Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
10/05/2024, 18:12
Behavioral task
behavioral1
Sample
Roblox-Cookie-Logger-main/Arctic.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
Roblox-Cookie-Logger-main/Arctic.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
main.pyc
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
main.pyc
Resource
win10v2004-20240508-en
General
-
Target
Roblox-Cookie-Logger-main/Arctic.exe
-
Size
17.4MB
-
MD5
b5343da0e0f7cc78266f8282138f6bfc
-
SHA1
fdbb82d380e98a48a58de021b90f116cedc01298
-
SHA256
3e81ac827824478a5532846c42bdbf5d469beab9793092542419d0c5ebcf52ac
-
SHA512
01b5787a93d971f36238d9754db108e5d8133ccde528e7250c0e1acc3d3693f8a628d12fc8f14cdfff55236c0549e55a679b432f7f0e59f1c1bf7ec7ae2e2abf
-
SSDEEP
393216:jCSARbMb/m3pbsLG/PcjGsoTZleDXdk5I8g8F9/75oQlvQ+:+SkMbKx/PcsTZlofAFZlvQ
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2740 Arctic.exe -
resource yara_rule behavioral1/files/0x000500000001a4ef-123.dat upx behavioral1/memory/2740-125-0x000007FEF6120000-0x000007FEF65AF000-memory.dmp upx -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2740 Arctic.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 108 wrote to memory of 2740 108 Arctic.exe 28 PID 108 wrote to memory of 2740 108 Arctic.exe 28 PID 108 wrote to memory of 2740 108 Arctic.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\Roblox-Cookie-Logger-main\Arctic.exe"C:\Users\Admin\AppData\Local\Temp\Roblox-Cookie-Logger-main\Arctic.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:108 -
C:\Users\Admin\AppData\Local\Temp\Roblox-Cookie-Logger-main\Arctic.exe"C:\Users\Admin\AppData\Local\Temp\Roblox-Cookie-Logger-main\Arctic.exe"2⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2740
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
MD5c938648ffb242bc402358c7a4f1ffb9c
SHA1bdd3f674702c4715669ddf062f94b8218dec46d5
SHA2568bb31916d8495625a7e280763e10346852b7bb76729a8c850929b015f4ef3378
SHA51289ab5a7c8f2ae836e83f80c3d1111f5ebd691d75aeefe9fef6f863d4ba8c71ef3b47d2bfc8cbe0a223dfd49ac01ca623d9859e6f26797bb757b3a6cdd6464df5