6d567d0959ae8c664714535ee960910c49e5f61971858fa396e9edb19688c1b3

Submit
Reports

Overview

overview

Static

static

RBXIDLE.Se....0.exe

windows10-2004-x64

$PLUGINSDI...er.dll

windows10-2004-x64

$PLUGINSDI...ls.dll

windows10-2004-x64

$PLUGINSDI...em.dll

windows10-2004-x64

$PLUGINSDI...ll.dll

windows10-2004-x64

$PLUGINSDIR/app-64.7z

windows10-2004-x64

LICENSE.electron.txt

windows10-2004-x64

resources/...te.cmd

windows10-2004-x64

resources/...te.vbs

windows10-2004-x64

resources/...on.dll

windows10-2004-x64

resources/...do.exe

windows10-2004-x64

resources/...sw.exe

windows10-2004-x64

resources/...ies.js

windows10-2004-x64

resources/...cmd.js

windows10-2004-x64

resources/...mon.js

windows10-2004-x64

resources/...log.js

windows10-2004-x64

resources/...ows.js

windows10-2004-x64

resources/...nsw.js

windows10-2004-x64

resources/...per.js

windows10-2004-x64

resources/...le.exe

windows10-2004-x64

resources/...rp.dll

windows10-2004-x64

resources/...64.dll

windows10-2004-x64

resources/...ns.dll

windows10-2004-x64

resources/...on.dll

windows10-2004-x64

resources/...ns.dll

windows10-2004-x64

resources/...ng.dll

windows10-2004-x64

resources/...ns.dll

windows10-2004-x64

resources/...es.dll

windows10-2004-x64

$PLUGINSDI...ec.dll

windows10-2004-x64

$PLUGINSDI...ss.dll

windows10-2004-x64

$PLUGINSDI...7z.dll

windows10-2004-x64

Uninstall RBXIDLE.exe

windows10-2004-x64

Analysis

max time kernel
90s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 17:53

Sharing

Copy URL

Twitter E-mail

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

RBXIDLE.Setup.3.0.0.exe

Resource

win10v2004-20250314-en

defense_evasion discovery execution persistence privilege_escalation

windows10-2004-x64

25 signatures

150 seconds

Behavioral task

behavioral2

Sample

$PLUGINSDIR/SpiderBanner.dll

Resource

win10v2004-20250314-en

discovery

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

$PLUGINSDIR/StdUtils.dll

Resource

win10v2004-20250314-en

discovery

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral4

Sample

$PLUGINSDIR/System.dll

Resource

win10v2004-20250314-en

discovery

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral5

Sample

$PLUGINSDIR/WinShell.dll

Resource

win10v2004-20250313-en

discovery

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral6

Sample

$PLUGINSDIR/app-64.7z

Resource

win10v2004-20250314-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral7

Sample

LICENSE.electron.txt

Resource

win10v2004-20250314-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral8

Sample

resources/app.asar.unpacked/node_modules/node-windows/bin/elevate/elevate.cmd

Resource

win10v2004-20250314-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral9

Sample

resources/app.asar.unpacked/node_modules/node-windows/bin/elevate/elevate.vbs

Resource

win10v2004-20250313-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

resources/app.asar.unpacked/node_modules/node-windows/bin/sudowin/Sudowin.Common.dll

Resource

win10v2004-20250314-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

resources/app.asar.unpacked/node_modules/node-windows/bin/sudowin/sudo.exe

Resource

win10v2004-20250314-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

resources/app.asar.unpacked/node_modules/node-windows/bin/winsw/winsw.exe

Resource

win10v2004-20250314-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

resources/app.asar.unpacked/node_modules/node-windows/lib/binaries.js

Resource

win10v2004-20250313-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral14

Sample

resources/app.asar.unpacked/node_modules/node-windows/lib/cmd.js

Resource

win10v2004-20250314-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral15

Sample

resources/app.asar.unpacked/node_modules/node-windows/lib/daemon.js

Resource

win10v2004-20250314-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral16

Sample

resources/app.asar.unpacked/node_modules/node-windows/lib/eventlog.js

Resource

win10v2004-20250314-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral17

Sample

resources/app.asar.unpacked/node_modules/node-windows/lib/node-windows.js

Resource

win10v2004-20250314-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral18

Sample

resources/app.asar.unpacked/node_modules/node-windows/lib/winsw.js

Resource

win10v2004-20250314-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral19

Sample

resources/app.asar.unpacked/node_modules/node-windows/lib/wrapper.js

Resource

win10v2004-20250314-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral20

Sample

resources/components/example.exe

Resource

win10v2004-20250313-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

resources/components/modules/containers/client/Microsoft.CSharp.dll

Resource

win10v2004-20250314-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

resources/components/modules/containers/client/Microsoft.DiaSymReader.Native.amd64.dll

Resource

win10v2004-20250314-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

resources/components/modules/containers/client/Microsoft.Extensions.DependencyInjection.Abstractions.dll

Resource

win10v2004-20250314-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

resources/components/modules/containers/client/Microsoft.Extensions.DependencyInjection.dll

Resource

win10v2004-20250313-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

resources/components/modules/containers/client/Microsoft.Extensions.Logging.Abstractions.dll

Resource

win10v2004-20250314-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

resources/components/modules/containers/client/Microsoft.Extensions.Logging.dll

Resource

win10v2004-20250314-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

resources/components/modules/containers/client/Microsoft.Extensions.Options.dll

Resource

win10v2004-20250314-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

resources/components/modules/containers/client/Microsoft.Extensions.Primitives.dll

Resource

win10v2004-20250314-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

$PLUGINSDIR/nsExec.dll

Resource

win10v2004-20250314-en

discovery

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral30

Sample

$PLUGINSDIR/nsProcess.dll

Resource

win10v2004-20250314-en

discovery

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral31

Sample

$PLUGINSDIR/nsis7z.dll

Resource

win10v2004-20250313-en

discovery

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral32

Sample

Uninstall RBXIDLE.exe

Resource

win10v2004-20250314-en

discovery

windows10-2004-x64

7 signatures

150 seconds

Report Analysis Logs

General

Target

$PLUGINSDIR/app-64.7z
Size

143.6MB
MD5

78eeb40d66efb2e17e4f15a147152049
SHA1

1621cfff9f939a7b261c89affca1b4c6a09467ca
SHA256

fe60a28f94dd02d5cf2997b7b105df1ee25794950590a95e54ef4b3fc5c998d6
SHA512

721c62b6611b81058b231a93525bcc0f7c1f42a16cc5b1e1f08af93e203d138fe442a082ec406bbd455bec2cf7a38e01705b6381250031d09e81a0961b8f28ad
SSDEEP

3145728:6FNsCo0L7fiLGL5n6PT6Lr0UOkyJQweGopgu9CzxxNEQFSvyrzkfC0Tf:6FN4SUu0UOkyJQp7pH9krNQvYgfl

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3572	7zFM.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	3572	7zFM.exe
Token: 35	3572	7zFM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3572	7zFM.exe

Processes

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3572

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads