41f5d10033636d49b2cacca91a213649b6f6be9ed0e53cf7071cb30d2f41c35a

Resubmissions

25/02/2025, 18:59

250225-xm74easkx6 10

25/02/2025, 18:58

250225-xmr27askw6 10

25/02/2025, 18:57

250225-xlyhksskt9 10

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
25/02/2025, 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Roblox Accounts Gen python.exe
Size

19.4MB
MD5

2c95f6a9476990450a6164172af1785e
SHA1

7f6fe742e44a3c31a30d86e7bc96814bed14632b
SHA256

41f5d10033636d49b2cacca91a213649b6f6be9ed0e53cf7071cb30d2f41c35a
SHA512

045cc494d5bca98b5497bedfb04eeaac2381c6af99fc1a1359f49b0124599e87c5596a02da8c3fa995f37c21eb0e4c08884c51d3db4d7206430ea54aec728c9b
SSDEEP

393216:gLFXlruh2Jp5qC3njkVQ8DOEAeCrGEgpQ+CvE4GJ4NI+Qm:CFXNuh50sQhf7Q/bHE

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
872	Roblox Accounts Gen python.exe
872	Roblox Accounts Gen python.exe
872	Roblox Accounts Gen python.exe
872	Roblox Accounts Gen python.exe
872	Roblox Accounts Gen python.exe
872	Roblox Accounts Gen python.exe
872	Roblox Accounts Gen python.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0005000000019fc3-136.dat	upx
behavioral1/memory/872-138-0x000007FEF64B0000-0x000007FEF691E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 872	2120	Roblox Accounts Gen python.exe	30
PID 2120 wrote to memory of 872	2120	Roblox Accounts Gen python.exe	30
PID 2120 wrote to memory of 872	2120	Roblox Accounts Gen python.exe	30

C:\Users\Admin\AppData\Local\Temp\Roblox Accounts Gen python.exe
"C:\Users\Admin\AppData\Local\Temp\Roblox Accounts Gen python.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Users\Admin\AppData\Local\Temp\Roblox Accounts Gen python.exe
  "C:\Users\Admin\AppData\Local\Temp\Roblox Accounts Gen python.exe"
  2⤵
  - Loads dropped DLL
  PID:872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21202\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
a8b0327931fd2c863693634b3081e6a0

SHA1
d66cd78c124e931667b6079d5bc5adf55a644293

SHA256
1fa836b3704b29e7ad1ea1b0b457f62aae4435c6a1d745707631552a2f83d5f6

SHA512
1b8331ac9b17d3553a5c7b4572f826bb232b339c28f6c9a31a870097c7612587cd1dbe59fe294501ce11cf5bba973d83784108309617b6f7104f2aae8f723961

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21202\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
eb4c279c8386d4f30aab6d76feec3e5a

SHA1
0c611e8f56591f64841b846df7d5c07fd75b55a4

SHA256
56bc7d3dd48d9cb209195f71be67d0a90ca929a8d4e6ae5a481f3ab0345da294

SHA512
1869b0c843df05ba849e79aa15b25855aa5c2c2e5a932c0de650b83c8abe2371585731b0213061b8f4d781a87b352ad3a09bf8555fcf0f9422a0bcc1a9062781

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21202\api-ms-win-core-localization-l1-2-0.dll

Filesize
14KB

MD5
a94626cbc9c0e1b62619a8cf49504ff8

SHA1
047e2b1f21f1258242238043143f1d892538bbc3

SHA256
a36792281c0aaab929635bb1f40ee3627225e7e35e6a199c188f3f782c7e6c27

SHA512
b208602f33f02c92df718e4c009e6e8055e538c9451ef6f9682ce21db5258d799c09f689aae2879470a934b60b4f3d44ea82704933fa40f2ff408cf42bd1c534

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21202\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
12KB

MD5
b16e6798ad40000698a09276961fc2c3

SHA1
b5184d9bdb1f5e7cfe17b2ec305c8554362067de

SHA256
f8b7122ca5e1d473818940fea4d1155af429463038ba61953908fbbbb7a8d613

SHA512
a4737a2236eb35e1b4935a5e333c7f1c51588852a8daf654fd2e7ca6e945e40df9d001394c2f3e3a9d023b8d4e34e9753f6472ed58df245b104623d7dbde7423

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21202\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
f0f891d08e0e358327b323b38f3ffca2

SHA1
eb20f147c53f86c59603f5edbf60f936f768fb1b

SHA256
9c8461929b61e0fd269ce735d699e7e3b6c0159d3e2659f60d681290abf9eac5

SHA512
94e13c4d09ff35c2ded7fd2649b3542aade1414f05772e2034af7723f2622e662e8c0bb67e1eb288e230f8ae183d8f1296c2a134b7ae061a452fa3f7423d7694

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21202\python310.dll

Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21202\setuptools-65.5.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21202\ucrtbase.dll

Filesize
1011KB

MD5
7e39d82adf5da0b51a968c764e0e15c1

SHA1
79e75ccde95798f21a34e5650b29dbebe79c1b43

SHA256
d67926328a72816d2944d7c88df6ff4bfccd41a9ce39af0309a0639829d0e7fb

SHA512
1c58d53c40535f80f482a5f406ef5bf9c2f963b9db5969c37ef47b0c59522a1a9bde3f3589538a7ae7d99d567a43170b384761e572c740010feb86894ce7322a

Download Submit
memory/872-138-0x000007FEF64B0000-0x000007FEF691E000-memory.dmp

Filesize
4.4MB

Download