cfd16c5e23c09bc2eb0cc56bc13dd480b5aec86e5a077e2e1a81251b8f58e467 | Triage

Analysis

max time kernel
0s
max time network
4s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 14:53

Sharing

Report Analysis Logs

General

Target

Multiple-Roblox-Instances.exe
Size

3.6MB
MD5

2c4c10262e5593b2959b865f24ebfced
SHA1

b648bbac2c6d612080a0e3500d93cdfb05dead95
SHA256

cfd16c5e23c09bc2eb0cc56bc13dd480b5aec86e5a077e2e1a81251b8f58e467
SHA512

71b346c1c31c8bb2ef52176669765fdaeee7c02483109587e2a7583561d8439bcc8b38df9cf297b1b2611f70d097cd807bc79dba07137e4e2af9864518816638
SSDEEP

49152:7+suA+uKb6Ji8yiW93rZMVmEM0jGiCzED:7Xu5u

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 1612	2900	Multiple-Roblox-Instances.exe	30
PID 2900 wrote to memory of 1612	2900	Multiple-Roblox-Instances.exe	30
PID 2900 wrote to memory of 1612	2900	Multiple-Roblox-Instances.exe	30

C:\Users\Admin\AppData\Local\Temp\Multiple-Roblox-Instances.exe
"C:\Users\Admin\AppData\Local\Temp\Multiple-Roblox-Instances.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Users\Admin\AppData\Local\Temp\Multiple-Roblox-Instances.exe
  C:\Users\Admin\AppData\Local\Temp\Multiple-Roblox-Instances.exe
  2⤵
  PID:1612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads