Overview

overview

10

Static

static

10

Bugs.dll

windows11-21h2-x64

1

Decompiler V.2.4.exe

windows11-21h2-x64

9

LoaderScripts.py

windows11-21h2-x64

3

Roblox HWD/Bugs.dll

windows11-21h2-x64

1

Roblox HWD/Scripts.py

windows11-21h2-x64

3

Scripts/Scripts.py

windows11-21h2-x64

3

Scripts/ServerSide.py

windows11-21h2-x64

3

decompile.dll

windows11-21h2-x64

1

krnlapi.dll

windows11-21h2-x64

1

saveinstance.dll

windows11-21h2-x64

1

Resubmissions

12-01-2025 13:45

250112-q2d1jsvkav 10

15-08-2024 09:01

240815-ky8g4avejg 10

Analysis

  • max time kernel
    432s
  • max time network
    463s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12-01-2025 13:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Scripts/ServerSide.py

  • Size

    2KB

  • MD5

    8f65f38bca462f4841aeca7b9fae6078

  • SHA1

    c6cfd3b8788a934a2830bf9dc561bffac072efab

  • SHA256

    cc3e3f0a38dcede5641b5f79f6d34907d11035cd33c02ed85d88541b07267512

  • SHA512

    2232a0442efb56bcf784a155ae46fc9b4f295985a307062efae1517cc13df59acf47669332a8d2f5d8057b8d0c73bad07b404125448a48bd5b821d18348c367b

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Scripts\ServerSide.py
    1⤵
    • Modifies registry class
    PID:1600
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads