Overview

overview

10

Static

static

3

RobloxInjector.zip

windows7-x64

8

RobloxInjector.zip

windows10-2004-x64

1

Solara.zip

windows7-x64

1

Solara.zip

windows10-2004-x64

1

Roblox.exe

windows7-x64

10

Roblox.exe

windows10-2004-x64

10

bin/d3dcom...43.dll

windows7-x64

3

bin/d3dcom...43.dll

windows10-2004-x64

3

bin/libEGL.dll

windows7-x64

1

bin/libEGL.dll

windows10-2004-x64

1

bin/libGLESv2.dll

windows7-x64

1

bin/libGLESv2.dll

windows10-2004-x64

1

bin/libcry...64.dll

windows7-x64

1

bin/libcry...64.dll

windows10-2004-x64

1

bin/natives_blob.js

windows7-x64

3

bin/natives_blob.js

windows10-2004-x64

3

bin/report...64.dll

windows7-x64

1

bin/report...64.dll

windows10-2004-x64

1

bin/report...em.dll

windows7-x64

1

bin/report...em.dll

windows10-2004-x64

1

bin/report...ew.dll

windows7-x64

1

bin/report...ew.dll

windows10-2004-x64

1

bin/report...er.dll

windows7-x64

1

bin/report...er.dll

windows10-2004-x64

1

bin/reports/cs2.exe

windows7-x64

1

bin/reports/cs2.exe

windows10-2004-x64

1

bin/report...47.dll

windows10-2004-x64

1

bin/report...lp.dll

windows7-x64

1

bin/report...lp.dll

windows10-2004-x64

1

bin/report...e2.dll

windows7-x64

1

bin/report...e2.dll

windows10-2004-x64

1

bin/report...io.dll

windows7-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2024 19:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RobloxInjector.zip

  • Size

    24.8MB

  • MD5

    139ae6a2e4392f33471bf8d48df3063e

  • SHA1

    43efbb3a695775907f10b11ba39f65d598711d6f

  • SHA256

    b9c1b9b0080c47159b024c8cdabeac604e66aeec4022a89b120300290ae4a733

  • SHA512

    d611e0307091cefbcfd57729634674a783d2c289fe69d6218ad55448c572a59cd4aa9f84763cdcc758f596d924ec5314a1dd2859b38240cee64622197380adbf

  • SSDEEP

    786432:tzVPgXm96ziTA5+DPYWA6mjuPei9z2eXcGQH:tzV0mEziE5+be6mjti/cVH

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\RobloxInjector.zip"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Users\Admin\AppData\Local\Temp\7zO83811587\Roblox.exe
      "C:\Users\Admin\AppData\Local\Temp\7zO83811587\Roblox.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:2808
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2664
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0xc4
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1820

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2808-12-0x0000000000180000-0x0000000001180000-memory.dmp

      Filesize

      16.0MB

      Download