85cb7bf2dc75844d64ed043f8ab4d80d48989bd2d1084ecc1478b66ee1dda40c

Resubmissions

25-11-2024 09:29

25-11-2024 09:27

max time kernel
14s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 09:27

Target

roblox.exe
Size

53.5MB
MD5

e2b560c208c3f985a399f3d03e76b539
SHA1

a510b5eaefee58634e61e5724c541e027f5aad1f
SHA256

85cb7bf2dc75844d64ed043f8ab4d80d48989bd2d1084ecc1478b66ee1dda40c
SHA512

81c1e6b6e7507f8aa270588105dc6c390cf3195d688d373ce0f9b3d9d93cfd331fd06a0256db5b361b2c26b3b7e8a80f510eae9d193b4142531a0e4ae45951e6
SSDEEP

1572864:pGKlKWLxSk8IpG7V+VPhqclE7plPDerSEpbb:gKoKSkB05awcIJDervZb

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
1548	roblox.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x0003000000020aa0-1153.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 1548	2916	roblox.exe	30
PID 2916 wrote to memory of 1548	2916	roblox.exe	30
PID 2916 wrote to memory of 1548	2916	roblox.exe	30

C:\Users\Admin\AppData\Local\Temp\roblox.exe
"C:\Users\Admin\AppData\Local\Temp\roblox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Users\Admin\AppData\Local\Temp\roblox.exe
  "C:\Users\Admin\AppData\Local\Temp\roblox.exe"
  2⤵
  - Loads dropped DLL
  PID:1548

C:\Users\Admin\AppData\Local\Temp\_MEI29162\python311.dll

Filesize
1.6MB

MD5
546cc5fe76abc35fdbf92f682124e23d

SHA1
5c1030752d32aa067b49125194befee7b3ee985a

SHA256
43bff2416ddd123dfb15d23dc3e99585646e8df95633333c56d85545029d1e76

SHA512
cb75334f2f36812f3a5efd500b2ad97c21033a7a7054220e58550e95c3408db122997fee70a319aef8db6189781a9f2c00a9c19713a89356038b87b036456720

Download Submit
memory/1548-1155-0x000007FEF6BC0000-0x000007FEF71A9000-memory.dmp

Filesize
5.9MB

Download