Overview

overview

3

Static

static

1

URLScan

urlscan

1

https://create.roblo...

windows10-2004-x64

3

Analysis

  • max time kernel
    9s
  • max time network
    10s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/10/2024, 11:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://create.roblox.com/store/asset/19003674862/AC6-15-Tools

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://create.roblox.com/store/asset/19003674862/AC6-15-Tools
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4852
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9396046f8,0x7ff939604708,0x7ff939604718
      2⤵
        PID:4072
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5041149116813608032,15385850325452003425,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
        2⤵
          PID:4580
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,5041149116813608032,15385850325452003425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3504
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,5041149116813608032,15385850325452003425,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
          2⤵
            PID:1780
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5041149116813608032,15385850325452003425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
            2⤵
              PID:2944
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5041149116813608032,15385850325452003425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
              2⤵
                PID:1332
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:4360
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:3448
                • C:\Windows\system32\LogonUI.exe
                  "LogonUI.exe" /flags:0x4 /state0:0xa39bf855 /state1:0x41c64e6d
                  1⤵
                  • Modifies data under HKEY_USERS
                  • Suspicious use of SetWindowsHookEx
                  PID:2188

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  fab8d8d865e33fe195732aa7dcb91c30

                  SHA1

                  2637e832f38acc70af3e511f5eba80fbd7461f2c

                  SHA256

                  1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

                  SHA512

                  39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  36988ca14952e1848e81a959880ea217

                  SHA1

                  a0482ef725657760502c2d1a5abe0bb37aebaadb

                  SHA256

                  d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

                  SHA512

                  d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                  Filesize

                  432B

                  MD5

                  ede744ed481c0a5aaf41a5266d5ce537

                  SHA1

                  330a4a2251d543cc038cd7cf24f660c29b829334

                  SHA256

                  57af1c48c184e119b4929c1d227b0e3d258c77f8658a92b61e4911246c2408a3

                  SHA512

                  d46e7d18f95a466e61b5ce048282e6396059e63b470f900c968ca79e0542d3b4df7bf4331c776f992fbbd836b13103fffb6cad7610705406ac8d9550ec756874

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                  Filesize

                  1KB

                  MD5

                  ce636f28e88d68b22d52251609204988

                  SHA1

                  d60f364c3ce19ca5e734c181b1d88b661ac8c96c

                  SHA256

                  7c6e048544a8fbaaaf1384462c3008585ae2e7ab0013e94dd71afb9c6de4f428

                  SHA512

                  03dad19858c376332af1da806a0d51be4980c996ff82a067234921214d00a1beabe4d0d8ea15f6b1c9189f97f9935ab05b09f4eb4faaa7387b7c1964448f08c6

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  57b1e976e1d92df825035d088bcd5803

                  SHA1

                  7bfcfb6bdb97f95ee048d46b7df5399b51e48b1e

                  SHA256

                  43fb62357aefe4b4ce506d9e44a00255174ff6796097b9794b98fc13a133d758

                  SHA512

                  f37d3ea88a9ab5f21ae8dd1b923f77e13136d299d1803f4de70a82028bb789b471661b933ca8e2d866c3b3513a649020adea89fe35e37a069c150d1aa59040a8

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  5KB

                  MD5

                  33d48d04ac3497db9bc9c1ecb8bbd5dd

                  SHA1

                  c6fd4cf4d05520541c42c3ab2069fa7bdd341615

                  SHA256

                  e03eb6027da6f46eff97c3f76682eeb2484f1ad57ba3018dc68c5fcef2e9e419

                  SHA512

                  bea5ece06bd2c1b7004e590d6f5b471c4c720cedd4401de1c17c3776fb28464b063145d93a9b20c0c5ac7ac08ebfcca83cdb376028b4b87580cf9266686ef913

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                  Filesize

                  10KB

                  MD5

                  6c30a477f3f2e9ca6f29fc0746efb46e

                  SHA1

                  905b8cf770e2aaa7009bc5234970857529af601b

                  SHA256

                  f6bb4825791ccca6d1cdafe60ffb6d604c321e3fcc5f40540c829687ec366ebd

                  SHA512

                  abd86ed0fa191f4dc08475678dc438ea3e11b449230e86f4ecf3147e6be666d18b4b5987f74d7fde78fe1ac2719540e0713ff9fcec7b9a6c1b257d4e17c02fdd

                  Download Submit