Overview

overview

10

Static

static

10

Roblox.exe

windows7-x64

7

Roblox.exe

windows10-2004-x64

7

Roblox.exe

android-9-x86

Roblox.exe

android-10-x64

Roblox.exe

android-11-x64

Roblox.exe

macos-10.15-amd64

Roblox.exe

ubuntu-18.04-amd64

Roblox.exe

debian-9-armhf

Roblox.exe

debian-9-mips

Roblox.exe

debian-9-mipsel

Creal.pyc

windows7-x64

Creal.pyc

windows10-2004-x64

Creal.pyc

android-9-x86

Creal.pyc

android-10-x64

Creal.pyc

android-11-x64

Creal.pyc

macos-10.15-amd64

Creal.pyc

ubuntu-18.04-amd64

Creal.pyc

debian-9-armhf

Creal.pyc

debian-9-mips

Creal.pyc

debian-9-mipsel

Resubmissions

12/01/2025, 15:45

250112-s7b49a1ler 10

12/01/2025, 15:12

250112-sle9saxlfs 10

Analysis

  • max time kernel
    841s
  • max time network
    849s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    12/01/2025, 15:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Roblox.exe

  • Size

    17.0MB

  • MD5

    cdb735f997ef92e7abb6a2538043dda1

  • SHA1

    576d910e9b80ea127082353eb6418816e9f42e19

  • SHA256

    e4a8dc5c1d78a6721b7d3bd4678bd921d41f36618902a78e5634badaaa194fca

  • SHA512

    c315479c538688d5eaa2f57ee04f84eb51bba1d36dd63073c13c7f49e3ec2b53f3275b57d365128ba0c26a25046b7c91f17135581c6da782aee5ed0662141f44

  • SSDEEP

    393216:uQts9Y2pYDfDllpfaMPg5Rt81zd0zdCU:uQts9Y2abhHf9Pg5fGP

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Roblox.exe
    C:\Users\Admin\AppData\Local\Temp\Roblox.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Users\Admin\AppData\Local\Temp\Roblox.exe
      C:\Users\Admin\AppData\Local\Temp\Roblox.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"
      2⤵
      • Loads dropped DLL
      PID:1072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI22082\python311.dll
    Filesize

    5.5MB

    MD5

    e2bd5ae53427f193b42d64b8e9bf1943

    SHA1

    7c317aad8e2b24c08d3b8b3fba16dd537411727f

    SHA256

    c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

    SHA512

    ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

    Download Submit