Analysis
-
max time kernel
299s -
max time network
274s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 07:53
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://roblox.com
Resource
win10v2004-20240426-en
General
-
Target
http://roblox.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618748191835863" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3968 chrome.exe 3968 chrome.exe 1768 chrome.exe 1768 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe Token: SeShutdownPrivilege 3968 chrome.exe Token: SeCreatePagefilePrivilege 3968 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3968 wrote to memory of 4972 3968 chrome.exe 81 PID 3968 wrote to memory of 4972 3968 chrome.exe 81 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 3860 3968 chrome.exe 84 PID 3968 wrote to memory of 2960 3968 chrome.exe 85 PID 3968 wrote to memory of 2960 3968 chrome.exe 85 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86 PID 3968 wrote to memory of 4604 3968 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://roblox.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3968 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5fb1ab58,0x7ffa5fb1ab68,0x7ffa5fb1ab782⤵PID:4972
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1872,i,404170873487230329,4862152248349711949,131072 /prefetch:22⤵PID:3860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1872,i,404170873487230329,4862152248349711949,131072 /prefetch:82⤵PID:2960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2156 --field-trial-handle=1872,i,404170873487230329,4862152248349711949,131072 /prefetch:82⤵PID:4604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1872,i,404170873487230329,4862152248349711949,131072 /prefetch:12⤵PID:2272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1872,i,404170873487230329,4862152248349711949,131072 /prefetch:12⤵PID:1852
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4260 --field-trial-handle=1872,i,404170873487230329,4862152248349711949,131072 /prefetch:12⤵PID:916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1872,i,404170873487230329,4862152248349711949,131072 /prefetch:82⤵PID:5108
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1872,i,404170873487230329,4862152248349711949,131072 /prefetch:82⤵PID:1792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2336 --field-trial-handle=1872,i,404170873487230329,4862152248349711949,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1768
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4212
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD54f57a0e1e5860802360ac828183e1b17
SHA1c3064ff9a0ec15df3366350f84aa2364882af461
SHA2564418d7d60a6abe79c49526a88e0cc130498d4ebdffcd8010fb809407abfc0083
SHA5128c9db08e0e2a58582d686e634ae6ada559a0bf722c637ceb7f8e743950f4b48cffdadfd487dcdc8e5fc0ba6340bd9006b38f56b674b6083db78feb84311ce7fe
-
Filesize
2KB
MD5f6a819dcdfb84cde199523e4f1eb32d1
SHA12051f68cab26007574a97e19cefbc1579dd411c0
SHA256b5b574fb6b65099454f5cabc5aba630759011a7e4740630749eb26d09778fd94
SHA5123586bfe627ca729cb8708f659c763fde01a3ab8ccd0a2b7632bc07fbcfd3ed8952c01d25583ae5b62d8bd976fc01ff3e6249bec46bbcb5b36fc3804754c0c907
-
Filesize
2KB
MD5af16e96c3bee7b1e036955c5d23b860f
SHA1ca48ec9f3f9b9b8287d1975315869adf07c2ab06
SHA25617f2b2383ae923d164a29997cb801f7fde2addf97494cc82e329dd8f379feb84
SHA512b72a20fd28f3bce4d2fe17dc2c671284ef3579761341b47b490a3fe0593f940272b2abd8deaa381e9390bd2108b0c114ef35c58c2cd22ed7918625d93465fc1a
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD519adef7a14fe4b9fba30beac67b7d028
SHA1d4c5cb9a63200c5416e24604d12ee42237906e32
SHA2565cf170098f1ab55fbf3e7fc7f869d4261e12bb3d7ff77aeea98623eedd11902f
SHA5124bfb469828d88a3920cc3969f3d1227ed1dbf1ca89cf86eb7b3e2459781ffaca69add30db7b1279eeb19e96bd9573c751644713e238b2ea8bb2ac288853f9ae4
-
Filesize
1KB
MD5663ee4b6979ce771c1ebc76a045f772c
SHA17494e173ea5d2ce946561bad9a017a7e77ba8bf7
SHA2569e3945f08f8f4d31f8ebaa00886da288ffb894d8af69616d0ccfcea218803b01
SHA5127c4631c6e764c81fc059e1b0e4300c6f1a2e4aefa6a14c267da695d49c80b30de786f6970c639eb132333a4f195d2a497ab3fe852c87c526412743dea8011b35
-
Filesize
1KB
MD5d56b0ed4edb851b51116935072bbf944
SHA173b3d2fce7cfec0d178b6f9fbf2e6705f4355a5f
SHA256fe7f61a788dd7a1eac68d4eb1e496e66f2039c0fd90f8235085d5f6bb030a1bd
SHA51242f88d1563e8caf0c902cbf5bebeee788769bed55a007af74ada5f8470ddbe204dde5bd4585939ae059b9f141b62798267623c6b715adc28375e20a14917bb5b
-
Filesize
1KB
MD51efdecb7049581c0dfef02db1bc710bb
SHA15c33087b136538d1642a3747f8f60eed3c91f064
SHA256ee21e905a3e9e2a6f9e91dae21b74e62a38b9498e5cc660eb3445587ae863468
SHA512160d2c9eb2ef5d1bcfe9a80183caccaca2eacb6c6d4bdaf9c7b9652803e9750d34553223a718724fad79de90991f549b3fcdfc156601f799c69366a425a5e7ee
-
Filesize
7KB
MD52db1a8673a5341b983db4207f3b53fe0
SHA1cdd94a38b37fe1702f0601cfd48c1d93ac4378e2
SHA256b279539ddd45410e8a5d3d5ae5ecaea219580f7fd501a005beddc9c0e5915762
SHA512930134919af3900b72bff12fbaa6ad9babc331bcca2b368977c82c5a7045ba037a8c722349ed37ece2f2b880bd0e4bd8de1df04bbe77e62b89c42218d0c22bc5
-
Filesize
130KB
MD5fe77518ef24dc4c8adfe23a5e5f9ffb2
SHA13e27857a2401bdba4c5fd66a44585edb11841d42
SHA256dbdba6f57a19792c60363718f848253fb32092e400c760cea490850b9860081c
SHA51252d12b10180aad53f9fae0b88d048273cc67b9428c611067ded05ca36a8dcbfb2cbd209f1ed37922a1cfc83727a9d7665e0bf20c83cf537e51e0e9f41110abea