Analysis

  • max time kernel
    1799s
  • max time network
    1684s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    04-09-2024 11:34

General

  • Target

    https://www.roblox.com.bi/users/5445740091/profile

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.roblox.com.bi/users/5445740091/profile
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3640
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb64499758,0x7ffb64499768,0x7ffb64499778
      2⤵
        PID:588
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1772,i,10231855896454867306,3529562725750943534,131072 /prefetch:2
        2⤵
          PID:2096
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1772,i,10231855896454867306,3529562725750943534,131072 /prefetch:8
          2⤵
            PID:2668
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1772,i,10231855896454867306,3529562725750943534,131072 /prefetch:8
            2⤵
              PID:508
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=1772,i,10231855896454867306,3529562725750943534,131072 /prefetch:1
              2⤵
                PID:3208
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1772,i,10231855896454867306,3529562725750943534,131072 /prefetch:1
                2⤵
                  PID:1304
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4520 --field-trial-handle=1772,i,10231855896454867306,3529562725750943534,131072 /prefetch:1
                  2⤵
                    PID:5104
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 --field-trial-handle=1772,i,10231855896454867306,3529562725750943534,131072 /prefetch:8
                    2⤵
                      PID:2464
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 --field-trial-handle=1772,i,10231855896454867306,3529562725750943534,131072 /prefetch:8
                      2⤵
                        PID:3896
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4388 --field-trial-handle=1772,i,10231855896454867306,3529562725750943534,131072 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4952
                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                      1⤵
                        PID:5104

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                        Filesize

                        2KB

                        MD5

                        d988074f647208e867e22b6da73e57e5

                        SHA1

                        fe9069891e2aa02aa15dae08e4697cbc4106c972

                        SHA256

                        30afec43dacfbe40cb5a2496b10dc34d21dcc2c5379ac1a75db502b048d1e113

                        SHA512

                        5403f8ddeb892d35e049139a12772ec94fff3439aa51b23cd4def46646ec554ee60ad83d59ebdc8c19e3c328902ac8fc7b2f3592bf3a1b6c32a46000b1fb5d9b

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        4KB

                        MD5

                        4e76951fd92d37fdd8e7ebcec5561bf1

                        SHA1

                        a7fd69ee78cb1676748f0bea8f43edde2155f0c7

                        SHA256

                        1a254b1625e15cd3f9b0bcc614b4563677d742300d153ccfcb32f8308960dd4c

                        SHA512

                        3209eb952b2a62a88b25c1de04c2bd0faf153c51e788335ebf47519488c5c91e8c0ccdc33536bdac003ff7e4c08258f5c8d971407aef076eee3ea4cadd8ec007

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        4KB

                        MD5

                        e2b4653d434e05fcdc1f3d2b4d6222af

                        SHA1

                        3d063dc3026770c127d32ba0febdbd9e5a9ce2c0

                        SHA256

                        eb1cc6f1e3e275a719b66b345821be506336b38a68b2e60be6a26c988e852eaf

                        SHA512

                        b39f966ddb05718b452fa3bdf4741c5632b1619763a5f20088ab13cc80d67473fdc59e7463633d36d81a425dc4a73ffd860053be0576a8e8401edbceb001ecc6

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        4KB

                        MD5

                        987a9cb7e642ab91a1c550200f3d5372

                        SHA1

                        03473570ec9844775aa2b44ccbfaa2fe70fa8332

                        SHA256

                        f6f22bccb584b7300476586dc310793191af8486fdb8d6778ae5d59498e06348

                        SHA512

                        d3146ec3c13813ace0a61eaedb1ec696ae531e360f655bdec9efdccee493865597a85345679745e90e19955b5c939f0f75210b0a17911b4be962e0ee62725fec

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        3KB

                        MD5

                        aea41da95ad1b99a8015be1fb886b12b

                        SHA1

                        8e2faadb453705d2e003664b06c00b070cf238eb

                        SHA256

                        168728dfaf82b14e95fcb21f8ec72527aa6bbc52d4dbda15252346c9429ef348

                        SHA512

                        a1afeace8b0f30dc259487303ae74c8bf1346955f13f7d8115802abcfd78b0ab84762634386a16faaf00218c23c7144b6aaf6114d24327acb8517723de3bdc0c

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        1KB

                        MD5

                        4fa6d6d2095979bda410e8a24cfc6f5b

                        SHA1

                        2a7318260252c365d87f4b7cd1ed47684770f797

                        SHA256

                        de54f9a50af4513aaf9d4a2f6ef498ba2ea9af196cf3bdd818b9299cf1c01dca

                        SHA512

                        ff590d16372c62d4403710b3c7bcbb8e36cfc0a11da1186aa8e4d2a9e248c256471dea573c5a09bf35a5fd8cc2a94034e96922f0275eaac21b776d57389d0697

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        1KB

                        MD5

                        bda17f12b3df1ab193e4a9c4818059fd

                        SHA1

                        9b561bd5455d320221641187672e498a7445182d

                        SHA256

                        b7747f567e66e0a79e656e80687126cfc7a9ff9e8412301ca3af91e58fced299

                        SHA512

                        2316a9087fa1cef1d7af73d354b7a54756068cba35c393c2795ca4047ad740af412388efb97fefa70474634ae1ef99d029a991e893ab449aa693248408bb45f9

