Overview

overview

7

Static

static

3

roblox_4130559591.exe

windows10-1703-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    122s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18/08/2024, 13:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    roblox_4130559591.exe

  • Size

    1.1MB

  • MD5

    9c35ad75619d515b0d4872c3c4b81a73

  • SHA1

    62a84bd0a15fed90cdbfb1c4acc7eb9664da9ef2

  • SHA256

    dd2737407bc080167bfb7d79d7c98c29de1680b83e566364843460834596798a

  • SHA512

    b87fea3adc7a752cb59e8ed83cdc8f8fd349f4787836cfc7716cc9204ef7531a3e32f940176136fd3086d788866fa8a876bc154a00051ca8cafcdf9c8a0ec6a2

  • SSDEEP

    24576:1c1FhNtjH3rOGHnI5FYHq0YshKZhtTgqZpnDgLxE0MAugux2TrhbICm:1urPXaQBqVfZzgUMq0MAvq2TdbICm

Score
7/10
discoveryevasionspywarestealertrojanupx

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 26 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\roblox_4130559591.exe
    "C:\Users\Admin\AppData\Local\Temp\roblox_4130559591.exe"
    1⤵
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3608
    • C:\Users\Admin\AppData\Local\Temp\roblox_4130559591.exe
      "C:\Users\Admin\AppData\Local\Temp\roblox_4130559591.exe" /_ShowProgress
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:3160

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\INH240~1\images\Grey_Button.png
    Filesize

    1KB

    MD5

    b2b464997f4db222765a07f8ba7909b2

    SHA1

    848b1b499e1ea1a9c3b3b4fdc94416fe450ae64a

    SHA256

    38de61d53651a817708fff0552aac6f9122e722b92da9ab1a455b547fae91123

    SHA512

    fbfd16e3dc5c1dd5d2fb692cb5edd5f6a66ca2c3715b3ca0ec74d81c3a3c796aeddcd1410507f7400b270ff12867186da5d55cdfc3b2562ca7b3e99515f005c9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\INH240~1\images\Grey_Button_Hover.png
    Filesize

    1KB

    MD5

    5cd7a897da3d92981e4733b20750bba1

    SHA1

    d9309ef665065444e114e2743250307c87c98853

    SHA256

    4c10c9ab2b9efe61916b89d0d256d7c1ea53a618d970a04eb0bb89dfe8628822

    SHA512

    1d687c808e913fcbaac61df5bedd227c3efa4449fd713a565dae30ef11c2a1da2dacae56f5adac786d667764d7021d7d08d24440880404825a0e2979d9ea314f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\inH24066040631578\bootstrap_47308.html
    Filesize

    156B

    MD5

    1ea9e5b417811379e874ad4870d5c51a

    SHA1

    a4bd01f828454f3619a815dbe5423b181ec4051c

    SHA256

    f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

    SHA512

    965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\inH24066040631578\css\main.css
    Filesize

    8KB

    MD5

    5996c85da09d7c527cb954e5fa3d91b1

    SHA1

    96cc5f4cd2234ce274337bfc7a751eed4c3a2a5c

    SHA256

    54f48f4ddce0216024efe18ad670f786b02ab53e5e4f53ce0abd8566e311e2df

    SHA512

    0965fe57960f191235eba208ae65ba97a5a6c79d23835b288a83c57f94b4f3941e0f166908dd3d97cb112d961d1eb71c835d0f37989b784f3c9fba63334b0406

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\inH24066040631578\css\sdk-ui\progress-bar.css
    Filesize

    506B

    MD5

    5335f1c12201b5f7cf5f8b4f5692e3d1

    SHA1

    13807a10369f7ff9ab3f9aba18135bccb98bec2d

    SHA256

    974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

    SHA512

    0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

    Download Submit

  • memory/3160-211-0x0000000002890000-0x0000000002A1C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3160-209-0x0000000002890000-0x0000000002A1C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3160-200-0x0000000002520000-0x00000000025F2000-memory.dmp

    Filesize

    840KB

    Download

  • memory/3160-210-0x0000000002890000-0x0000000002A1C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3160-206-0x0000000002890000-0x0000000002A1C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3160-198-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3160-213-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3160-212-0x0000000002890000-0x0000000002A1C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3608-177-0x00000000027C0000-0x000000000294C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3608-193-0x00000000027C0000-0x000000000294C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3608-164-0x00000000027C0000-0x000000000294C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3608-176-0x00000000027C0000-0x000000000294C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3608-175-0x00000000027C0000-0x000000000294C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3608-2-0x0000000000401000-0x000000000040B000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3608-178-0x00000000027C0000-0x000000000294C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3608-179-0x00000000027C0000-0x000000000294C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3608-180-0x00000000027C0000-0x000000000294C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3608-173-0x00000000027C0000-0x000000000294C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3608-174-0x00000000027C0000-0x000000000294C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3608-169-0x00000000027C0000-0x000000000294C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3608-194-0x00000000027C0000-0x000000000294C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3608-165-0x00000000027C0000-0x000000000294C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3608-196-0x00000000027C0000-0x000000000294C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3608-197-0x00000000027C0000-0x000000000294C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3608-163-0x00000000027C0000-0x000000000294C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3608-15-0x00000000027C0000-0x000000000294C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3608-10-0x00000000027C0000-0x000000000294C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3608-14-0x00000000027C0000-0x000000000294C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3608-13-0x00000000027C0000-0x000000000294C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3608-5-0x0000000002450000-0x0000000002522000-memory.dmp

    Filesize

    840KB

    Download

  • memory/3608-3-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3608-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3608-214-0x00000000027C0000-0x000000000294C000-memory.dmp

    Filesize

    1.5MB

    Download