457e283be32fe34553830c61bf67300a57271835e8082cf1a2b8f4d978bc49f3

Analysis

max time kernel
51s
max time network
39s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
05-05-2024 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FREE ROBUX SCRIPT.exe
Size

7.8MB
MD5

31257ad3f83be40152697469ba51b0b7
SHA1

20a1c875b4c711114603ccabc0b88bc0697c2ba8
SHA256

457e283be32fe34553830c61bf67300a57271835e8082cf1a2b8f4d978bc49f3
SHA512

bb0eb0fcd12e8c5696691b33659cc8ad978a7378f4d2de0a2990d5d77d75949f69a8c05c75f2cafed60ebd6b3310ee9a263e828628f37af1198a141d1c3a05e7
SSDEEP

196608:ahJgjV1W903eV4QFMToEuGxgh858F0ibfUBQ4gABKbk9At8:ZLW+eGQFMTozGxu8C0ibfPLS

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2712	FREE ROBUX SCRIPT.exe
2712	FREE ROBUX SCRIPT.exe
2712	FREE ROBUX SCRIPT.exe
2712	FREE ROBUX SCRIPT.exe
2712	FREE ROBUX SCRIPT.exe
2712	FREE ROBUX SCRIPT.exe
2712	FREE ROBUX SCRIPT.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2712	2372	FREE ROBUX SCRIPT.exe	28
PID 2372 wrote to memory of 2712	2372	FREE ROBUX SCRIPT.exe	28
PID 2372 wrote to memory of 2712	2372	FREE ROBUX SCRIPT.exe	28

C:\Users\Admin\AppData\Local\Temp\FREE ROBUX SCRIPT.exe
"C:\Users\Admin\AppData\Local\Temp\FREE ROBUX SCRIPT.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Users\Admin\AppData\Local\Temp\FREE ROBUX SCRIPT.exe
  "C:\Users\Admin\AppData\Local\Temp\FREE ROBUX SCRIPT.exe"
  2⤵
  - Loads dropped DLL
  PID:2712

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI23722\api-ms-win-core-file-l2-1-0.dll

Filesize
22KB

MD5
aaf93ef5c6eca9434286274ef91794dd

SHA1
b68cd2f56e5c840346e3ad52255a6061c1797a7b

SHA256
4413208101061038455b7e0752fb37d4108b3ec4642d10cbaddf835b3843888e

SHA512
04a30769851b829e71ba0ab3f1a76eceae565dd639047b4c6ff9952bc4d6502d117eec81e151843dfaa147894e3046a333e39d2dae2ae65effd7dc1b91368541

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23722\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
9e1e3021560384db14b76243df9604e4

SHA1
f79a3241314f18db0b979af8e114c191d499a7c9

SHA256
197b29ba3989e8d974e29f81fbddd0731051399dc40763bda998a1e36d1c3ab4

SHA512
3187122bd3e20dc74efac802b86c612573682370a8b24c3ec7769e67de525b68c91506b85df3ea2d028d4018d14833c980ab2b220aee41b96e2dd9c9d0a67914

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23722\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
bf87834418025b5894d2130668352125

SHA1
ef15f9b1ae6fb271549dd2cef8fb11ba5633c865

SHA256
408081a4655ee846c1067aaafe462a62fa3a562341e681d0dbbf3400362f5cf7

SHA512
b115687e542fc1a7f342cf610c450dc726d79e7b8e63bb2d5761a47464796fbf8c880ed811149443734f0d47c4cf8b2694a3703004d69cbd62fbf2a96d9667ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23722\api-ms-win-core-timezone-l1-1-0.dll

Filesize
22KB

MD5
80bd4ecd52c736047b21f0c4c6bdaa95

SHA1
8ac491285818f19485351253129889839d97aedf

SHA256
04f932559f3e5eec0d929d60ab501fc0f6037e97b241e2b3ddd3ad16fedaa23c

SHA512
3f79a2c1635eec05c7a9e561842e2bed227d1d3db72b6cc34e121bfeb29755d51db707bee955a1d1e24e4faea8ef8426283b8c0820a528001851600ab20cf7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23722\python312.dll

Filesize
6.7MB

MD5
48ebfefa21b480a9b0dbfc3364e1d066

SHA1
b44a3a9b8c585b30897ddc2e4249dfcfd07b700a

SHA256
0cc4e557972488eb99ea4aeb3d29f3ade974ef3bcd47c211911489a189a0b6f2

SHA512
4e6194f1c55b82ee41743b35d749f5d92a955b219decacf9f1396d983e0f92ae02089c7f84a2b8296a3062afa3f9c220da9b7cd9ed01b3315ea4a953b4ecc6ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23722\ucrtbase.dll

Filesize
1.1MB

MD5
8f53604f28132832353c099fadb2a54c

SHA1
7679e25d80e7d551c390e6ac6f7561bf2368f734

SHA256
5d652e1ba943587035b573e0dbcdc8a2f114030ac5cae4894805cc228dda3d22

SHA512
5b7e3775a0eca8ade32e092287342f20c80ba3f96ce2008eff5a68e0ac952087f4a19ca5f6a7bf1e3a8add8aed49ec8168238461f777445104bae9d89b99a43a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI23722\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
2083c4c18b0b2d501995bf1af79bbcf1

SHA1
9cbd7dd86fba3f1829d2f9614caa83958f690e99

SHA256
01b61d57ba1290bf2640ecee28de3d240eeb09e9c664c0f4d0f9402cd1da5eaf

SHA512
5eb5455989e1dbc8655c510d2b596d422078ecef8342d9d10797eba2d8aa1562b9037ede35f00222c3cfb6f46e003bd4bd1e17faa2d19e0aeb63e970c978da23

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads