-0x00000000042C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3024-11-0x00000000042D0000-0x00000000042D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3024-15-0x00000000042E0000-0x00000000042E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3024-19-0x00000000042F0000-0x00000000042F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3024-27-0x00000000042F0000-0x00000000042F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3024-31-0x0000000004300000-0x0000000004301000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3024-35-0x0000000004300000-0x0000000004301000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3024-39-0x0000000004300000-0x0000000004301000-memory.dmp
    Filesize

    4KB

    Download