fa295367c659cffaa8b33f0a2877a8a3385711c1e0b99672e8268a789a8eb976 | Triage

Resubmissions

17-05-2024 20:27

240517-y8h7vahe2y 10

17-05-2024 19:38

240517-ycv7jafe59 10

Analysis

max time kernel
43s
max time network
19s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
17-05-2024 19:38

Sharing

Report Analysis Logs

General

Target

freerobux.exe
Size

19.6MB
MD5

ed049eea7dd42a25d83dd75c377294a0
SHA1

52b75bc55d1bb28dd3ae6a016de961d4f543ba9b
SHA256

fa295367c659cffaa8b33f0a2877a8a3385711c1e0b99672e8268a789a8eb976
SHA512

776c910108258e5f95e5d4753383a199a952f721eec1e5c7b8381c5e45261e458a52615bf5a4e148259a3866e8b6d368796ea62cd60841263646180a2efca10b
SSDEEP

393216:/QtsFr7M5livQETSTvJQnqOqK8/7zdCRd7W:/QtsB7M5lmQEWThQhoU

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2276	freerobux.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2276	3040	freerobux.exe	28
PID 3040 wrote to memory of 2276	3040	freerobux.exe	28
PID 3040 wrote to memory of 2276	3040	freerobux.exe	28

C:\Users\Admin\AppData\Local\Temp\freerobux.exe
"C:\Users\Admin\AppData\Local\Temp\freerobux.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Users\Admin\AppData\Local\Temp\freerobux.exe
  "C:\Users\Admin\AppData\Local\Temp\freerobux.exe"
  2⤵
  - Loads dropped DLL
  PID:2276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI30402\python311.dll

Filesize
5.5MB

MD5
5a5dd7cad8028097842b0afef45bfbcf

SHA1
e247a2e460687c607253949c52ae2801ff35dc4a

SHA256
a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

SHA512
e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

Download Submit