Resubmissions
05-07-2024 20:49
240705-zmg84avgrq 602-07-2024 22:50
240702-2sljtayapr 602-07-2024 21:03
240702-zv7tqaygqe 601-07-2024 21:08
240701-zyw7dstdmj 628-06-2024 21:21
240628-z7jmnasdmd 1028-06-2024 21:19
240628-z6e8vasdke 428-06-2024 21:18
240628-z5zwvssdka 128-06-2024 21:16
240628-z4fftsvfrq 428-06-2024 21:11
240628-z1wnmssckh 1Analysis
-
max time kernel
1650s -
max time network
1660s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
-
submitted
28-06-2024 21:11
General
-
Target
RobloxStudioInstaller (2).exe
-
Size
4.5MB
-
MD5
34b2fd7c0a35ee46a8fc3a38ac18d489
-
SHA1
f0b1446847d05f8a28c98f1d0204d632644f5721
-
SHA256
7d30dad6bc7c79e0ee043bdc8dfd2b64d8b1ea19687b332683ed57bb55331118
-
SHA512
2d126018df5c0bdbf9e6906431a3fe988593080d6ce3077e7d7f85f564ad24f4c1a081bc0709900623604c76ed1f6037bf8f670e0334d2b0b146eea13196ffbb
-
SSDEEP
98304:n5vhdKHivtGeJKrsS3wA6RgN0VbTbcXC8I42nSbhh/A:1hSivEStS3ogN26InS4
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: LoadsDriver 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\RobloxStudioInstaller (2).exe"C:\Users\Admin\AppData\Local\Temp\RobloxStudioInstaller (2).exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s FDResPub1⤵