Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

RobloxPlay...er.exe

windows7-x64

8

RobloxPlay...er.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RobloxPlayerInstaller.exe

  • Size

    4.5MB

  • Sample

    231006-tyh2waed7v

  • MD5

    8d3e0e959c6c08904d0c3af255fee155

  • SHA1

    9e2da713f64afd27e05cb79bc54b6589d86be70a

  • SHA256

    5dd1d199c4d333be86121f55585c5663cd423fcdac57c7ae680dee643a3c5261

  • SHA512

    b28a775494de7289cef3c1a2f5f7e66119a88f841ab2de3dc5974fd21494d7ef435b398fb09b1149f801644c8adf83b866c3a87ca4ff8c2f375f97f2d3d0b6ef

  • SSDEEP

    98304:qwvH3mjpTxa9ESLRud3Vquj/qwKW00AgwGlPqVfgjE6FC/DxcAbz:pH3mjpTxa9EIwVrJKNgwYT8/lF/

Score
8/10
discoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      RobloxPlayerInstaller.exe

    • Size

      4.5MB

    • MD5

      8d3e0e959c6c08904d0c3af255fee155

    • SHA1

      9e2da713f64afd27e05cb79bc54b6589d86be70a

    • SHA256

      5dd1d199c4d333be86121f55585c5663cd423fcdac57c7ae680dee643a3c5261

    • SHA512

      b28a775494de7289cef3c1a2f5f7e66119a88f841ab2de3dc5974fd21494d7ef435b398fb09b1149f801644c8adf83b866c3a87ca4ff8c2f375f97f2d3d0b6ef

    • SSDEEP

      98304:qwvH3mjpTxa9ESLRud3Vquj/qwKW00AgwGlPqVfgjE6FC/DxcAbz:pH3mjpTxa9EIwVrJKNgwYT8/lF/

    Score
    8/10
    discoveryevasionpersistencetrojan

    • Downloads MZ/PE file

    • Sets file execution options in registry

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks