Overview

overview

3

Static

static

1

Payload/Ro....dylib

macos-10.15-amd64

1

Payload/Ro...ler.js

windows7-x64

3

Payload/Ro...ler.js

windows10-2004-x64

3

Payload/Ro...ols.js

windows7-x64

3

Payload/Ro...ols.js

windows10-2004-x64

3

Payload/Ro...r.html

windows7-x64

1

Payload/Ro...r.html

windows10-2004-x64

1

Payload/Ro...ension

macos-10.15-amd64

1

Payload/Ro...Roblox

macos-10.15-amd64

1

Payload/Ro...r.html

windows7-x64

1

Payload/Ro...r.html

windows10-2004-x64

1

Payload/Ro...t.html

windows7-x64

1

Payload/Ro...t.html

windows10-2004-x64

1

Payload/Ro...p.html

windows7-x64

1

Payload/Ro...p.html

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    14/07/2024, 02:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Payload/Roblox.app/SignUpDisclamerTencent.html

  • Size

    423B

  • MD5

    0098f9c90144901c99cbe09f740e3082

  • SHA1

    2243fca1d0b175d7e5d8884d8f1ba50c45120d25

  • SHA256

    cbd4803907ea1d37a100a4e1fb4971cd540250db6e5ccc34e347dbf1bb8f40e0

  • SHA512

    e214e8a561b7257ec794b8bc8b5de7a23a1aa4bc4f6b9f194d46cb6601fdd2be3f2f09a85d0455c8cde7f5a62a2d8fc1e195217784936453f72e069de024405f

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Payload\Roblox.app\SignUpDisclamerTencent.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2300
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2300 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1528

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ddb64fdc6b8c72f0de30abe30b8fce3

    SHA1

    ca94656d90f03d89987feb75f52389665065d038

    SHA256

    55c426fbc95b4cc8c9f7b7fd1c411c6d7d7596fd9c188dc60c085e7723a289a4

    SHA512

    263a0a475e7bc03d3ecc184ce3bb212e656afdef46c28a78cb86169f5588de8e12d1c2e488177c000f60e861191041acdbc35ffa47e1ec43c474a1d2f8820803

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    10ee6198656c1dc4b32bc4f365244563

    SHA1

    b6110cc3e00b06d9299d62ecf44947b558c21ea4

    SHA256

    8c43cd46619cacaf9dda917828017b2d260c90676af1519bc427dec25b1d4e37

    SHA512

    6f3365964a345128a5d8e8abb67b776ff1397129d0e0875fee30b4d94cf33e1d1db7ba484f5c57430c4da40e6b5401dd6bbb59dc5e69756089d3ce26d8f7ca45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c368333e0be0cab90a647576718bf5a

    SHA1

    d75fdce152f4fab42328f2f23dd0012d57a2b279

    SHA256

    09d46b65003219753cba8ac0852c15413b925452c4ec7846d6827f0e793b4dd4

    SHA512

    a4d764ee43dae98f6c2c6ccb20207132e3c1ab4e39797f2f455a2a4db6b9bbbe6c481059393495d2ad95e5f5973320dc88f3c2566b67b0c3c43ca570f0ed187c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5ad4bfea30510ab41ae45b247daa1ae

    SHA1

    24cf51e3cf3e5eb546919d71ee2f2f51fc3b2e4a

    SHA256

    87c6163e7014b83f5248849d28d307279163d10d01c824a9ef56c63a6507499c

    SHA512

    f99708c81ff76d3ca3f31292aebe4f59e5e3183706adf49cca311610b6000daa52a52ab25c92728fbb2a80b83a67c0d0afe98492508c1ec08725e1e654964c42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a9f65dc1533596b5a1cfe3a6020a09e

    SHA1

    7e1cfe6113f5a0892620b94133be084eb9ff5cc5

    SHA256

    f1d7e746657eb6bd30997bb2e87065511632ac1fed980032d956e5e6b900fc23

    SHA512

    52c713c6c78edeb1c44829b7111e56d80d73156350acfe35ff03d5d03695be8fe2b2ba24205fe1238cfc7111ad7ffd9fc7da76a6d379ada7bc443db705b2426e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c2895773d364744933c35f30f7a2fd3

    SHA1

    1fe315a5d384d0257ecaa58a160be41b7077489a

    SHA256

    ebf8c191a486cc45496361f66e3c0b226a79d991e4a1eba3f920097744c20d74

    SHA512

    8602dbdc469c12571c4b7a3e35a7e6b6153f4e72bcd3b8262eaa8b94915b1fb7b82ee1f0673e45ff8ed4631760ed3262f6e82a57259f6c95f778611972cc72b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fa145f78e336a9172a7e6dab38fbf0d4

