Analysis
-
max time kernel
36s -
max time network
39s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
21-08-2024 23:52
General
-
Target
RBX Alt Manager.exe
-
Size
3.8MB
-
MD5
131932e4f1709c336a48394d010b839d
-
SHA1
03a63f9e44f317606361017c49982fabbcc84ae3
-
SHA256
348fd64bb5a77cece920aadaf8adc583d662342d84b2e1b42773c95a12cd658b
-
SHA512
3dcef7db833b7a318d092712d34edb8ecee1e9727ca2abc9ed2114a2473048a4e95c3e37ed15f2749bf3e79582abe77b4c78d1b8a07a6df78a9b216fd43d965b
-
SSDEEP
98304:V2bT1QzcmapX3TJcKGFjyPkqXf0Fk7WpW7:+QzWNdcKbPkSIk7yW
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\RBX Alt Manager.exe"C:\Users\Admin\AppData\Local\Temp\RBX Alt Manager.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\RBX Alt Manager.exe"C:\Users\Admin\AppData\Local\Temp\RBX Alt Manager.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 13523⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3028 -ip 30281⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe42623cb8,0x7ffe42623cc8,0x7ffe42623cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,17848115118535043108,13971716504245924482,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,17848115118535043108,13971716504245924482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,17848115118535043108,13971716504245924482,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,17848115118535043108,13971716504245924482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,17848115118535043108,13971716504245924482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,17848115118535043108,13971716504245924482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,17848115118535043108,13971716504245924482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,17848115118535043108,13971716504245924482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,17848115118535043108,13971716504245924482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,17848115118535043108,13971716504245924482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,17848115118535043108,13971716504245924482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,17848115118535043108,13971716504245924482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5bf8ce65cfc62532eec96eab3d6608293
SHA1e26750d57f1bfdbc6814b5628aa2b28b98342f55
SHA25629e07eeee794292ee69851f9c37378fb047e81454d108d8214bb8f48e72d6e42
SHA51279864889c3df670b09b057b2e3c420d2a265875c4a6a1ba03630dcac154cacae06ac2cd1759bbe7a21b2863aadf4da8588739aa88d17fd2b627898f6e0e9379b
-
Filesize
152B
MD54bf4b59c3deb1688a480f8e56aab059d
SHA1612c83e7027b3bfb0e9d2c9efad43c5318e731bb
SHA256867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82
SHA5122ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9
-
Filesize
152B
MD5b4ae6009e2df12ce252d03722e8f4288
SHA144de96f65d69cbae416767040f887f68f8035928
SHA2567778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d
SHA512bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1
-
Filesize
5KB
MD51d7ea0441e6e4e182aa701daedc2f466
SHA150662190278cff3596d395b4c8dd5e92caff67a8
SHA256a75b8521e3a7857f6ce101df15f07ec175170442b26d37fc9324f5ef93bd3648
SHA5128454a7c1c9f048da9420e0c46ee049fecdf0951af55e6243ec62f638eed2165b15533c2c7ef412f9dbb929ff8617f41b8340b1300b27e510ac1ca25348442e76
-
Filesize
5KB
MD56c7f0673a76b9b0b9abdf6a727485262
SHA1ccb505894dec942bac99fbe9d47c9aa6d2b5ed1d
SHA2560f5cc747cdae944824c937f3ec4e5f0511f53a256b981537aadce3fbea94e380
SHA512ef265cb0860c0fb6b1b2d2f234863c361e40ee1ae933b3ee1bfbc0599ba32f505980b8f1b0a3537b788ca3bbd29d2a05462cdff6c1207e55b7bd072e5a606a1c
-
Filesize
5KB
MD526d91b22d0d54df2b94e71756059c04b
SHA1c6c3af2a67441d923d554c749eabf0a26cd372c3
SHA256164bf6b2284eff47dfac606feece283709d33975f9fdb59b7f99cc60ff43ac8a
SHA51240123692556c0074853288d1c916c18cf42d4a83ee1435496879beea99c879b207c47cae55f218b88af408d0bb971383f425c8e6c21743ac8ab12c7d2f5cfe23
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD50e745d5d0b6b25dd29fb6d09f5d92c85
SHA1c27aa95c06a7dcdb38cd59711cc6e715fdd9d6b2
SHA25687564dd723081bc26aac4bdd4b1cb3f976021a5ab7dd77f7f278647b0e813b3d
SHA512d73f5bac56912a1c6a983f9747eabdb3fe59ffb93732735135991a3305cba30e06074603d554c1af1f430a1dfe83097ea41c43fa0b503f86dbca48550325a42c
-
Filesize
11KB
MD56df317995fe8586021163a7b96530ba2
SHA16a0ef3c3ffb91312692f66de1122bf0c4d04ae45
SHA25657825b7ae6034222bb0eff39c9cc4771094d5d702862a467d57e91f425531601
SHA5129e8dd2e6fdb9a52afa62cdb75a6c44890cb76019a1c0f23a241ed8ca20c34170bb3e46e56fb6aeda583d1f2ce58aafb55fbe74ebb3598b43a176a8f512621737
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
307B
MD52a40dbc9b944150983d9e1fc489660bf
SHA16ddc216f371c65d0c9a0aa740dec5a2dc52bd425
SHA256ce43e6b7695d95fe16a61fed950a40e86b8b7179ae15af812375b8b2b15c7899
SHA51212a1aa7fee2629d6d215c16199b7e267b28e0f405a1b014e97db584d371e629e1619804a3c09c7d45cb09fb9d76a0dbaf55bcb4374c807f5916db9d54bff3bb0
-
Filesize
2KB
MD53af58cc4ea567ff23275857a7662903b
SHA114cc53e5aaf65da4315436c9b85768ae04e94569
SHA256b19b7fdd8aa951e1ad15cf5f2c901f1c0a2c9b86a87added6268a72c97d1aa88
SHA5126d277743a1ac3fd520aa3e9dc2d3b6c8346d7f0dc2742ed716ae55ebd660e1cbe9bb754639cbda0d31561982bb89efd44c2328f382c27eb092339d0709dad253
-
Filesize
933B
MD5083c9613bea87bb1dcbf9bfee2c666fe
SHA17d310e72288eb118f3930664f835028084d999bf
SHA2561480054437115d21b16e161d0b58bb8670831abf2aa5f21fc59b46afc01dbef9
SHA512c9163d1802c5b53fe5fd57fa3ecc7e37d082fd6cb6d31fc98b8fe045ff422ee54cd0ebc43848cf823795f41aaaf0bd9cc775f652ed5bf7822bed49e66c69f360
-
Filesize
464KB
-
Filesize
7.7MB
-
Filesize
80KB
-
Filesize
40KB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
208KB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
4KB
-
Filesize
1.5MB
-
Filesize
584KB
-
Filesize
1.1MB
-
Filesize
80KB
-
Filesize
64KB
-
Filesize
280KB
-
Filesize
7.7MB
-
Filesize
5.6MB
-
Filesize
3.8MB