Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
08-10-2024 15:46
Static task
static1
Behavioral task
behavioral1
Sample
Pedro_Robux.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Pedro_Robux.exe
Resource
win10v2004-20241007-en
General
-
Target
Pedro_Robux.exe
-
Size
39.1MB
-
MD5
6365ba95697f9fa8affdeb8fd116e14b
-
SHA1
c6f09b62080c2df01cf2d79ee647f86a586b6f4b
-
SHA256
83901384cee0c937e1955b81f69635caec5358d2267ab996fd12ad54f9d1e1f3
-
SHA512
b493dc529256c04029117b43c05f9b9262615ecd3579dc3df3ba6cda0ac666d67ad45131a0a768407385bb0341f2d16da93cd74eedee8ae345c17f4ad887087f
-
SSDEEP
786432:3x+yunjmpikrbcW9rp3AryPARxVZDhxMW23tdybpc:MGxbcehAryPARNDhxr23tdo
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2708 Stub.exe -
Loads dropped DLL 2 IoCs
pid Process 2696 Pedro_Robux.exe 2708 Stub.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2696 wrote to memory of 2708 2696 Pedro_Robux.exe 30 PID 2696 wrote to memory of 2708 2696 Pedro_Robux.exe 30 PID 2696 wrote to memory of 2708 2696 Pedro_Robux.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\Pedro_Robux.exe"C:\Users\Admin\AppData\Local\Temp\Pedro_Robux.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2696 -
C:\Users\Admin\AppData\Local\Temp\onefile_2696_133728759937058000\Stub.exeC:\Users\Admin\AppData\Local\Temp\Pedro_Robux.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2708
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.5MB
MD55a5dd7cad8028097842b0afef45bfbcf
SHA1e247a2e460687c607253949c52ae2801ff35dc4a
SHA256a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce
SHA512e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858