Analysis

  • max time kernel
    211s
  • max time network
    203s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/06/2024, 21:54

General

  • Target

    Roblox Player.lnk

  • Size

    1KB

  • MD5

    715ad43bf375bf57511346f3dc7afbfc

  • SHA1

    2889842b68f2d7d09ac883e7a27dda8573ae0b38

  • SHA256

    465d22acc3ec8ea4220753450e15bd0f72bc9b217f0fb3d39d701a74c46a68f0

  • SHA512

    781c543b775eeaba8d12322210827801ee365f07af67c3dd292a3cebb618db7034d0600be06b357097b172b3745017da1f4ee11b85d0f1fea6ffd2c9354258b7

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Roblox Player.lnk"
    1⤵
      PID:3776
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x4 /state0:0xa395a855 /state1:0x41c64e6d
      1⤵
      • Modifies data under HKEY_USERS
      • Suspicious use of SetWindowsHookEx
      PID:2900

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads