Overview

overview

8

Static

static

3

RobloxPlay...3).exe

windows7-x64

8

RobloxPlay...3).exe

windows10-2004-x64

8

Analysis

  • max time kernel
    138s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    01/05/2023, 20:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    RobloxPlayerLauncher(3).exe

  • Size

    802KB

  • MD5

    9812038a6c7486d0dc1f8e969a6d7cd4

  • SHA1

    fa52199ba58801e2f30b87a3cc65b7fbc6bacb46

  • SHA256

    3aee6b38574e99cb92469161cf3319223e786a265b83be6aff25e15a9cf10ca6

  • SHA512

    1f01100c892a8c700640e263b76692186fcb073df32a8e8443fdbbfed9b0b499bbcb05b6ffaee53f4cc987ee87c98cbab58bd69672aa46bd9be488ad0a50e599

  • SSDEEP

    24576:v/dWIGPuNImcNai7Ntmkny1+TC3VjT7Hg:v/dUuNI7NaoTm5gT+XHg

Score
8/10
evasionspywarestealertrojan

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Modifies registry class 9 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher(3).exe
    "C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher(3).exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Checks whether UAC is enabled
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    PID:1508

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\PROGRA~3\Roblox\DOWNLO~1\1442F6~1
          Filesize

          20.3MB

          MD5

          333f305ca98542d1ed48f0133a30b8ab

          SHA1

          e8b954c758110be0556dad9b7ad5159791ef9d3a

          SHA256

          3f2188cf214dcc88135eb0f2a153d1b40d0e62aa9745841aa980e3128df07618

          SHA512

          53af444bbcaab1bc2a714aeb1fa3375345d40e872c6a68b834bddaaaf6efb911c8a5fc656af64f4106fff3b1a219aa10e27410f00148dadd55282bea308d6b37

          Download Submit

        • C:\PROGRA~3\Roblox\DOWNLO~1\17FACC~1
          Filesize

          24.0MB

          MD5

          4e1b3f52293a2a26a7eefaea51d7610e

          SHA1

          cc88debb4bd1ead571265da9f560b547852b5502

          SHA256

          8626c7f08f586cef092165ad6660108fdf3bd7c5ce1a09fb2444df8f52773820

          SHA512

          86a5078755a784d221d1d21ba6e720e5f5d30ba45fb6ca5ed698428cf6655252fd9b334dcacaa3e7337dffa23643d9b2cbd98f683027ff1421e5c5316ed0537c

          Download Submit

        • C:\PROGRA~3\Roblox\DOWNLO~1\1A4C37~1
          Filesize

          1.6MB

          MD5

          0bd09a9bf67250af4f1b6467882b372f

          SHA1

          dcbf083fe65a6d9a6c125e17838bc236aad6d91e

          SHA256

          034c502eb4d08c92a09ccb1807ba3030065dd66645619449c029975f2107a74a

          SHA512

          bc4af0ac3a57a05daa0b1e02b57d4ed044796850d0b7019d92f7b8ab80550e5a10aa54bb79479564a36079eb49949b58d4dd34b2bc974a0b64f274c4ba937fad

          Download Submit

        • C:\PROGRA~3\Roblox\DOWNLO~1\1B7493~1
          Filesize

          27.5MB

          MD5

          988d8686f49434b85089cdce53a20ba3

          SHA1

          f38f3fae9ca74d9ca6681fca4293082ebeafecc0

          SHA256

          7b77ae4b95a5a81a635e5c6cfa88da4e55d06aada64ffe88cd62e55b3e783324

          SHA512

          4c558f1fc99c73ec394a6b4964ed99486525a63bb2c072b4c6058c839272b7b135f070150d0100f269d622a38307c23b5904417e4e5525ab8b62f4922de61e47

          Download Submit

        • C:\PROGRA~3\Roblox\DOWNLO~1\1B9C7E~1
          Filesize

          1.7MB

          MD5

          115dda99360f9a495e22ba126f1217f1

          SHA1

          cf34d531534976e159488e8ced3b8c3fbfa26a29

          SHA256

          167041b0181c11ed7af10e6aff5d8edb03b74c1be95627c9f8e44800da696ed6

          SHA512

          a3643334963575ff539c4d1dc0b73e8ba07c7bd23d9621390feb0f0e32bbf73b7c28a0e88c371edfade3132602e0f8ecbb1a6bacf3f31ae1827302f17494a4d3

          Download Submit

        • C:\PROGRA~3\Roblox\DOWNLO~1\317BD-~1
          Filesize

          197KB

          MD5

          63c0b1946ae9ef9b6df21d95d6582d7b

          SHA1

          532f0b5f1877e7546f44f3f906903a6f7dc7da39

          SHA256

          090de4d418a776b24440efcd5721c9d5d9ae527951eed87661e82812ff98f3c1

          SHA512

          8750552d9cd824eb7296d37b366c7cb8c5985e8e71d88fb44e0f7fb256c0e56ff8c68d86429128448ba42f15b364d9301615184b88b0f8da1ebad65ecec5e17a

          Download Submit

        • C:\PROGRA~3\Roblox\DOWNLO~1\408008~1
          Filesize

          64.5MB

          MD5

          6fd85ed15eee25ed71d11132b7192fbe

          SHA1

          7e51d2f43339f548b12b7b3341fe7e46ba3693ab

          SHA256

          bd7fddeed4e714f103247e35502e0598acf2d3d047d44afc585c13623fb89b2c

          SHA512

          cf3679c596487e06e54fae65d7932dcf3a297de0f4ef201bfc9068765d8bfdb05a3d29309a7fa5347c1f7389c637ea39028891bc418e005c9b9326a85d3fa9ab