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        1KB

                        MD5

                        7a6a7cd0809153d48908aa813565cd1f

                        SHA1

                        c9d2117bd03381e44764a9dbab7241600cee518f

                        SHA256

                        eaca7817ef356aa89e895ed718a32c06d0e899950a9db759687e99907f790280

                        SHA512

                        f87e72a6c63cf6d378527bc15c93e770cc0799cc4aabae6cb1ede129693ae6d624ce3e4a1a228655bb7a2e904569a32df353550ed7ae02086c47dc67b9198012

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        1KB

                        MD5

                        fb4bb66a6d2cee7a461c0757009561fe

                        SHA1

                        e09344af0e390b227f41917aa27be3d6d0387821

                        SHA256

                        91f2fa208a6d5b7c40c7ddd68a296e5afb6c5df425ae166a98d5c9931de98b1c

                        SHA512

                        8a8b43b97ebc428b5adb278510d90412c400f3c6248216388167058b9e21c83f313240c5ca712d8ad685c4e67bdbc97282ba2838dfdb616a7a8df9a75d1fa8ba

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        1KB

                        MD5

                        7e1c04ffe323f87c8912ebcc7c52ecaf

                        SHA1

                        662e0bf0442550508c09fee335aacf1cb8d8ef8d

                        SHA256

                        97db41b598865401d1c29f5c84ad4b8ae9cb56bcd11ff3c3b0ddf6da86dcae14

                        SHA512

                        c324a623a09301bdeda034ac37a4454b7b7bfe1680ae5215946dc408e0319e7e501db057f5b7e8855f9cbcad3af7b4248a6874af0d336995afdb194361588888

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        1KB

                        MD5

                        b1ec6e5f7a565ee40fdebd1889f65259

                        SHA1

                        30d63f8f0fce36865943247ed1fc6413af4aa2bf

                        SHA256

                        a15e886c1812c3e9fcb4dd0c478748f42b604020eb3b5b565369b454b74b4773

                        SHA512

                        6f5a7dba0bddd8ca48109b0453050a157a01192f8b8cdd0f027b430f1c77f40965c96468c916b054ebef0072a2acf3d9130b5d9107629d3a0a97c98f2efa0ac2

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        6KB

                        MD5

                        f3b88aa052564095c6dde1c0d2db53cc

                        SHA1

                        f7789dc15ea250f3cfc0c5a3b8305d340b7ae53f

                        SHA256

                        b3c9c7b226ac384caee33b092a1e6e100fd0f9bbf0500dd0289531f9946618a2

                        SHA512

                        61a31e28d2a2b811d980f8224dfc7afba089bcb424657473aca3f7d1ad0475db67bf012923b8baba47fc14b016756a940a211e8727921ac8a40c1c6220b2e972

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        5KB

                        MD5

                        4ec73f8cd7be1a0ea25b4f450e77bdb2

                        SHA1

                        4acaa094ff36ee9d710a7bcc781aa71a0dbb3dc0

                        SHA256

                        1043951ab8c9d641af3b959876ea8aaf334f5d92eb210cb195d9d2a68aa41030

                        SHA512

                        449003002734f48abc9d2766a1f3d4276f9b4c6f5f7e00d9b0da4359a5750323e93fc1e5890f19ee4babcc676a0f9bd519b5dbc3722ada38ac573942f5f2d441

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        6KB

                        MD5

                        496addcaf3224a16a3a189f4f08ef9dc

                        SHA1

                        8a5c99e748812ab8725c18f3d20530dfb9b2f765

                        SHA256

                        cb8912dd1b9dddd47130af5282b3ad9370025e17b848be4f89f71d12c1614581

                        SHA512

                        5bdec87fe67853b09e9e398219b6453644daac2e826cbed6c28a70bd2ef3b673eacf38879fc9d2eee2e5c68fb7978f83dc634de2a38e825ab078098d22650f6f

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        6KB

                        MD5

                        67e248a240833a0b7e757a0160419992

                        SHA1

                        714ee819855fe460193be74d50ef6647af6332d3

                        SHA256

                        c65342f98a1893f0fbd45d6a13f19607b912906a810452533d86f67874d3e052

                        SHA512

                        1e282d1809b10dfcc0c7dbf0b42511c02ddb70c1cfec6ea0c30e308c4fa8a6953c216d69f2970dbc185a7196a5ad33b7fd45c5341f92f98de46d26acb967e01e

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                        Filesize

                        136KB

                        MD5

                        876396e75ad03eeb6109777326d6d216

                        SHA1

                        10464207a10874374ade6ec25a549757a118b267

                        SHA256

                        6bff52b770bde7aa34edb827f06504b9d478e2662e32ba7ae6aa1f0bf229fac0

                        SHA512

                        983ead7c1cdcf4ba474834a6a40986558c0745dbdd19ba7bb542955ae4ff2b3ce22f8b689e351622e2f8320469827bb6f9e73d4588c313d0e27476eb0158fba9

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                        Filesize

                        2B

                        MD5

                        99914b932bd37a50b983c5e7c90ae93b

                        SHA1

                        bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                        SHA256

                        44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                        SHA512

                        27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                      • \??\pipe\crashpad_3640_FKLZLIDYPTOSMQLX

                        MD5

                        d41d8cd98f00b204e9800998ecf8427e

                        SHA1

                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                        SHA256

                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                        SHA512

                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e