Analysis
-
max time kernel
1809s -
max time network
1827s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12/01/2024, 19:02 UTC
Static task
static1
Behavioral task
behavioral1
Sample
RobloxApp_client.exe
Resource
win7-20231215-en
1 signatures
1800 seconds
General
-
Target
RobloxApp_client.exe
-
Size
10.5MB
-
MD5
4ea993a2a09585a906c94b7d918b60f1
-
SHA1
74f2560d41b6b7d721fc76b6cd1591a0e2c9d2b0
-
SHA256
46b9742190bda8c4a1cd73c5b911a1cd668bf90c992b9e5afc718069cff0d23a
-
SHA512
0f19587ee651fec58c9de040db5b29caacab836c53935057d4b10fe9b1fea846a48dcb7dfe8ff346cef98ce78ddd4dac0514b6cc073a86766686e4e457587e65
-
SSDEEP
98304:HlDTNcxnGodz+xUlWzuQdu9Gkyw1/UOD1GqbRScznrhbmMoKCAx:Hl0bxH1/PGqFSIr5oKBx
Score
6/10
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
Processes
-
C:\Users\Admin\AppData\Local\Temp\RobloxApp_client.exe"C:\Users\Admin\AppData\Local\Temp\RobloxApp_client.exe"1⤵PID:2752
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4304 --field-trial-handle=1352,i,15609994694416141511,10166512350567915651,131072 /prefetch:81⤵PID:2928
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4420 --field-trial-handle=1352,i,15609994694416141511,10166512350567915651,131072 /prefetch:81⤵PID:3064
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2544 --field-trial-handle=1352,i,15609994694416141511,10166512350567915651,131072 /prefetch:81⤵PID:2368
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=1352,i,15609994694416141511,10166512350567915651,131072 /prefetch:81⤵PID:2280
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=1524 --field-trial-handle=1352,i,15609994694416141511,10166512350567915651,131072 /prefetch:11⤵PID:884
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=3736 --field-trial-handle=1352,i,15609994694416141511,10166512350567915651,131072 /prefetch:11⤵PID:2732
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3520 --field-trial-handle=1352,i,15609994694416141511,10166512350567915651,131072 /prefetch:81⤵PID:2080
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3776 --field-trial-handle=1352,i,15609994694416141511,10166512350567915651,131072 /prefetch:11⤵PID:1688
Network
-
Remote address:8.8.8.8:53Requestwww.google.comIN AResponsewww.google.comIN A142.250.178.4
-
Remote address:8.8.8.8:53Requestcontent-autofill.googleapis.comIN AResponsecontent-autofill.googleapis.comIN A142.250.200.42content-autofill.googleapis.comIN A142.250.200.10content-autofill.googleapis.comIN A216.58.201.106content-autofill.googleapis.comIN A216.58.204.74content-autofill.googleapis.comIN A172.217.169.42content-autofill.googleapis.comIN A142.250.179.234content-autofill.googleapis.comIN A142.250.180.10content-autofill.googleapis.comIN A142.250.187.202content-autofill.googleapis.comIN A142.250.187.234content-autofill.googleapis.comIN A172.217.16.234content-autofill.googleapis.comIN A142.250.178.10
-
Remote address:8.8.8.8:53Requestbeacons.gcp.gvt2.comIN AResponsebeacons.gcp.gvt2.comIN CNAMEbeacons-handoff.gcp.gvt2.combeacons-handoff.gcp.gvt2.comIN A192.178.49.3
-
Remote address:8.8.8.8:53Requestconsent.google.comIN AResponseconsent.google.comIN A142.250.178.14
-
Remote address:8.8.8.8:53Requestconsent.google.comIN A
-
Remote address:8.8.8.8:53Requestapis.google.comIN AResponseapis.google.comIN CNAMEplus.l.google.complus.l.google.comIN A172.253.116.139plus.l.google.comIN A172.253.116.113plus.l.google.comIN A172.253.116.101plus.l.google.comIN A172.253.116.102plus.l.google.comIN A172.253.116.100plus.l.google.comIN A172.253.116.138
-
Remote address:8.8.8.8:53Requestid.google.comIN AResponseid.google.comIN A172.253.116.94
-
Remote address:8.8.8.8:53Requesti.ytimg.comIN AResponsei.ytimg.comIN A172.217.16.246i.ytimg.comIN A142.250.178.22i.ytimg.comIN A142.250.200.54i.ytimg.comIN A142.250.200.22i.ytimg.comIN A216.58.201.118i.ytimg.comIN A216.58.204.86i.ytimg.comIN A216.58.213.22i.ytimg.comIN A216.58.212.214i.ytimg.comIN A172.217.169.86i.ytimg.comIN A142.250.179.246i.ytimg.comIN A142.250.180.22i.ytimg.comIN A142.250.187.214i.ytimg.comIN A142.250.187.246
-
Remote address:8.8.8.8:53Requestwww.youtube.comIN AResponsewww.youtube.comIN CNAMEyoutube-ui.l.google.comyoutube-ui.l.google.comIN A172.217.169.46youtube-ui.l.google.comIN A142.250.179.238youtube-ui.l.google.comIN A142.250.180.14youtube-ui.l.google.comIN A142.250.187.206youtube-ui.l.google.comIN A142.250.187.238youtube-ui.l.google.comIN A172.217.16.238youtube-ui.l.google.comIN A142.250.178.14youtube-ui.l.google.comIN A142.250.200.46youtube-ui.l.google.comIN A142.250.200.14youtube-ui.l.google.comIN A216.58.201.110youtube-ui.l.google.comIN A216.58.204.78youtube-ui.l.google.comIN A216.58.213.14youtube-ui.l.google.comIN A172.217.169.14youtube-ui.l.google.comIN A216.58.212.206youtube-ui.l.google.comIN A216.58.212.238
-
Remote address:8.8.8.8:53Requestgoogleads.g.doubleclick.netIN AResponsegoogleads.g.doubleclick.netIN A172.217.16.226
-
Remote address:8.8.8.8:53Requeststatic.doubleclick.netIN AResponsestatic.doubleclick.netIN A172.217.16.230
-
Remote address:8.8.8.8:53Requestjnn-pa.googleapis.comIN AResponsejnn-pa.googleapis.comIN A142.250.187.234jnn-pa.googleapis.comIN A172.217.16.234jnn-pa.googleapis.comIN A142.250.178.10jnn-pa.googleapis.comIN A142.250.200.42jnn-pa.googleapis.comIN A142.250.200.10jnn-pa.googleapis.comIN A216.58.201.106jnn-pa.googleapis.comIN A216.58.204.74jnn-pa.googleapis.comIN A216.58.212.202jnn-pa.googleapis.comIN A216.58.212.234jnn-pa.googleapis.comIN A142.250.179.234jnn-pa.googleapis.comIN A142.250.180.10jnn-pa.googleapis.comIN A142.250.187.202
-
Remote address:8.8.8.8:53Requestitch.ioIN AResponseitch.ioIN A173.255.250.29
-
Remote address:8.8.8.8:53Requeststatic.itch.ioIN AResponsestatic.itch.ioIN A104.26.8.198static.itch.ioIN A104.26.9.198static.itch.ioIN A172.67.69.99
-
Remote address:8.8.8.8:53Requestimg.itch.zoneIN AResponseimg.itch.zoneIN CNAMEimg.itch.zone.edgesuite.netimg.itch.zone.edgesuite.netIN CNAMEa262.dscb.akamai.neta262.dscb.akamai.netIN A104.77.160.220a262.dscb.akamai.netIN A104.77.160.201
-
Remote address:8.8.8.8:53Requestapps.identrust.comIN AResponseapps.identrust.comIN CNAMEidentrust.edgesuite.netidentrust.edgesuite.netIN CNAMEa1952.dscq.akamai.neta1952.dscq.akamai.netIN A96.17.179.205a1952.dscq.akamai.netIN A96.17.179.184
-
Remote address:96.17.179.205:80RequestGET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
ResponseHTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Fri, 12 Jan 2024 20:06:40 GMT
Date: Fri, 12 Jan 2024 19:06:40 GMT
Connection: keep-alive
-
Remote address:8.8.8.8:53Requestregion1.google-analytics.comIN AResponseregion1.google-analytics.comIN A216.239.32.36region1.google-analytics.comIN A216.239.34.36
-
Remote address:8.8.8.8:53Requestbeacons.gvt2.comIN AResponsebeacons.gvt2.comIN A172.217.169.35
-
Remote address:8.8.8.8:53Requestsites.google.comIN AResponsesites.google.comIN A172.217.16.238
-
Remote address:8.8.8.8:53Requestlh3.googleusercontent.comIN AResponselh3.googleusercontent.comIN CNAMEgooglehosted.l.googleusercontent.comgooglehosted.l.googleusercontent.comIN A216.58.201.97
-
Remote address:8.8.8.8:53Requestplay.google.comIN AResponseplay.google.comIN A142.250.200.14
-
Remote address:8.8.8.8:53Requestssl.gstatic.comIN AResponsessl.gstatic.comIN A216.58.212.195
-
Remote address:8.8.8.8:53Requestgoogle.comIN AResponsegoogle.comIN A216.58.201.110
-
Remote address:8.8.8.8:53Requestlh4.googleusercontent.comIN AResponselh4.googleusercontent.comIN CNAMEgooglehosted.l.googleusercontent.comgooglehosted.l.googleusercontent.comIN A216.58.201.97
-
Remote address:8.8.8.8:53Requestlh4.googleusercontent.comIN A
-
Remote address:8.8.8.8:53Requestbeacons2.gvt2.comIN AResponsebeacons2.gvt2.comIN A216.239.32.117beacons2.gvt2.comIN A216.239.34.117beacons2.gvt2.comIN A216.239.38.117beacons2.gvt2.comIN A216.239.36.117
-
Remote address:8.8.8.8:53Requestbeacons2.gvt2.comIN A
-
Remote address:8.8.8.8:53Requestbeacons.gcp.gvt2.comIN AResponsebeacons.gcp.gvt2.comIN CNAMEbeacons-handoff.gcp.gvt2.combeacons-handoff.gcp.gvt2.comIN A172.217.169.67
-
Remote address:8.8.8.8:53Requestclients2.google.comIN AResponseclients2.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A142.250.200.14
-
Remote address:8.8.8.8:53Requestbeacons3.gvt2.comIN AResponsebeacons3.gvt2.comIN A216.58.212.195
-
999 B 4.8kB 9 9
-
3.2kB 8.0kB 28 30
-
839 B 1.6kB 7 5
-
9.9kB 8.7kB 49 39
-
3.3kB 12.7kB 31 31
-
2.5kB 9.8kB 21 23
-
1.4kB 2.9kB 11 7
-
2.7kB 12.1kB 22 24
-
2.0kB 7.2kB 19 20
-
2.0kB 7.1kB 19 18
-
5.3kB 28.5kB 27 32
-
2.1kB 6.2kB 11 12
-
10.2kB 273.3kB 173 232
-
943 B 2.9kB 8 6
-
943 B 2.9kB 8 6
-
943 B 2.9kB 8 6
-
943 B 2.9kB 8 6
-
98 B 52 B 2 1
-
98 B 52 B 2 1
-
98 B 52 B 2 1
-
98 B 52 B 2 1
-
23.7kB 880.8kB 454 701
-
1.2kB 6.4kB 13 13
-
5.5kB 111.1kB 85 107
-
369 B 1.6kB 5 4
HTTP Request
GET http://apps.identrust.com/roots/dstrootcax3.p7cHTTP Response
200 -
3.3kB 7.5kB 24 23
-
1.9kB 7.1kB 16 16
-
2.5kB 6.7kB 21 20
-
4.8kB 27.3kB 38 40
-
1.3kB 2.6kB 10 7
-
1.8kB 1.8kB 11 8
-
2.1kB 1.0kB 9 6
-
2.6kB 9.1kB 22 23
-
7.1kB 139.3kB 103 114
-
1.3kB 9.3kB 15 12
-
3.0kB 10.0kB 25 24
-
1.3kB 1.6kB 9 6
-
2.0kB 6.7kB 20 20
-
60 B 76 B 1 1
DNS Request
www.google.com
DNS Response
142.250.178.4
-
204 B 3
-
9.6kB 100.9kB 70 99
-
4.6kB 139.0kB 43 133
-
77 B 253 B 1 1
DNS Request
content-autofill.googleapis.com
DNS Response
142.250.200.42142.250.200.10216.58.201.106216.58.204.74172.217.169.42142.250.179.234142.250.180.10142.250.187.202142.250.187.234172.217.16.234142.250.178.10
-
66 B 112 B 1 1
DNS Request
