Analysis
-
max time kernel
149s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
22/08/2024, 11:03
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Roblox.Account.Manager.3.7.2.zip
Resource
win7-20240704-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
Roblox.Account.Manager.3.7.2.zip
Resource
win10v2004-20240802-en
windows10-2004-x64
11 signatures
150 seconds
Behavioral task
behavioral3
Sample
Roblox Account Manager.exe
Resource
win7-20240704-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral4
Sample
Roblox Account Manager.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
16 signatures
150 seconds
General
-
Target
Roblox.Account.Manager.3.7.2.zip
-
Size
4.2MB
-
MD5
d58b79cb3d3635ba963427362f75d075
-
SHA1
0e33eeff9b625fceb2d2d0195e6f32523d57db79
-
SHA256
49b2c015da0851a2ed43820799a7bcda08e1bc5f315e107598f87f4b1bd36dac
-
SHA512
176de76618d0dc43f17e2971787666b737d7308a67f40bd2bb82ab4f0d3276f877fbeb7cc987f797e6572ec736c29d8568f441194a45cb5ba8d751bf139ab79a
-
SSDEEP
98304:gYRAasq6wh5OiduKi0yAlWNYrsmekq13pgOtleGlci1D7VaMV:7y5haDbyAMNY4mekmCOtQi1laa
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1448 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1448 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe 1448 taskmgr.exe
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Roblox.Account.Manager.3.7.2.zip1⤵PID:1260
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1448