    SHA1

    ca6f9534925a5aad2071b5fb83ec02f3aa0fbb5e

    SHA256

    038e8be1e8aa1d7bffed43535509fb2dbf5b52643cb66bb3c3c7a67143e7ddbb

    SHA512

    d41228c836e5ee02ebb29dc00d2cfb24d5d6f1a798c2813ff2fd5f34c34db9b5f2856c837feddc71883e6b843ab0105d39b69c31253756bf4a3eea2546bf633d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dbf5ffc2b0783ff6a77b13ed5ff0ae7b

    SHA1

    b67e1a4c295bf6e13d93b20c7989ba609f49d7ce

    SHA256

    f2b925e04fd05fd4ed832c4cc14a2b6daca5198d71519fe769334ef553e9b8c2

    SHA512

    6ad6b0b4eaba4557c8aa704acefaa0b1a7484cf54bf818c72c540de1157ef79681a748f0152a42ea0f4d5c3a35540d02844827ef5f4ec5f472f3b1db06e66d3a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    76bd3e12d8c31cb6b5a66b93c119841d

    SHA1

    9c0dba5e20322103a683d55ebe0801592043c2a1

    SHA256

    02a08781c313b756970cab020bf155b46fe8d1ff570069e38b86a99019f6ab02

    SHA512

    6edb810fd55b9b022f242200ea455aa19b337b7faec98ff2bd7767bd70647a2f8b9c24d2cd306fa8e75243aa31a3127b9b8d03e9fb816747a2b66fbd5109cc72

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    86ab5e884cd91504e6a9ca0f72b03f2f

    SHA1

    91318dd87c7a1cad5192228235427df9029a4438

    SHA256

    e890bdfea53f51854521bc07d4ac39d656f4358759bf5b68b4d008987d80bc9e

    SHA512

    45b672aa337c07df8db8658917db7e899db5643614d75df6ccd2099886f8dae8197020c7504a5c14fae107f77eafb9b6f09793d937fd9d87fca5544b5feac4cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a24b339f58d7d5f59b8628959b9c6bc

    SHA1

    7ba563f0e69e7dc0601987479f7d503411eed8ab

    SHA256

    a1e442e6da9f0ed17dd78f6c200d987e94e423bae400bd0ca871e054976abb76

    SHA512

    3829550d837b63debb7448005766950685f45c7f0ccb9a648d11b7b9e374da23df8d0c68ee47051927ca6d7f82706d83df4f576a8a58951670d2b446bf7be2bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8277303aae4ade859a21c276571d0288

    SHA1

    de07628d10b886abb44c2c5e254c7e13c12be595

    SHA256

    902ea75457a0649fc52725c1afe0ce6439ecaacd5d7755603ff7e3538ec62327

    SHA512

    3ff74761719301ed26a1da69766d2a34a09740923388ae6fa274c0057fe6a1e6a8a5d9c75a011572e321e014e6f62629d1db00e62fe097202426c067804be9b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    87742458d18541cf7e048ab0da958457

    SHA1

    155c3b91b3fd01ee740b4d1aa54b0a5443706d50

    SHA256

    f8beae88b647f2b0b15e8164a430ea4a996f8c5c09d7e89c436b1b576faa3d64

    SHA512

    a71340b44d06fa59cf4e4ed29cb5f4898553635bf8c57cf18011d42a4f935c78a38fc0a260fbd5ffb05f7b11d9a2cf6b6d41289f6dbf38221c957c744c3d0c8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fdf57c4162c77c830dc4c74cd85d6ab2

    SHA1

    171ac5c1a5745ea9311e43ec5567918f97c5730d

    SHA256

    dbbae393f6a3ab8590a8d255747b6e8fc26797f56720df36f57a3192a017fcf8

    SHA512

    ba3d8b493573cbe23515d2e579c84d0cbf08d2bf051d28ab9732ab766de843c4704c81e076806d1528e963c4d6614a6b6902bae46229366066111cd3ea569ade

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6483504cc9185b4da0743a61ac508355

    SHA1

    e8b1fcd5e02bca14c9c394840cbff3e1275777d0

    SHA256

    9f95082f0d77051b93ac1f48bd7576ab0ba75406a36b033bf025e5874fddfa6b

    SHA512

    b08c823c76868ac620b721d115f63bc85bb0d4a373303f6da5bc634639f5263f30b616b4fdaf7e13f282ba8fb0c5b5f56ecfcaddcab67062508ba9eef8eac402

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDFF6.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarEC77.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit