Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-12-2024 17:48

General

  • Target

    https://robux.center/

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://robux.center/
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3480
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xd8,0x110,0x7ffad17946f8,0x7ffad1794708,0x7ffad1794718
      2⤵
        PID:5048
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,18176820364417816771,4704612762344318940,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
        2⤵
          PID:4396
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,18176820364417816771,4704612762344318940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1724
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,18176820364417816771,4704612762344318940,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
          2⤵
            PID:3084
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18176820364417816771,4704612762344318940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
            2⤵
              PID:5024
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18176820364417816771,4704612762344318940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
              2⤵
                PID:4788
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,18176820364417816771,4704612762344318940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
                2⤵
                  PID:4468
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,18176820364417816771,4704612762344318940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:752
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18176820364417816771,4704612762344318940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
                  2⤵
                    PID:3164
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18176820364417816771,4704612762344318940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2228 /prefetch:1
                    2⤵
                      PID:1728
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18176820364417816771,4704612762344318940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
                      2⤵
                        PID:2588
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18176820364417816771,4704612762344318940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
                        2⤵
                          PID:464
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18176820364417816771,4704612762344318940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
                          2⤵
                            PID:3704
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18176820364417816771,4704612762344318940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
                            2⤵
                              PID:1116
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18176820364417816771,4704612762344318940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
                              2⤵
                                PID:4632
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18176820364417816771,4704612762344318940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
                                2⤵
                                  PID:3968
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,18176820364417816771,4704612762344318940,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6288 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1716
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:1796
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4592

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                    Filesize

                                    152B

                                    MD5

                                    0a9dc42e4013fc47438e96d24beb8eff

                                    SHA1

                                    806ab26d7eae031a58484188a7eb1adab06457fc

                                    SHA256

                                    58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

                                    SHA512

                                    868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                    Filesize

                                    152B

                                    MD5

                                    61cef8e38cd95bf003f5fdd1dc37dae1

                                    SHA1

                                    11f2f79ecb349344c143eea9a0fed41891a3467f

                                    SHA256

                                    ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

                                    SHA512

                                    6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0b9c5a97-2aae-425e-b38a-de3f1fc60fb9.tmp

                                    Filesize

                                    539B

                                    MD5

                                    6adcdc78931f2bc4c6c0c4f2465a4eb0

                                    SHA1

                                    34c9affb16f0f5f65dd2e7dd258454ff0647bda9

                                    SHA256

                                    22057e60a369ecb5111daa920c306ba64843d3773f0cd93d56239d1750ce49aa

                                    SHA512

                                    a6f6530321315a5555d15e166f37a3040f353ac68602ed52e231b57001f1db46e87cd5f27855643a46fa7731cd8c9b954428a063466d724f7bffa4255eb8842b

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    144B

                                    MD5

                                    a5b434c920188c99c7f9dea2f0f7381c

                                    SHA1

                                    26c505a1bf2d396f91ead34de6c5cc2906ea460f

                                    SHA256

                                    58ca0ef173de5f87063efb0d19d764bedc1cb4b9507974135d01c5faa8942d9e

                                    SHA512

                                    c340294e8f0372363aa218a32cb8daa8b56f671a94363e0ca8e69393015f2e126a8d2911621f81fdcec30400b38285bf675cfa9a17d70e99971a2d2fb0e0021a

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    432B

                                    MD5

                                    2d7bd3ad97404c066138b5d84b8f78b8

                                    SHA1

                                    bd2cc97f0c3b00732d43140a162f05ba7495d2c3

                                    SHA256

                                    96d5efa8e5e2b0bc52f1bdb8934052c50b2a4aa06e7a25a1dab8beecfe6f6239

                                    SHA512

                                    dcffad111ed98f2c3204d1ce5fe3dded84f819523ecef92d893d035ba20a9db86440ddfd3a3a6499b23aefef392aa939bbaa45284dcb1d2a1ed564e82c30079f

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                    Filesize

                                    2KB

                                    MD5

                                    a5d8daa1e9518c80a574d5e43b6f1d9e

                                    SHA1

                                    2b266e9262a466109bf0faa166d9d1cf0e8384ac

                                    SHA256

                                    35929f519433ffcf0122793b41e306db797ea2b957af956ed819976693290e05

                                    SHA512

                                    78cf24a96547c8480fd2e84aefc91c6372cb2c68a24af3346b8d044f033ed71d214009326974a0e572a26cd9462048373bca023401533f37bea1dc25bf87c858

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                    Filesize

                                    2KB

                                    MD5

                                    be4ec9b15d62d903d9bfd307db12a0a5

                                    SHA1

                                    73274a200894e4c11963106dc55688e164845ac0

                                    SHA256

                                    b583308a5f95d7148854e65960454770c9e83e1496ef858f2fae49bbb54a0c90

                                    SHA512

                                    85a35a1ed463c40365c088b2a239810975a45ee24b6301915136e90fd4b46d16368c1c6194920fca6e7f7cea47e3094212497e9b6519d0f1fc0700339301655c

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    bada3b439d07ff939d9abea0c52be824

                                    SHA1

                                    ad1ac43731321a6397168dfa754e501400ee0460

                                    SHA256

                                    2095e44b7ee7318bb268e2f2f99f43b1b10075f58e8ac43cfae167176a968bab

                                    SHA512

                                    b4f2a4608ad3384a2ce18af5bbe1275620448534fb9a93a987c323df58f52be45cfa288022e29d654c034c18b7ec6fb40377b76b1e38d03aef772c2be4aa5a53

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    7KB

                                    MD5

                                    e09511569966c5099d6d73619f1a3f6b

                                    SHA1

                                    0a140e323afabed777f60695de66872b5623166f

                                    SHA256

                                    56053b9fcfb10e03ba51be36415a85938d89666712cade939bdc7f388047fe19

                                    SHA512

                                    85c6a4fea728cc39ea44e9bb700f5af9af1f776c18a8df9862d98d1ab008aa5323f9401c4488c67976c1d4dc8692bcc790bf3216780be1f981b8535712fcc741

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    5KB

                                    MD5

                                    acd93fc262b39b92fdd00b814119ad8b

                                    SHA1

                                    eb16ffc8d5c000068e14a83f0786df71c340b623

                                    SHA256

                                    1b0f016971857d81388f3989be3a9cb4093d03c9bfbb19118e631bbfba33b715

                                    SHA512

                                    b0871843ceab35b2dda7e9b3bc321e32d305302b9e9a1ea81e8dad2c04eaa57b2071242602dcc955b8ed9831fcc8cb2f1c78a9b8583044470f648813151d474a

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    466878705556bebbea7df26dc0a74d8b

                                    SHA1

                                    8b8ed3cb67748c8b1cb4a733f9533551b9357472

                                    SHA256

                                    2d41aeef0d6cf65fda511c8996d899520a4615c1f9a6deeaf69279eb47eb9c4e

                                    SHA512

                                    a46923df978e099aeaa8fb8dafc08b691fe7e896aba670fa22397c4caead31ba23c8af294a130133e48d0eeed0a5c1905d9b31fe50969e9b6dc0e76f1c5e5c50

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    539B

                                    MD5

                                    fed1495a092363bcdb028344e7fece45

                                    SHA1

                                    23d9886fdb5ddbae0370f6f180b0bf05c4b956f0

                                    SHA256

                                    b85555e2ec18c9483a8edeee4ae304e378d9886335677cfe6cc92596bd022182

                                    SHA512

                                    b15aa9152fef263b9ea6748a3d266c9dd32e6a722ba97576102560c8f9b997b646a0c353e5f72003bb7d78d91cf796d958649a55ed451f392c8424bbafb085da

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5821ac.TMP

                                    Filesize

                                    204B

                                    MD5

                                    4ebc0dda2ad761dfc896ac673b7887a7

                                    SHA1

                                    ea07e13c875d54c73522f617ade5c72d2e82e57c

                                    SHA256

                                    5882b7a4091d4b6aad751452ebef7a724668fe5d43fa4f61bcb514e67aff2dfc

                                    SHA512

                                    ca0858b83ca873ca2b145a9587c079191a32f9ce4cd936707702fe9a5e2bedf4694bf432125933effe496df859705af65d7c1330e1624019debdb0c178a0c686

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                    Filesize

                                    10KB

                                    MD5

                                    a5bb2c795f97e3477f2ad3789f7c9dc5

                                    SHA1

                                    2484efadd1c5bfc14b8c66dafb25e3348a0c3c6a

                                    SHA256

                                    b6b6de4ea9f83938ca4a7fccdf48b437fa6ce8e4e800e05412ba8eb691fbc7ce

                                    SHA512

                                    47b244a23e467a49dc1c170c1ee4cf6b82a9c44f94e09bc4960a741121d7c9f23dab427672e2b81d2fba7d1b25d092cd8f7ba9ca9e2f0ee6a132ac701067d256

                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                    Filesize

                                    2B

                                    MD5

                                    f3b25701fe362ec84616a93a45ce9998

                                    SHA1

                                    d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                    SHA256

                                    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                    SHA512

                                    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84