55d0595a777eb2b6e1df3eca1e65c847bbfda54a85a5cf637283201145c81d7f

Analysis

max time kernel
34s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 12:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

RobloxPingOptimizer-New-Main.zip
Size

3.3MB
MD5

8ffc4ade6707e1c9f7d01aa0847aa1c0
SHA1

2c09cfb5bfa3339fd8bc3ad474afd435ecabbe35
SHA256

55d0595a777eb2b6e1df3eca1e65c847bbfda54a85a5cf637283201145c81d7f
SHA512

c7e7c776902e26bf94e3d89c98ed760eceec8d9531a189998d7d2f574fea85fcf3de3bf8bd86d1f6de76e0ece93210e85bb3d83f98d3325fa5d30b3d8d3ad17c
SSDEEP

98304:oxIMdsLWAHbRVkwYh8P9TpnfyepRfV3XIyUIbdiKIS6T:oxiLWM9z39RnRfRXrvdiP

Score

3^/10

discovery

Malware Config

Signatures

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
436	Explorer.exe
2736	cmd.exe

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1520	WMIC.exe
Token: SeSecurityPrivilege	1520	WMIC.exe
Token: SeTakeOwnershipPrivilege	1520	WMIC.exe
Token: SeLoadDriverPrivilege	1520	WMIC.exe
Token: SeSystemProfilePrivilege	1520	WMIC.exe
Token: SeSystemtimePrivilege	1520	WMIC.exe
Token: SeProfSingleProcessPrivilege	1520	WMIC.exe
Token: SeIncBasePriorityPrivilege	1520	WMIC.exe
Token: SeCreatePagefilePrivilege	1520	WMIC.exe
Token: SeBackupPrivilege	1520	WMIC.exe
Token: SeRestorePrivilege	1520	WMIC.exe
Token: SeShutdownPrivilege	1520	WMIC.exe
Token: SeDebugPrivilege	1520	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1520	WMIC.exe
Token: SeRemoteShutdownPrivilege	1520	WMIC.exe
Token: SeUndockPrivilege	1520	WMIC.exe
Token: SeManageVolumePrivilege	1520	WMIC.exe
Token: 33	1520	WMIC.exe
Token: 34	1520	WMIC.exe
Token: 35	1520	WMIC.exe
Token: 36	1520	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1520	WMIC.exe
Token: SeSecurityPrivilege	1520	WMIC.exe
Token: SeTakeOwnershipPrivilege	1520	WMIC.exe
Token: SeLoadDriverPrivilege	1520	WMIC.exe
Token: SeSystemProfilePrivilege	1520	WMIC.exe
Token: SeSystemtimePrivilege	1520	WMIC.exe
Token: SeProfSingleProcessPrivilege	1520	WMIC.exe
Token: SeIncBasePriorityPrivilege	1520	WMIC.exe
Token: SeCreatePagefilePrivilege	1520	WMIC.exe
Token: SeBackupPrivilege	1520	WMIC.exe
Token: SeRestorePrivilege	1520	WMIC.exe
Token: SeShutdownPrivilege	1520	WMIC.exe
Token: SeDebugPrivilege	1520	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1520	WMIC.exe
Token: SeRemoteShutdownPrivilege	1520	WMIC.exe
Token: SeUndockPrivilege	1520	WMIC.exe
Token: SeManageVolumePrivilege	1520	WMIC.exe
Token: 33	1520	WMIC.exe
Token: 34	1520	WMIC.exe
Token: 35	1520	WMIC.exe
Token: 36	1520	WMIC.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 1520	2736	cmd.exe	95
PID 2736 wrote to memory of 1520	2736	cmd.exe	95
PID 2736 wrote to memory of 736	2736	cmd.exe	96
PID 2736 wrote to memory of 736	2736	cmd.exe	96

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\RobloxPingOptimizer-New-Main.zip
1⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:436

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4584

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\RobloxPingOptimizer-New-Main\RobloxPingOptimizer.bat" "
1⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Windows\System32\Wbem\WMIC.exe
  wmic diskdrive get Model
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1520
- C:\Windows\system32\findstr.exe
  findstr /i "DADY HARDDISK QEMU HARDDISK WDS100T2B0A"
  2⤵
  PID:736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads