General
-
Target
Roblox-Cheat-Downloader.exe.vbs.vbs
-
Size
1KB
-
Sample
241228-tmbteszjcx
-
MD5
962bd7bd025b2eaa5f042b922f19449b
-
SHA1
70626e0e14002129cb6873432a5cf81bbf564d1b
-
SHA256
88de0cfcc6299290a1942d286c8699b1905a5a20c994d209d43bf992c7e74cce
-
SHA512
0dfa4127e6806292fd563cd65644206770eeecfbf22aaf16d4f8b2af107d35dc7db6f035969b41a2be7e3b14c18905f7c2b120822bb326b869da4266d1526944
Static task
static1
Behavioral task
behavioral1
Sample
Roblox-Cheat-Downloader.exe.vbs
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Roblox-Cheat-Downloader.exe.vbs
Resource
win10v2004-20241007-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Extracted
C:\Users\Admin\AppData\Local\Temp\!Please Read Me!.txt
wannacry
15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1
Targets
-
-
Target
Roblox-Cheat-Downloader.exe.vbs.vbs
-
Size
1KB
-
MD5
962bd7bd025b2eaa5f042b922f19449b
-
SHA1
70626e0e14002129cb6873432a5cf81bbf564d1b
-
SHA256
88de0cfcc6299290a1942d286c8699b1905a5a20c994d209d43bf992c7e74cce
-
SHA512
0dfa4127e6806292fd563cd65644206770eeecfbf22aaf16d4f8b2af107d35dc7db6f035969b41a2be7e3b14c18905f7c2b120822bb326b869da4266d1526944
-
Wannacry family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
1File Deletion
1Modify Registry
3Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1