Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 03:48
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/Imagine-YT/Roblox-Account-Generator
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
https://github.com/Imagine-YT/Roblox-Account-Generator
Resource
win10v2004-20240426-en
General
-
Target
https://github.com/Imagine-YT/Roblox-Account-Generator
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3424 msedge.exe 3424 msedge.exe 3260 msedge.exe 3260 msedge.exe 3776 identity_helper.exe 3776 identity_helper.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe 2196 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3260 wrote to memory of 3700 3260 msedge.exe 84 PID 3260 wrote to memory of 3700 3260 msedge.exe 84 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 1968 3260 msedge.exe 85 PID 3260 wrote to memory of 3424 3260 msedge.exe 86 PID 3260 wrote to memory of 3424 3260 msedge.exe 86 PID 3260 wrote to memory of 4632 3260 msedge.exe 87 PID 3260 wrote to memory of 4632 3260 msedge.exe 87 PID 3260 wrote to memory of 4632 3260 msedge.exe 87 PID 3260 wrote to memory of 4632 3260 msedge.exe 87 PID 3260 wrote to memory of 4632 3260 msedge.exe 87 PID 3260 wrote to memory of 4632 3260 msedge.exe 87 PID 3260 wrote to memory of 4632 3260 msedge.exe 87 PID 3260 wrote to memory of 4632 3260 msedge.exe 87 PID 3260 wrote to memory of 4632 3260 msedge.exe 87 PID 3260 wrote to memory of 4632 3260 msedge.exe 87 PID 3260 wrote to memory of 4632 3260 msedge.exe 87 PID 3260 wrote to memory of 4632 3260 msedge.exe 87 PID 3260 wrote to memory of 4632 3260 msedge.exe 87 PID 3260 wrote to memory of 4632 3260 msedge.exe 87 PID 3260 wrote to memory of 4632 3260 msedge.exe 87 PID 3260 wrote to memory of 4632 3260 msedge.exe 87 PID 3260 wrote to memory of 4632 3260 msedge.exe 87 PID 3260 wrote to memory of 4632 3260 msedge.exe 87 PID 3260 wrote to memory of 4632 3260 msedge.exe 87 PID 3260 wrote to memory of 4632 3260 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Imagine-YT/Roblox-Account-Generator1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3260 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec5a346f8,0x7ffec5a34708,0x7ffec5a347182⤵PID:3700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,240764817568262626,2500842539355567599,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:1968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,240764817568262626,2500842539355567599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,240764817568262626,2500842539355567599,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:82⤵PID:4632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,240764817568262626,2500842539355567599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:4540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,240764817568262626,2500842539355567599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:5036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,240764817568262626,2500842539355567599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:82⤵PID:808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,240764817568262626,2500842539355567599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,240764817568262626,2500842539355567599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:12⤵PID:4072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,240764817568262626,2500842539355567599,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵PID:5084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,240764817568262626,2500842539355567599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵PID:3180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,240764817568262626,2500842539355567599,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:1152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,240764817568262626,2500842539355567599,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3068 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2196
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1352
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:556
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5845ef788584e85ab97df9aaedee01d72
SHA1df94e3728b49f7ce38be0a8c6b4a886be3dee615
SHA2562af53a430400044251b263a8fe9f5e85ce09b0be6b1f50ac2455213f569c36d8
SHA5128019e8606604d734b7e7c88c2b00cb7dd18eeb0e3dd5011a7167a30a11027033275b71c1747feec41214233cdc0a3b384481cddf65490065a1ec70efad35a916
-
Filesize
496B
MD5406d40f57c41b87d19b999ebfe5296fc
SHA17d6ce47afbb25a87565cebdaf0a1a2f4af4bfc10
SHA2560d179bd1f38ad65839441984c85dac651e393eb75c561885911cb8cce8be6974
SHA512a763d98c4e196a8f81244761848a52ab25cf2b4dcc91ff8a977828a7f3639f05248463828221b575942a4c99dc5b720703339e4cb59e11a301fefa6236e660fa
-
Filesize
6KB
MD587b1ec9786dad72623f42c6a4b40bd2a
SHA131393dd4eff17fdce3bbd85e1f3cec840c3ab29d
SHA2564701f7476385678f09962f3b70bba4f14c2f3a97e50038cf116ded9d0ffa0c77
SHA512a4d7fbc8786ba86f97dc8f66d95cc2e5e0b111b8036522ca1ba6855c35b24a3ad9e898d50adc6d7725a54fa1c02f68996cf9e70130d3ecca846427ee55443c20
-
Filesize
5KB
MD55abc359b32a854893fbcc030f43975c3
SHA129fdc69998c4f727d6850e7451dbe95b7c469ba8
SHA256312a043db95d5df1de0d949a6eb69727c301d09b825ca9a86404340f1491eeb4
SHA512c19dc62759ed507470854517865241db059d0de0791301c4f51966643e7573ff957ec1b61d7e31a0de6c33d6bbaf74e803fa368687f1d5145d2e1519379f10ba
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5288768e23ee73321da931229a173c85a
SHA1549091d50e8ea402e9761204ddd0c433e187a14c
SHA2563185e88bc65be0a8f1f0e77194be5ab7db15e51f46c9985196e1f8f510b64924
SHA512b8c98e3f99c3642da0b0e0178b0f19c0535315098ed20efc7046fdd681ea89365f1ad6c2317a722c8ffe29f555f6dc5fe37ea0e80f3cb7220d576d9f80ae4995