Overview

overview

7

Static

static

3

Roblox.Acc...el.zip

windows7-x64

3

Roblox.Acc...el.zip

windows10-2004-x64

1

Auto Update.exe

windows7-x64

3

Auto Update.exe

windows10-2004-x64

6

RBX Alt Manager.exe

windows7-x64

3

RBX Alt Manager.exe

windows10-2004-x64

7

x86/CefSha...re.dll

windows7-x64

3

x86/CefSha...re.dll

windows10-2004-x64

3

x86/CefSha...re.pdb

windows7-x64

3

x86/CefSha...re.pdb

windows10-2004-x64

3

x86/CefSha...ss.exe

windows7-x64

3

x86/CefSha...ss.exe

windows10-2004-x64

3

x86/CefSha...ss.pdb

windows7-x64

3

x86/CefSha...ss.pdb

windows10-2004-x64

3

x86/CefSha...me.dll

windows7-x64

3

x86/CefSha...me.dll

windows10-2004-x64

3

x86/CefSha...me.pdb

windows7-x64

3

x86/CefSha...me.pdb

windows10-2004-x64

3

x86/CefSha...me.xml

windows7-x64

3

x86/CefSha...me.xml

windows10-2004-x64

1

x86/CefSharp.dll

windows7-x64

1

x86/CefSharp.dll

windows10-2004-x64

1

x86/LICENSE.txt

windows7-x64

1

x86/LICENSE.txt

windows10-2004-x64

1

x86/README.txt

windows7-x64

1

x86/README.txt

windows10-2004-x64

1

x86/chrome...nt.pak

windows7-x64

3

x86/chrome...nt.pak

windows10-2004-x64

3

x86/chrome...nt.pak

windows7-x64

3

x86/chrome...nt.pak

windows10-2004-x64

3

x86/chrome_elf.dll

windows7-x64

3

x86/chrome_elf.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    07/08/2024, 03:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Roblox.Account.Manager.3.5-rel.zip

  • Size

    114.3MB

  • MD5

    eb863e0809db7d04fbec39878c801a91

  • SHA1

    fa18ae7c7bf97f211824add12733c907bf22a4c2

  • SHA256

    d00c2f5200fcf21e227952827e0318c7c531a46348352e8b076cf5b70971efde

  • SHA512

    130902fe14952883912c70caede0c61a3faaec91077a6520db59d75dace1581ad8d0e5199521aa5b1b2d864be5713d6612657e3236079838698db77814364cac

  • SSDEEP

    3145728:WswTcbYggOeu4GDT2F4fO4fmfWD/xia/7rqwKT:WswQ8ljG2toxiCmwS

Score
3/10
discovery

Malware Config

Signatures

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 10 IoCs
  • Suspicious use of SendNotifyMessage 9 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Roblox.Account.Manager.3.5-rel.zip
    1⤵
      PID:2924
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:2812
      • C:\Windows\System32\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\ResumeWrite.vbe"
        1⤵
          PID:2888
        • C:\Windows\system32\NOTEPAD.EXE
          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\PingUninstall.txt
          1⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Opens file in notepad (likely ransom note)
          PID:2944
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\InvokeBackup.wav"
          1⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:1848

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1848-13-0x000007FEF8110000-0x000007FEF8144000-memory.dmp

          Filesize

          208KB

          Download

        • memory/1848-12-0x000000013F260000-0x000000013F358000-memory.dmp

          Filesize

          992KB

          Download

        • memory/1848-14-0x000007FEF5760000-0x000007FEF5A16000-memory.dmp

          Filesize

          2.7MB

          Download

        • memory/1848-15-0x000007FEF4370000-0x000007FEF5420000-memory.dmp

          Filesize

          16.7MB

          Download