f9f51da174f83be2cd5df0c8adc1b7864fad50dde5a28cfe07289ad867b21162

Resubmissions

15/06/2024, 20:01

240615-yr12bssgqf 3

Analysis

max time kernel
46s
max time network
47s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/06/2024, 20:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Hack+for+Roblox.js
Size

155KB
MD5

845221164d518b6f5c96cbfca0eb9a39
SHA1

dac3e36314a65e2cca1596c55952f7792ae35503
SHA256

f9f51da174f83be2cd5df0c8adc1b7864fad50dde5a28cfe07289ad867b21162
SHA512

2b47709e7b27c802b9b5c6056c5bae5419ca6fed231a07947101bd383084022152a180a31fb3ef2747124017e51d563ab85c9fcf3e070c25f28328793cf42fc4
SSDEEP

3072:MIHm8JhU+JoR7qqHb5NRs32DlNlL0/8+Cg3X3bGrY:LjCl5NRsGDlNlL0/8+Cg3X3bGrY

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629553517936928"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4764	chrome.exe
4764	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe
Token: SeShutdownPrivilege	4764	chrome.exe
Token: SeCreatePagefilePrivilege	4764	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe
4764	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4764 wrote to memory of 4608	4764	chrome.exe	89
PID 4764 wrote to memory of 4608	4764	chrome.exe	89
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 2348	4764	chrome.exe	90
PID 4764 wrote to memory of 4744	4764	chrome.exe	91
PID 4764 wrote to memory of 4744	4764	chrome.exe	91
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92
PID 4764 wrote to memory of 4776	4764	chrome.exe	92

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Hack+for+Roblox.js
1⤵
PID:3948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e48cab58,0x7ff8e48cab68,0x7ff8e48cab78
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1884,i,3406385466867782857,8526318171031869001,131072 /prefetch:2
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1884,i,3406385466867782857,8526318171031869001,131072 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1884,i,3406385466867782857,8526318171031869001,131072 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1884,i,3406385466867782857,8526318171031869001,131072 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1884,i,3406385466867782857,8526318171031869001,131072 /prefetch:1
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4168 --field-trial-handle=1884,i,3406385466867782857,8526318171031869001,131072 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1884,i,3406385466867782857,8526318171031869001,131072 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1884,i,3406385466867782857,8526318171031869001,131072 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4684 --field-trial-handle=1884,i,3406385466867782857,8526318171031869001,131072 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3896 --field-trial-handle=1884,i,3406385466867782857,8526318171031869001,131072 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4100 --field-trial-handle=1884,i,3406385466867782857,8526318171031869001,131072 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3932 --field-trial-handle=1884,i,3406385466867782857,8526318171031869001,131072 /prefetch:1
  2⤵
  PID:3424

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8d48b9c0-eb9c-45c1-86bd-184e372b9116.tmp

Filesize
7KB

MD5
45f767084564fcd4de4a1d3516020d5f

SHA1
bf68c07ee539e13fcd2dde201021f9a07690f936

SHA256
b80fbed55c5027cce3bfc36400a3734c7a673be3807fb5c874ae0b1f1974edf2

SHA512
fb12e8493632f063ca7f66869605efa951bb84acfbf9e1a584e1f902509e5d8ecc9c90a9ce0228fa3ec0a70f6354fd5865719d413055985481b58b65d8b7822b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f1a8a1690cb177849cb1b8f093307584

SHA1
c99f8a70765e6a210ee53c077fbb9fb096bbb445

SHA256
6ca5853dc695e6fa48c88e21b9010eaf3d45f6f2cf1763f61a1924e5716db135

SHA512
7c374741d7fa063055f78051370d4b85ba60b8755716364ea0ecdc2dbe2ce8f12d257601db81c621b8819350fcae1dc1cf28be359ed30aa43aff73594656450f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
64789a280cc44f03342e2a1802f78bed

SHA1
9951582b53cb6447628f2c1ee928807e52ac081f

SHA256
11a493638a6c40426480d283352f8527756645af29c667cf69db206d55040e95

SHA512
7f8bf1218eb172b0c8c487226c9df776509a2a765acba2d9426ef0168c9d0122a7509149df28a377141d83046149cd2f24bbae38c5b155e3df16764c8afc3823

Download Submit