Analysis

  • max time kernel
    1799s
  • max time network
    1685s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    02-09-2024 07:26

General

  • Target

    https://www.roblox.com.bi/users/5445740091/profile

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.roblox.com.bi/users/5445740091/profile
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1408
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff62989758,0x7fff62989768,0x7fff62989778
      2⤵
        PID:4164
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=220 --field-trial-handle=1644,i,12031438918308579427,15038012566310788130,131072 /prefetch:2
        2⤵
          PID:3808
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1644,i,12031438918308579427,15038012566310788130,131072 /prefetch:8
          2⤵
            PID:3408
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1644,i,12031438918308579427,15038012566310788130,131072 /prefetch:8
            2⤵
              PID:2588
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1644,i,12031438918308579427,15038012566310788130,131072 /prefetch:1
              2⤵
                PID:824
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1644,i,12031438918308579427,15038012566310788130,131072 /prefetch:1
                2⤵
                  PID:1504
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4896 --field-trial-handle=1644,i,12031438918308579427,15038012566310788130,131072 /prefetch:1
                  2⤵
                    PID:4360
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=1644,i,12031438918308579427,15038012566310788130,131072 /prefetch:8
                    2⤵
                      PID:408
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 --field-trial-handle=1644,i,12031438918308579427,15038012566310788130,131072 /prefetch:8
                      2⤵
                        PID:4012
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1644,i,12031438918308579427,15038012566310788130,131072 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4568
                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                      1⤵
                        PID:3536

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                        Filesize

                        2KB

                        MD5

                        b30f1a0eb4d8c0fd3594117b07b60287

                        SHA1

                        5a7a581912298b0417af66c46df803db2a53f861

                        SHA256

                        351f80951d2b38b0938a9ec78a3be759639f7aec13eb68d4683a35432ec85426

                        SHA512

                        911253bca79484b2c7544b1e375b6303df2b4c6c05578892931277e3ca7b8c02c5325b970c1a4670b295af4e6250c220662fd40459ed5fbb19e3d40d1fe729e3

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        3KB

                        MD5

                        5ef37ad89cd06de95efbea8baa91c6e1

                        SHA1

                        2b574e1c434d194939e2aab86c951e7fbc27c6a7

                        SHA256

                        5b67fdd875ac38a30725bfe65e0b3ff50b0b1dc51e21b511aaae6c09dcc1fe69

                        SHA512

                        0f69f840d0353bca06f2db5a19a3674b44c397282668149406f040b9e8d0a8e1cbed5871e1143e4f1b2fcfb0f86b74a7602917f57f98c832174006fd2e0c150a

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        1KB

                        MD5

                        ebb8640bd230e65602c35459e4f59ff4

                        SHA1

                        e7d3ef7ec73d11613e704558ac572692a8bcf130

                        SHA256

                        a261a6e29d2b7f415d9d9feefcc9868a5503e9825745c8e317159b4398adb30e

                        SHA512

                        d5adc828c07474965ebdc032cf706ac16d928d27f94480a64fe50b7f770fe02ee01eed36593bd56c8cd22f71f2fe85848d842e44173acdcc5e9a2920c275d479

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        1KB

                        MD5

                        8263082617c41cf848b0a113054f33dc

                        SHA1

                        bbdb0ed3d292f20f63ec6bf4961c77abcec7193b

                        SHA256

                        b8ff16c015a02b4beb793ebaab5e399679104244dcb64961bbb259af90e10bef

                        SHA512

                        590be27d649c265c3d3aff55c5d2dfc1ba2a92359c5c178901fab1850558617aca3e70cd9b4cd94a89e3fa98f288ae15d136230ac5e855e68784eb04ecf5e654

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        1KB

                        MD5

                        ac8d05374dd0728b3a66395450671dd5

                        SHA1

                        56f9da09893792ff6d7f45e00d9f34727ab14e02

                        SHA256

                        114703f774e236422cb0e6c4c6dc94dea481b83eeaf36ffa974964af3c0845f1

                        SHA512

                        709d189974a549b5685f65ce1c45c856d0de7d278aaf64dc722fe151b9059abf89d96c3430d8c1bccbe849b55e0c2ab12ba99443ea38f2c0c773bf40d13c0211

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        1KB

                        MD5

                        9e2d6913fb0473ac8daa694d9cad9f28

                        SHA1

                        4eab30692eeecbc83d02f65c6657741c5edfdc6a

                        SHA256

                        3ad1abbb68ce541a48eb56d7dc1a10864805f69bea58140a21f676dc11edfbdc

                        SHA512

                        cb5f168779e8b23d32db6ac32b47f048052e632560ad221eac5d250a52c5be6b042cfb6d2995116a8e5cbab6c91b2a7f1be0e0fe8a71a0041df29c5b1c3f84c5

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        6KB

                        MD5

                        c235cc10485ba1027a17ba080599c65c

                        SHA1

                        17589b8b8e65cf67d7d811af8ad4ed93c8197f1e

                        SHA256

                        3aebd38cbbfe0cb1c3c70b0e16a4733304442788d459357228af18a951c10900

                        SHA512

                        e6371ae3cfe93e9befa0b907699f1a851f2ce44417ff17bfecaada4b70276b8f7cb159344a9d6b86275473b55b1b1f05224854811834d59809eeec702880a7eb

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        6KB

                        MD5

                        d989e850af19fe7b2f2751418b0f3fed

                        SHA1

                        25a99d06b4c0ab93f7216a3c70df6333a5caeb07

                        SHA256

                        e495737b3f58d749c7a7eb5d4c8eb1f838353a0b7bfda10ca7adb176c1e3834c

                        SHA512

                        966c712c77ccbc0e57b19934040c81bcea45ce126bb9d1427441fc35e33c73b77a17d73650b690bb140946cc082d67785bca2bb57039fec991c037bc93137974

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        6KB

                        MD5

                        309cb9042dcf97a8525d64f91363d6ad

                        SHA1

                        d3181a03af8f47330a9594e3bd3cda3a1983b1b8

                        SHA256

                        6b0c51e5a6086a089d1a012a016d4aa66046c6e839d10b239d119de67dcc8896

                        SHA512

                        df0611c3e7c7648c68dab2343a0e700227ad330a4ccb0df35589df8aa2b5bab8526a7f45019ec5cba7112cb8f165fd972cebb677f19aa8bef60bdeccd16baabd

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                        Filesize

                        136KB

                        MD5

                        c0ae7bd562de72096f0eaa085d476f47

                        SHA1

                        b1bac9e601e4a7938c15d99e792ca2d0f953d3b9

                        SHA256

                        e167d8833d0d5d6a4447a067f949716d0caf9e8eff47f8a0d4ad01b981c1ad8c

                        SHA512

                        7b731574a3c4bb448488b4dad07db084e75af683ac7f52260ea7d3e44b0bd3a1aca1835e3ede246d89020d0f2ccca34d3309fdbe09cb16c86a9b37edfc5623f0

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                        Filesize

                        2B

                        MD5

                        99914b932bd37a50b983c5e7c90ae93b

                        SHA1

                        bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                        SHA256

                        44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                        SHA512

                        27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                      • \??\pipe\crashpad_1408_MAVAHPZEFZYZOXBO

                        MD5

                        d41d8cd98f00b204e9800998ecf8427e

                        SHA1

                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                        SHA256

                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                        SHA512

                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e