Overview

overview

8

Static

static

3

roblox acc...er.exe

windows7-x64

3

roblox acc...er.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    54s
  • max time network
    58s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    02-08-2024 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    roblox account manager.exe

  • Size

    5.4MB

  • MD5

    334728f32a1144c893fdffc579a7709b

  • SHA1

    97d2eb634d45841c1453749acb911ce1303196c0

  • SHA256

    be9ddcdedf8c36c64e6b0a32d2686b74a112913c54217ccaa46675bfd1dc82f1

  • SHA512

    5df9d63136098d23918eba652b44a87e979430b2ce3e78a3eb8faef3dd4bd9599d6c31980f9eaf2bd6a071e966421bc6cec950c28b3b917f90130e8a582c2a1f

  • SSDEEP

    98304:42bT1Qm7d9G4/Ml61KO9bjRxMLywnrmYa0kqXf0FJ7WLhrBzcgPgL6b:/Qm59RMowO9bjRmmYiYa0kSIJ7zgPE

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\roblox account manager.exe
    "C:\Users\Admin\AppData\Local\Temp\roblox account manager.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Users\Admin\AppData\Local\Temp\roblox account manager.exe
      "C:\Users\Admin\AppData\Local\Temp\roblox account manager.exe" -restart
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2152
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=roblox account manager.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2296
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2296 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2868

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d3ea20be5004f68b53ecf438088bfe2

    SHA1

    eae22c04d239cdc5e8ef68bb66509478f2464b0c

    SHA256

    976e4d15064a984750bba4c2456889c56ab6f1f409dcb33ec5825dd486ed6de3

    SHA512

    a02c422a038153099fec2a6ea2f8b231488cfb79c0cc829289c491b4018c22d1ec34a64f4d18a54f78add5f3beae78cf76cac938dbbf7dcdebcd3f82ed62f546

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f05488b9dc17b031aaca35be14e4dc27

    SHA1

    8d677176379bea6302ef7fe89d81c01ced8ced1b

    SHA256

    4c066c9f32ffff5f44c8e4447d50bf104dd98f1c4649aff17ea192a53b860568

    SHA512

    49aee9e02a38c83554ad6c453cea856e3f447a50a5067f4ae47fe4fda358c133fc60b13fb8110f00c819c8a65e1ae8934a560b2fa884ca4ad2d65e562f61bcf1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    49bff3729ed81ce91aa63a80e68e1e08

    SHA1

    357c92d9c0b1c18264675f971df9143551aab610

    SHA256

    42f3bc59ae2ad2222a2d66d038195c7e36ddd076017c188886364b424b416604

    SHA512

    35823fd87a470c016769cfbfd409a469e1c29a6807f98f0d25c3670eae8576d30e2830a244ac7a68eb822f588af70330f0de649531d1a61d5363a4b49eb5239b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6144dfd523925223722708fa3d019da9

    SHA1

    be27529d2bf875a34d9389fdf12ca8e5ed1b531b

    SHA256

    a2235800cbc66fbe5ca134bea10820b2516c31dea7fce5a69efc8b4492a0e0b7

    SHA512

    f0cd37788dd1f1696956d0d5826772d02304881b0550f3188fbac8510cb4a0d5a51668e0baba476958d8513b1bc447c27219721f371943ec7b0d6903501d332d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    54bdf07349b1d0fc46926f8c98c20141

    SHA1

    ec14b0da99f172e09b7c475c2c2bc4d9999e763c

    SHA256

    cca6b88dcd27f071f7b7ad15b2d4d8db7769d4eade5bfa4cdc7ce08b0783baeb

    SHA512

    6d70016550aaf29766a5c659f7f87bb5671966415a56830bc4d7413e89bd61bb1d7cfc7719f401b8b6e602844d7761cd15c3f1f6cdc93ae3860d9f2576c31b43

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0bb585962439edb0033e16bdc161d822

    SHA1

    4fa20789b1dd8d85047a17d33474c21387746f34

    SHA256

    3d0774229cc152eefc51e9408aea79dccd81de887fdc47a02b2155a7429fa1e5

    SHA512

    d63ec24dd15c5f8a96073a0d44939b360b492cf857ac494d65e3e84cbdd0e842e238ab16561d15f514d75bfcb13a51663671a37a0646ee7203207e30b7c33904

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8dd118d271f2322311ca9f63b4e91fcb

    SHA1

    212845dfac1ad119fd3f423d775a5b1a27ce461f

    SHA256

    a5b1a286b801ca13ff878dcdc2b649e8096dfaac1b08df633522134ffa0eafb6

    SHA512

    fe385d45276bd6cd926051722fd8d845e3c0a42a8a884c54a979df04cd3d909c8f411f8ed5ed0be1263c27203c87645375a09cbad5e73238e77cfb1e5d88d4c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d22bca77f9519857e17e11b644180d40

    SHA1

    279059be3212086bc5a250b441ce9dd4c4379803

    SHA256

    b5647c5ea95bff4fd6f4f8687f4d666069c57ba559ec3ca615d19189164a3b76

    SHA512

    eeb41d1a64ba364a691ac00b81517144bc9def8f3d81f5166fd80dd8259a679d7f604f876a2957b52d682990a95156e9a43cabb4dc383723e0e2504c3aabb18b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67a04d8c133a2ba568bba5ef8d893972

    SHA1

    eaa3a688d2fd1bfd13fce2fd27fff2741fa67c93

    SHA256

    2792423a853e3a14d082d561602d3ad3683bbde24cff4ea3db6a8b8775923907

    SHA512

    dc22cdf98fa299918e1a173d7cc1d3e69141652190c768289dca42da480a1355a82b78576ab9a40a52c76b116bb130e0c23b94205e43047ed1bd024c9f08c674

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4a1a5f78ed2343f1ab98d949029fe459

    SHA1

    dba55aceec209da607ce4daa119dde10cd5d3644

    SHA256

    1c5d4ed248bc1cc0762c41a73bb0bbed34ce21a0299ebd0ccddf6d366ee35d5f

    SHA512

    b0c4350f2d360e50518eba0ef14a067ffa3c10c06521976be1811703c61c6fbc208a4eee94de8610f40cb23b1977a56f30dbf3a92a612b110ea473df500be6dd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab43D6.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar43F8.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\roblox account manager.exe.config
    Filesize

    6KB

    MD5

    0a86fa27d09e26491dbbb4fe27f4b410

    SHA1

    63e4b5afb8bdb67fc1d6f8dddeb40be20939289e

    SHA256

    2b6d99db8369b0ff6372737d89d1c9e4101815b4168a3852c7b513f2897e7f3d

    SHA512

    fbebc4dc0925d5d67271cac04c1ed324091442ef4c9f6243d2c1c523c9aa6b338c6a594e4987fc142dd3b2a023338a267c8a3454e47fbf0b3e0dbd7b3b65cc0d

    Download Submit

  • memory/2116-0-0x0000000073F8E000-0x0000000073F8F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2116-11-0x0000000073F80000-0x000000007466E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2116-6-0x0000000073F80000-0x000000007466E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2116-5-0x0000000000A80000-0x0000000000A9E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2116-4-0x0000000000C00000-0x0000000000C26000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2116-2-0x00000000009F0000-0x0000000000A36000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2116-3-0x0000000073F80000-0x000000007466E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2116-1-0x00000000002E0000-0x000000000084C000-memory.dmp

    Filesize

    5.4MB

    Download