Analysis
-
max time kernel
140s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
07/08/2024, 18:43
General
-
Target
Roblox 2016/Webserver/bin/apache/bin/ApacheMonitor.exe
-
Size
62KB
-
MD5
2c98d6478b5ba1f72e14bd18d7736568
-
SHA1
e80b61f00446fdef46f73d6991806cf7d5e1c96d
-
SHA256
47c98491f7768c79a4b0eedc289cd3dd33f559ddc8e777b5462d41ae0b61e488
-
SHA512
fc5b371049b3894aebb8e789b47461bb73f2503f929bffde661cf9a1d66f66aec723d787bb2649b12f97befe1cee9a6ac5ee6455008b259c64047c6b48d0ee5d
-
SSDEEP
384:xHXRMqRu2D086fzCAx6JNdoRMHyyU7A0MdwkVqFsuZioC6b7s3T369UChfkFDP9O:xrQjv7xj0DdwkVqFsu0oC0cFpYciEEZ
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Roblox 2016\Webserver\bin\apache\bin\ApacheMonitor.exe"C:\Users\Admin\AppData\Local\Temp\Roblox 2016\Webserver\bin\apache\bin\ApacheMonitor.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage