Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
6Static
static
3Netflix-CE...TI.dll
windows11-21h2-x64
1Netflix-CE...ace.js
windows11-21h2-x64
1Netflix-CE...nfo.js
windows11-21h2-x64
1Netflix-CE...rch.js
windows11-21h2-x64
1Netflix-CE...log.js
windows11-21h2-x64
1Netflix-CE...ian.js
windows11-21h2-x64
1Netflix-CE...are.js
windows11-21h2-x64
1Netflix-CE...unt.js
windows11-21h2-x64
1Netflix-CE...nts.js
windows11-21h2-x64
1Netflix-CE...ist.js
windows11-21h2-x64
1Netflix-CE...ons.js
windows11-21h2-x64
1Netflix-CE...ion.js
windows11-21h2-x64
1Netflix-CE...ish.js
windows11-21h2-x64
1Netflix-CE...ats.js
windows11-21h2-x64
1Netflix-CE...sts.js
windows11-21h2-x64
1Netflix-CE...nfo.js
windows11-21h2-x64
1Netflix-CE...rch.js
windows11-21h2-x64
1Netflix-CE...rpm.js
windows11-21h2-x64
1Netflix-CE...ava.js
windows11-21h2-x64
1Netflix-CE...fs.dll
windows11-21h2-x64
1Netflix-CE...ipt.js
windows11-21h2-x64
1Netflix-CE...can.js
windows11-21h2-x64
1Netflix-CE...ode.js
windows11-21h2-x64
1Netflix-CE...ram.js
windows11-21h2-x64
1Netflix-CE...ap2.js
windows11-21h2-x64
1Netflix-CE...x3.dll
windows11-21h2-x64
3Netflix-CE...x6.dll
windows11-21h2-x64
1Netflix-CE...io.exe
windows11-21h2-x64
6Netflix-CE/defines.js
windows11-21h2-x64
1Resubmissions
01/05/2024, 14:05
240501-rd1ebagd9t 601/05/2024, 13:01
240501-p9erdafd4t 601/05/2024, 13:01
240501-p87e1afd3y 6Analysis
-
max time kernel
299s -
max time network
203s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
01/05/2024, 13:01
Static task
static1
Behavioral task
behavioral1
Sample
Netflix-CE/Interno/CEJVMTI.dll
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral2
Sample
Netflix-CE/Interno/DotNetInterface.js
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
Netflix-CE/Interno/JavaInfo.js
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral4
Sample
Netflix-CE/Interno/JavaSearch.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
Netflix-CE/Interno/MethodInvokeDialog.js
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral6
Sample
Netflix-CE/Interno/bigendian.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
Netflix-CE/Interno/ceshare.js
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral8
Sample
Netflix-CE/Interno/ceshare/ceshare_account.js
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
Netflix-CE/Interno/ceshare/ceshare_comments.js
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral10
Sample
Netflix-CE/Interno/ceshare/ceshare_fulltablelist.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
Netflix-CE/Interno/ceshare/ceshare_permissions.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral12
Sample
Netflix-CE/Interno/ceshare/ceshare_processlistextention.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
Netflix-CE/Interno/ceshare/ceshare_publish.js
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral14
Sample
Netflix-CE/Interno/ceshare/ceshare_querycheats.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
Netflix-CE/Interno/ceshare/ceshare_requests.js
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral16
Sample
Netflix-CE/Interno/dotnetinfo.js
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
Netflix-CE/Interno/dotnetsearch.js
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral18
Sample
Netflix-CE/Interno/emurpm.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
Netflix-CE/Interno/java.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral20
Sample
Netflix-CE/Interno/lfs.dll
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
Netflix-CE/Interno/monoscript.js
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral22
Sample
Netflix-CE/Interno/patchscan.js
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral23
Sample
Netflix-CE/Interno/pseudocode.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral24
Sample
Netflix-CE/Interno/pseudocodediagram.js
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral25
Sample
Netflix-CE/Interno/ultimap2.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral26
Sample
Netflix-CE/Netflix3.dll
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral27
Sample
Netflix-CE/Netflix6.dll
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral28
Sample
Netflix-CE/RobloxStudio.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral29
Sample
Netflix-CE/defines.js
Resource
win11-20240419-en
windows11-21h2-x64
General
-
Target
Netflix-CE/RobloxStudio.exe
-
Size
16.1MB
-
MD5
6541cc901f3aa6886117faa56f17a64b
-
SHA1
303610ca41286e04ddaacddca45c15057ff58c9b
-
SHA256
7b057db5dee28fdc51198f53eab913983a3e8e490a3ea054304597e733eb9938
-
SHA512
9fcfd1489fc80e41926fb72d29026b4a1ffb2b5a4f8843911d82c6f5dcd20a344272b21384b4d93dd9409fbd8a0bda2281d82f6d155aa5d4ed30f092a0d918a8
-
SSDEEP
393216:b3Z8A06vEQ3ITvzx46SxiILGRKuc3WcK8q:b3ZIzx46YNLRW3N
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 1 pastebin.com 2 pastebin.com -
Drops file in System32 directory 42 IoCs
description ioc Process File opened for modification C:\Windows\SYSTEM32\winmm.dll RobloxStudio.exe File opened for modification C:\Windows\SYSTEM32\wininet.dll RobloxStudio.exe File opened for modification C:\Windows\SYSTEM32\hhctrl.ocx RobloxStudio.exe File opened for modification C:\Windows\System32\bcryptPrimitives.dll RobloxStudio.exe File opened for modification C:\Windows\System32\ucrtbase.dll RobloxStudio.exe File opened for modification C:\Windows\System32\ws2_32.dll RobloxStudio.exe File opened for modification C:\Windows\SYSTEM32\Dbghelp.dll RobloxStudio.exe File opened for modification C:\Windows\SYSTEM32\uxtheme.dll RobloxStudio.exe File opened for modification C:\Windows\SYSTEM32\dxcore.dll RobloxStudio.exe File opened for modification C:\Windows\SYSTEM32\msimg32.dll RobloxStudio.exe File opened for modification C:\Windows\System32\clbcatq.dll RobloxStudio.exe File opened for modification C:\Windows\SYSTEM32\ntdll.dll RobloxStudio.exe File opened for modification C:\Windows\System32\shcore.dll RobloxStudio.exe File opened for modification C:\Windows\System32\sechost.dll RobloxStudio.exe File opened for modification C:\Windows\System32\imm32.dll RobloxStudio.exe File opened for modification C:\Windows\System32\comdlg32.dll RobloxStudio.exe File opened for modification C:\Windows\SYSTEM32\wsock32.dll RobloxStudio.exe File opened for modification C:\Windows\SYSTEM32\kernel.appcore.dll RobloxStudio.exe File opened for modification C:\Windows\System32\GDI32.dll RobloxStudio.exe File opened for modification C:\Windows\System32\advapi32.dll RobloxStudio.exe File opened for modification C:\Windows\System32\msvcrt.dll RobloxStudio.exe File opened for modification C:\Windows\System32\ole32.dll RobloxStudio.exe File opened for modification C:\Windows\SYSTEM32\version.dll RobloxStudio.exe File opened for modification C:\Windows\SYSTEM32\windows.storage.dll RobloxStudio.exe File opened for modification C:\Windows\SYSTEM32\wintypes.dll RobloxStudio.exe File opened for modification C:\Windows\System32\MSCTF.dll RobloxStudio.exe File opened for modification C:\Windows\System32\KERNELBASE.dll RobloxStudio.exe File opened for modification C:\Windows\System32\oleaut32.dll RobloxStudio.exe File opened for modification C:\Windows\System32\SHLWAPI.dll RobloxStudio.exe File opened for modification C:\Windows\System32\KERNEL32.DLL RobloxStudio.exe File opened for modification C:\Windows\System32\win32u.dll RobloxStudio.exe File opened for modification C:\Windows\System32\shell32.dll RobloxStudio.exe File opened for modification C:\Windows\System32\psapi.dll RobloxStudio.exe File opened for modification C:\Windows\system32\explorerframe.dll RobloxStudio.exe File opened for modification C:\Windows\System32\msvcp_win.dll RobloxStudio.exe File opened for modification C:\Windows\System32\combase.dll RobloxStudio.exe File opened for modification C:\Windows\System32\gdi32full.dll RobloxStudio.exe File opened for modification C:\Windows\SYSTEM32\opengl32.dll RobloxStudio.exe File opened for modification C:\Windows\SYSTEM32\GLU32.dll RobloxStudio.exe File opened for modification C:\Windows\SYSTEM32\PROPSYS.dll RobloxStudio.exe File opened for modification C:\Windows\System32\RPCRT4.dll RobloxStudio.exe File opened for modification C:\Windows\System32\user32.dll RobloxStudio.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.22000.1_none_271a8fad6a2d1b1e\comctl32.dll RobloxStudio.exe -
Suspicious use of AdjustPrivilegeToken 16 IoCs
description pid Process Token: SeDebugPrivilege 240 RobloxStudio.exe Token: SeTcbPrivilege 240 RobloxStudio.exe Token: SeTcbPrivilege 240 RobloxStudio.exe Token: SeLoadDriverPrivilege 240 RobloxStudio.exe Token: SeCreateGlobalPrivilege 240 RobloxStudio.exe Token: SeLockMemoryPrivilege 240 RobloxStudio.exe Token: 33 240 RobloxStudio.exe Token: SeSecurityPrivilege 240 RobloxStudio.exe Token: SeTakeOwnershipPrivilege 240 RobloxStudio.exe Token: SeManageVolumePrivilege 240 RobloxStudio.exe Token: SeBackupPrivilege 240 RobloxStudio.exe Token: SeCreatePagefilePrivilege 240 RobloxStudio.exe Token: SeShutdownPrivilege 240 RobloxStudio.exe Token: SeRestorePrivilege 240 RobloxStudio.exe Token: 33 240 RobloxStudio.exe Token: SeIncBasePriorityPrivilege 240 RobloxStudio.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 240 RobloxStudio.exe