7b11f6b6a31c4d243cff119019b0a0d689c99ae5d8ef33ff0965ee712d64cd69 | Triage

Resubmissions

30-06-2024 17:31

240630-v3n95a1fja 3

Analysis

max time kernel
141s
max time network
96s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
30-06-2024 17:31

Sharing

Report Analysis Logs

General

Target

Roblox Aimbot UD/aimbot.exe
Size

6.8MB
MD5

ac7ecf7be597f995702d9fef9c8417e7
SHA1

3edd520d786e7c2d93bebdeb9faec5d1e0df0d90
SHA256

31e9202417bf78b6bd78a29dd3a483896bab7fd108974e1c28e7eee4c2edd397
SHA512

9a6a069749004b64afc270dbd77482a0099bea764e1b008b7a08a8f543c8522adef977376a89ffed45e6568af3cb5a47040a14c94c3095601363927bd28a0ce2
SSDEEP

196608:WHKmw30l64nzubQbXGy7887vahw2AYVrEQDVu:WHocabAG4vSwoWaVu

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

aimbot.exe

pid process

4556 aimbot.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

aimbot.exe

description	pid	process	target process
PID 4556 wrote to memory of 3412	4556	aimbot.exe	cmd.exe
PID 4556 wrote to memory of 3412	4556	aimbot.exe	cmd.exe
PID 4556 wrote to memory of 3384	4556	aimbot.exe	cmd.exe
PID 4556 wrote to memory of 3384	4556	aimbot.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\Roblox Aimbot UD\aimbot.exe
"C:\Users\Admin\AppData\Local\Temp\Roblox Aimbot UD\aimbot.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4556

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title Colorbot
2⤵
PID:3412

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
2⤵
PID:3384

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4556-0-0x00007FFDDEC30000-0x00007FFDDEC5A000-memory.dmp

Filesize
168KB

Download
memory/4556-1-0x00007FFDD4B70000-0x00007FFDD6C26000-memory.dmp

Filesize
32.7MB

Download