          Download Submit

        • C:\PROGRA~3\Roblox\DOWNLO~1\55DF8-~1
          Filesize

          343KB

          MD5

          8d33c0c66151ca68b730b0e40e7dc377

          SHA1

          424dd50ece5afb74322c21b97003e4da454281d1

          SHA256

          1dfa366d9ae32e76624a84d71db2d5b958f83db2208e92666c7bc65e6cf03ca8

          SHA512

          807387f0957ad0cacf2abd534946df1081da168191aafc681212299a32557648f37e9c8754ae7750744b4178750afa877a780dfdfac2c853586c79f35ca09966

          Download Submit

        • C:\PROGRA~3\Roblox\DOWNLO~1\60E7-5~1
          Filesize

          24KB

          MD5

          00c9475d099c4f8cc70d470c27b3f754

          SHA1

          e1962a893107fd5346bf186c7395965a2abe60ec

          SHA256

          67007250bc0e1a4314e79bd5e2782c6ded5e9559629f6633e80ffb6afdc2cda7

          SHA512

          e8ec362e551bca722f56b6fd226a87f1f7a6df44465e308004f660cb929c0699302098510c33da2ac40bf2cb58b657df2b5887a98aa1a6a89895359e8c9cff4a

          Download Submit

        • C:\PROGRA~3\Roblox\DOWNLO~1\ED04-5~1
          Filesize

          59KB

          MD5

          3641257e073edd97d76a639272d64451

          SHA1

          b1fc0660f9462d885cfa6be7e8f4096726e70f3e

          SHA256

          5efa224bd27045488dc896cc3eb711008a3d56773dffa004444784b90007b93d

          SHA512

          3af454ade85e85400c8f71a70410cc22651d913df7fa04ab01c1efc07bef84f8a074a03ee8f14704d2032dfa8cf49bab5838c37e76e8e57804c20a5fce1c730f

          Download Submit

        • C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe
          Filesize

          762KB

          MD5

          985a86c83bbee0a9de5dc2a34c8a822f

          SHA1

          32b5bdf1161c5c247b1e263b72a217fbb87c6ae8

          SHA256

          79aee28aabf67d52b90a3ba52dce9ac44a70cdb97847a417e83cda113e1dbfcd

          SHA512

          1d3ba4d904c0086d8cf8bbf2b62238f6247ad37d7dfd492de01687c218b3ee012097c7bb9720cb4ea880122010b04e46616bef0fc7570dbd9454f31ed00a4b77

          Download Submit

        • C:\Program Files (x86)\Roblox\Versions\version-d30b938ea76a153e\PlatformContent\pc\textures\cobblestone\normaldetail.dds
          Filesize

          176B

          MD5

          620e055b9e500e85a131d8be2a65c11e

          SHA1

          d7fa8af56bfcfd48f38931e3ef8606585664a248

          SHA256

          2a51ad9239a2102af2c08ee23e18407c3500770a931332a722c643ffca90a60e

          SHA512

          551a93a5cffbc008f6d6b122f4c45d686faf1ef5a90975b8b2ef906123d7981e40efc644494957544832f5f605dac434714239a17baea97fcb38175d589d8794

          Download Submit

        • C:\Program Files (x86)\Roblox\Versions\version-d30b938ea76a153e\content\textures\MorpherEditor\mainButtonIcon.png
          Filesize

          546B

          MD5

          27e25e8e79253929eaabe7ebb9a41019

          SHA1

          9eed3db83b00ff4175e84928466c5ee724976753

          SHA256

          993e3655350f2292ce54b472f355aaf42d0d71fde4ffea717d0b9875f6dd204e

          SHA512

          238cbebe41bda44d153bbde931d4ff5accca44f7a96b999238aab6eaa840d944543c80ae863d7f0601d16551f67c819884159f553a5ea85b95a2ee0a92f9eb76

          Download Submit

        • C:\Program Files (x86)\Roblox\Versions\version-d30b938ea76a153e\content\textures\StudioUIEditor\valueBoxRoundedRectangle.png
          Filesize

          130B

          MD5

          521fb651c83453bf42d7432896040e5e

          SHA1

          8fdbf2cc2617b5b58aaa91b94b0bf755d951cad9

          SHA256

          630303ec4701779eaf86cc9fbf744b625becda53badc7271cbb6ddc56e638d70

          SHA512

          8fa0a50e52a3c7c53735c7dd7af275ebc9c1843f55bb30ebe0587a85955a8da94ff993822d233f7ed118b1070a7d67718b55ba4a597dc49ed2bf2a3836c696f6

          Download Submit

        • \Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe
          Filesize

          762KB

          MD5

          985a86c83bbee0a9de5dc2a34c8a822f

          SHA1

          32b5bdf1161c5c247b1e263b72a217fbb87c6ae8

          SHA256

          79aee28aabf67d52b90a3ba52dce9ac44a70cdb97847a417e83cda113e1dbfcd

          SHA512

          1d3ba4d904c0086d8cf8bbf2b62238f6247ad37d7dfd492de01687c218b3ee012097c7bb9720cb4ea880122010b04e46616bef0fc7570dbd9454f31ed00a4b77

          Download Submit

        • \Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe
          Filesize

          762KB

          MD5

          985a86c83bbee0a9de5dc2a34c8a822f

          SHA1

          32b5bdf1161c5c247b1e263b72a217fbb87c6ae8

          SHA256

          79aee28aabf67d52b90a3ba52dce9ac44a70cdb97847a417e83cda113e1dbfcd

          SHA512

          1d3ba4d904c0086d8cf8bbf2b62238f6247ad37d7dfd492de01687c218b3ee012097c7bb9720cb4ea880122010b04e46616bef0fc7570dbd9454f31ed00a4b77

          Download Submit