Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    10/05/2024, 18:12

General

  • Target

    Roblox-Cookie-Logger-main/Arctic.exe

  • Size

    17.4MB

  • MD5

    b5343da0e0f7cc78266f8282138f6bfc

  • SHA1

    fdbb82d380e98a48a58de021b90f116cedc01298

  • SHA256

    3e81ac827824478a5532846c42bdbf5d469beab9793092542419d0c5ebcf52ac

  • SHA512

    01b5787a93d971f36238d9754db108e5d8133ccde528e7250c0e1acc3d3693f8a628d12fc8f14cdfff55236c0549e55a679b432f7f0e59f1c1bf7ec7ae2e2abf

  • SSDEEP

    393216:jCSARbMb/m3pbsLG/PcjGsoTZleDXdk5I8g8F9/75oQlvQ+:+SkMbKx/PcsTZlofAFZlvQ

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Roblox-Cookie-Logger-main\Arctic.exe
    "C:\Users\Admin\AppData\Local\Temp\Roblox-Cookie-Logger-main\Arctic.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:108
    • C:\Users\Admin\AppData\Local\Temp\Roblox-Cookie-Logger-main\Arctic.exe
      "C:\Users\Admin\AppData\Local\Temp\Roblox-Cookie-Logger-main\Arctic.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI1082\python39.dll

    Filesize

    1.5MB

    MD5

    c938648ffb242bc402358c7a4f1ffb9c

    SHA1

    bdd3f674702c4715669ddf062f94b8218dec46d5

    SHA256

    8bb31916d8495625a7e280763e10346852b7bb76729a8c850929b015f4ef3378

    SHA512

    89ab5a7c8f2ae836e83f80c3d1111f5ebd691d75aeefe9fef6f863d4ba8c71ef3b47d2bfc8cbe0a223dfd49ac01ca623d9859e6f26797bb757b3a6cdd6464df5

  • memory/2740-125-0x000007FEF6120000-0x000007FEF65AF000-memory.dmp

    Filesize

    4.6MB

  • memory/2740-126-0x000007FEF6120000-0x000007FEF65AF000-memory.dmp

    Filesize

    4.6MB