Overview

overview

4

Static

static

1

URLScan

urlscan

http://http//roblox....

windows7-x64

Resubmissions

06-07-2024 05:13

240706-fwdgqayfmf 1

06-07-2024 05:09

240706-ftk4sawekq 1

06-07-2024 05:08

240706-fsqmwayfje 4

Analysis

  • max time kernel
    53s
  • max time network
    54s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    06-07-2024 05:08

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    http://http//roblox.com

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://http//roblox.com
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2524
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1176
  • C:\Windows\system32\mspaint.exe
    "C:\Windows\system32\mspaint.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    PID:2436
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:1976
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x178
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3012
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:2268

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        f5573d9fe934adf21e42ff6a367dc3f3

        SHA1

        fbf936a66c6fe65f1af581a937e66f9afadc96e6

        SHA256

        81dbdba04fbb117c395ae9955ad12b4efe381ce1ffa60421ff9a93257669a025

        SHA512

        43e9dd881ee083294f0d6375282df9cd011b220a028bd1d38c904016063ce21d02c9b5a173f4c6d7df633e634693e0e7aa924411168c519e1d8149cf69b57ff6

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        2e940b874f8db3bf83c8ef1350b2a46c

        SHA1

        bee0b1796831323187f781724de7795149f1ee8c

        SHA256

        e31143600e5bf0a32d469db65bdbe06f291423b5818fe90d736277cd12b8608e

        SHA512

        444852fd0253cd18e910045eddb4c200c6ec0ba04ff1d8badf275f75c912169f7b9d8af7cfb37cad88d3fe2e430d9a84b50d5b60c2e11a31a38f6358c6a334b2

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        d66af4b5455812e6c6a7025f7c5f37ec

        SHA1

        7181c4d463e910163e81028fb5baa004984d96b6

        SHA256

        59719825dd69c119077d1b1d87cadfc70574dc6c6a6b9b5645b5bae924ab0bc0

        SHA512

        7811d946e1b3a7eb7c904d494c5f959d5e0eebbe2850150b24bbef9a98d256e06c728802626f5bd0282c893a3d23b20fa936597090acc392dcc660232da48ef8

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        034699eab70ba5301f48ff267e650313

        SHA1

        907874dcb34aeff1b10f3f4836adb4b24e186613

        SHA256

        0a11ab359d8ad3c7de9e9388b178f786e8d58b9c6551e64ad58a8969356b3dae

        SHA512

        665ba05419630f3e4b347ab7b809e7ee5a6ee86d03792298cedd3a41bde5fbda77fa788ac30ee71131407b1bb2190ae8a1ec98ce030d96db301fa9636adb6c4c

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        38bb82f715d4158d7a461b46ed0b4243

        SHA1

        29cedc0b74f5959c4a51c0ce025a0ce0588bac33

        SHA256

        2a6d48bac3762ce9d48c4a0e80ce14c45da611ecadc9b0b73e1f2f936200a908

        SHA512

        ba1087a4ff066a5b13f2ae93c0a355ca3158e9c8864b3ad67cbf7f043e4d821b05ae799513af06858c50000742d2f7534f43d5c279827eaf7727c159754d638f

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        b2c480c5b297c48c859df5b5778757fc

        SHA1

        10819c24d9f97fc588d326922d53b45518661449

        SHA256

        cd4842912d663fa51909b3ab6934a45c537194e144c9fe2e63a6029f0f50ada6

        SHA512

        546f0e9d217569ee86decdb96b646944e226d4e788a20a3c073c29afe2794f04337b42eec0fdd86fb7ce380683d124a4b2c2c9c5399bfa50f1344e339aa5f482

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        4d7a59c8ae992268f76eb4be98fb35aa

        SHA1

        af1283da843d0f3cad7dacd230e9257e3828fba7

        SHA256

        c167642f482412e9f854e38c11b382f02f6660b8f2213f32d9a7dd8b64f8be55

        SHA512

        53695027b253e5f891a7454d0d05b624e63c2eb5d74611ff8aefdc8ac55e3c5196f99234f1e85775994614f3db328b486487d1d8d9d8d2b23f7229ae35fc4b6a

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        1433a848ff33ab7fd115577288b4fa03

        SHA1

        94987a339eaba2ad39a2a4e4cf938f538f89631a

        SHA256

        3b1a2d1952c401e9c532738d9cb1570921838c3ba09608542e0a94b516f6d25d

        SHA512

        b90ed41ac030b668bc5716b0c9e2653d1f08bc2bb5c1b11f86cf75b1caeb7008e56b384b8f068429d84f28f5454fcc7c02626d1a4a676370ff6ccf8047b4deb0

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        9e3d8fca1dd0eabb2ccc252969b8f0a7

        SHA1

        29e8617464c24a720898c025a7b85bf6310c9638

        SHA256

        a3fa16813c7b8a3d8770ce3f54329196249f3c2d509d709a4313a8eeeb2f3bcd

        SHA512

        26a3786db95ff1114a615e795fd605a225e2a308a78cc4d54a2c52903e8c990c623a6fd7d506ca5eb2fb6fd10bddd502a5c89b0e8a95f8980ec9ceb374507b6e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\CabB703.tmp
        Filesize

        70KB

        MD5

        49aebf8cbd62d92ac215b2923fb1b9f5

        SHA1

        1723be06719828dda65ad804298d0431f6aff976

        SHA256

        b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

        SHA512

        bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\TarB7C1.tmp
        Filesize

        181KB

        MD5

        4ea6026cf93ec6338144661bf1202cd1

        SHA1

        a1dec9044f750ad887935a01430bf49322fbdcb7

        SHA256

        8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

        SHA512

        6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        Download Submit

      • memory/1976-446-0x0000000002D90000-0x0000000002D91000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2268-447-0x0000000002B30000-0x0000000002B31000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2436-438-0x000007FEFB2B0000-0x000007FEFB2FC000-memory.dmp

        Filesize

        304KB

        Download

      • memory/2436-439-0x00000000003F0000-0x00000000003F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2436-444-0x0000000004400000-0x0000000004401000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2436-445-0x000007FEFB2B0000-0x000007FEFB2FC000-memory.dmp

        Filesize

        304KB

        Download