2abf33a81c6bde129ab2b3a632098ccc9d886bbb100037636f649445d26c992a | Triage

Submit
Reports

Overview

overview

9

Static

static

7

ROBLOX.exe

windows7-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

ROBLOX.exe
Size

61KB
Sample

240630-nfnlrazfjp
MD5

436430d4019b9c9296de7bcb64e72c8c
SHA1

900e15a469b7fc676a805976a1953b966d582f23
SHA256

2abf33a81c6bde129ab2b3a632098ccc9d886bbb100037636f649445d26c992a
SHA512

7d76e7adce2fe1530b298f43c1e277930e25fd201f69e90a96950abe64c72019125ae3ec2253e727e95f878af1aa36fe970546c8fec0091b19db76a8d26500ec
SSDEEP

1536:FpfEKNCj6VoJl9Go5K7s4Nu3cHXGnouy8lC:FVZ/VGS7rN+c2out

Score

9^/10

defense_evasion evasion execution impact ransomware upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ROBLOX.exe

Resource

win7-20240611-en

defense_evasion evasion execution impact ransomware upx

windows7-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  ROBLOX.exe
- Size
  
  61KB
- MD5
  
  436430d4019b9c9296de7bcb64e72c8c
- SHA1
  
  900e15a469b7fc676a805976a1953b966d582f23
- SHA256
  
  2abf33a81c6bde129ab2b3a632098ccc9d886bbb100037636f649445d26c992a
- SHA512
  
  7d76e7adce2fe1530b298f43c1e277930e25fd201f69e90a96950abe64c72019125ae3ec2253e727e95f878af1aa36fe970546c8fec0091b19db76a8d26500ec
- SSDEEP
  
  1536:FpfEKNCj6VoJl9Go5K7s4Nu3cHXGnouy8lC:FVZ/VGS7rN+c2out
Score

9^/10

defense_evasion evasion execution impact ransomware upx
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Stops running service(s)
  evasion execution
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Windows Management Instrumentation

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Direct Volume Access

Impair Defenses

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Service Stop

Tasks

static1

behavioral1

defense_evasionevasionexecutionimpactransomwareupx

© 2018-2025

Terms | Privacy