Analysis

  • max time kernel
    91s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2024 01:00

General

  • Target

    Exexcutor/dll/RobloxPlayerBeta.dll

  • Size

    30.3MB

  • MD5

    37d24fd670952285ebfd71b67fd8c846

  • SHA1

    4bdbcae296df1c68791bdd73c5624a8c67de9fb7

  • SHA256

    c2473185b9a393b55bde12537d0164f3595f1940d8ed9ed612ea21f06fd7823b

  • SHA512

    544e40228267f5e59a582d6df316a6e08e9e740cd5252ac70b53901dfd1e761ff9eca72cf03fd43f2cba86e94ec2a537823b6c5cc96ef8744a302141ee64a570

  • SSDEEP

    98304:GXMt4v6+rCwLBcazmG52ZqIBnQeFJy6u93W635plyPv8UH12DEeTM46VF/Q29j4h:So+rFDmT1Q6un3a3H1s+FwGogbOqzOr

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Exexcutor\dll\RobloxPlayerBeta.dll,#1
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:4468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4468-0-0x0000016D3DD00000-0x0000016D3DD01000-memory.dmp

    Filesize

    4KB

  • memory/4468-1-0x0000016D3DD00000-0x0000016D3DD01000-memory.dmp

    Filesize

    4KB