beacons.gcp.gvt2.com
DNS Response
192.178.49.3
-
81.4kB 2.1MB 515 1924
-
128 B 80 B 2 1
DNS Request
consent.google.com
DNS Request
consent.google.com
DNS Response
142.250.178.14
-
61 B 178 B 1 1
DNS Request
apis.google.com
DNS Response
172.253.116.139172.253.116.113172.253.116.101172.253.116.102172.253.116.100172.253.116.138
-
5.1kB 51.0kB 30 44
-
6.9kB 50.7kB 34 54
-
59 B 75 B 1 1
DNS Request
id.google.com
DNS Response
172.253.116.94
-
57 B 265 B 1 1
DNS Request
i.ytimg.com
DNS Response
172.217.16.246142.250.178.22142.250.200.54142.250.200.22216.58.201.118216.58.204.86216.58.213.22216.58.212.214172.217.169.86142.250.179.246142.250.180.22142.250.187.214142.250.187.246
-
61 B 335 B 1 1
DNS Request
www.youtube.com
DNS Response
172.217.169.46142.250.179.238142.250.180.14142.250.187.206142.250.187.238172.217.16.238142.250.178.14142.250.200.46142.250.200.14216.58.201.110216.58.204.78216.58.213.14172.217.169.14216.58.212.206216.58.212.238
-
34.0kB 1.1MB 206 916
-
3.0kB 6.7kB 7 7
-
73 B 89 B 1 1
DNS Request
googleads.g.doubleclick.net
DNS Response
172.217.16.226
-
68 B 84 B 1 1
DNS Request
static.doubleclick.net
DNS Response
172.217.16.230
-
67 B 259 B 1 1
DNS Request
jnn-pa.googleapis.com
DNS Response
142.250.187.234172.217.16.234142.250.178.10142.250.200.42142.250.200.10216.58.201.106216.58.204.74216.58.212.202216.58.212.234142.250.179.234142.250.180.10142.250.187.202
-
3.4kB 7.3kB 7 10
-
53 B 69 B 1 1
DNS Request
itch.io
DNS Response
173.255.250.29
-
60 B 108 B 1 1
DNS Request
static.itch.io
DNS Response
104.26.8.198104.26.9.198172.67.69.99
-
59 B 163 B 1 1
DNS Request
img.itch.zone
DNS Response
104.77.160.220104.77.160.201
-
64 B 165 B 1 1
DNS Request
apps.identrust.com
DNS Response
96.17.179.20596.17.179.184
-
74 B 106 B 1 1
DNS Request
region1.google-analytics.com
DNS Response
216.239.32.36216.239.34.36
-
62 B 78 B 1 1
DNS Request
beacons.gvt2.com
DNS Response
172.217.169.35
-
2.8kB 8.7kB 11 13
-
62 B 78 B 1 1
DNS Request
sites.google.com
DNS Response
172.217.16.238
-
7.6kB 10.1kB 21 16
-
4.2kB 6.5kB 6 7
-
8.4kB 129.4kB 66 107
-
71 B 116 B 1 1
DNS Request
lh3.googleusercontent.com
DNS Response
216.58.201.97
-
7.1kB 7.4kB 13 8
-
3.6kB 3.0kB 11 8
-
61 B 77 B 1 1
DNS Request
play.google.com
DNS Response
142.250.200.14
-
32.5kB 11.0kB 43 32
-
25.8kB 12.3kB 33 26
-
61 B 77 B 1 1
DNS Request
ssl.gstatic.com
DNS Response
216.58.212.195
-
27.0kB 22.6kB 54 51
-
4.3kB 2.5kB 8 5
-
56 B 72 B 1 1
DNS Request
google.com
DNS Response
216.58.201.110
-
4.0kB 3.7kB 15 11
-
21.9kB 4.0kB 27 21
-
142 B 116 B 2 1
DNS Request
lh4.googleusercontent.com
DNS Request
lh4.googleusercontent.com
DNS Response
216.58.201.97
-
7.1kB 132.1kB 65 107
-
126 B 127 B 2 1
DNS Request
beacons2.gvt2.com
DNS Request
beacons2.gvt2.com
DNS Response
216.239.32.117216.239.34.117216.239.38.117216.239.36.117
-
3.9kB 7.4kB 10 11
-
66 B 112 B 1 1
DNS Request
beacons.gcp.gvt2.com
DNS Response
172.217.169.67
-
3.1kB 8.2kB 8 11
-
4.1kB 7.4kB 11 11
-
65 B 105 B 1 1
DNS Request
clients2.google.com
DNS Response
142.250.200.14
-
2.5kB 10.9kB 14 15
-
2.7kB 3.8kB 11 12
-
63 B 79 B 1 1
DNS Request
beacons3.gvt2.com
DNS Response
216.58.212.195