f80db396abdc9a4d6435426446d88073482e288a3b9fc3d21cf05dbde207bdd0

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 10:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Size

5.1MB
MD5

6e350b85936b588d7cda0beee7c7d716
SHA1

50c00b707df460a8df05271c53ef8fd0996f7dfe
SHA256

f80db396abdc9a4d6435426446d88073482e288a3b9fc3d21cf05dbde207bdd0
SHA512

b0760a5e591779544506b927d3f72348b0e1e7cd0a995a06ed4584ef1fa0391a405b3bcee6d8bdd8d0e193b356b646db495130db7f549732254abc5faf465d63
SSDEEP

98304:k/vt45232uPpqj4BB5Dg+8/nJ6rNbO3yguFbsTD527BWG:AN3ZpHpgNIbEGFuVQBWG

Score

7^/10

discovery evasion trojan

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

RobloxPlayerBeta.exe

pid process

4564 RobloxPlayerBeta.exe
Loads dropped DLL 1 IoCs

Processes:

RobloxPlayerBeta.exe

pid process

4564 RobloxPlayerBeta.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe

Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes:

RobloxPlayerBeta.exe

pid process

4564 RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 18 IoCs

Processes:

RobloxPlayerBeta.exe

pid	process
4564	RobloxPlayerBeta.exe
4564	RobloxPlayerBeta.exe
4564	RobloxPlayerBeta.exe
4564	RobloxPlayerBeta.exe
4564	RobloxPlayerBeta.exe
4564	RobloxPlayerBeta.exe
4564	RobloxPlayerBeta.exe
4564	RobloxPlayerBeta.exe
4564	RobloxPlayerBeta.exe
4564	RobloxPlayerBeta.exe
4564	RobloxPlayerBeta.exe
4564	RobloxPlayerBeta.exe
4564	RobloxPlayerBeta.exe
4564	RobloxPlayerBeta.exe
4564	RobloxPlayerBeta.exe
4564	RobloxPlayerBeta.exe
4564	RobloxPlayerBeta.exe
4564	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

Processes:

2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe

description	ioc	process
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\PlatformContent\pc\textures\water\normal_07.dds	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\StudioToolbox\AssetConfig\CenterPlus.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\ui\VoiceChat\SpeakerNew\Muted.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_2x_4.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\ui\InGameMenu\[email protected]	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\models\AnimationEditor\AnimationEditorGUI.rbxm	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\ExtraContent\textures\ui\LuaApp\graphic\[email protected]	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\avatar\heads\headJ.mesh	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\sounds\volume_slider.ogg	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\AvatarImporter\button_avatarType_border.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\ui\Controls\DesignSystem\Thumbstick1Horizontal.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\ui\TopBar\[email protected]	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\ExtraContent\textures\ui\ImageSet\InGameMenu\img_set_3x_1.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\ui\[email protected]	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\ui\Scroll\[email protected]	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\ui\VoiceChat\Misc\Unmute.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected]	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\PlatformContent\pc\textures\sky\indoor512_rt.tex	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\AnimationEditor\img_eventMarker_inner.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\RoduxDevtools\Redo.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\ExtraContent\textures\ui\LuaChat\graphic\gr-indicator-instudio-12x12.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\CompositorDebugger\clear.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\ui\VoiceChat\MicLight\[email protected]	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\TerrainTools\mtrl_ice.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\ui\ErrorIconSmall.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\ExtraContent\textures\ui\LuaChat\icons\ic-friends.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\families\Roboto.json	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\GameSettings\MoreDetails.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\MaterialGenerator\Materials\Plastic.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected]	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\ExtraContent\textures\ui\LuaApp\graphic\Auth\GridBackground.jpg	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\advancedMove_keysOnly.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\Debugger\Breakpoints\[email protected]	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\TerrainTools\mtrl_ground_2022.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\TerrainTools\mtrl_leafygrass.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\ui\Chat\ToggleChatFlip.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\TagEditor\Remove.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\ui\Settings\Help\[email protected]	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\UserInputPlaybackPlugin\ArrowCursor.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\Debugger\debugger_arrow.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\ui\newBkg_square.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\ExtraContent\textures\ui\LuaChat\icons\[email protected]	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\ExtraContent\textures\ui\LuaChatV2\[email protected]	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\ui\PlayerList\[email protected]	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\ui\Settings\Players\[email protected]	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\ui\VoiceChat\Muted.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\ui\VoiceChat\SpeakerDark\[email protected]	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\Oswald-Regular.ttf	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\IndieFlower-Regular.ttf	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\ui\Emotes\Editor\TenFoot\[email protected]	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\AssetImport\btn_light_resetcam_28x28.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\ExtraContent\textures\ui\ImageSet\LuaApp\img_set_2x_5.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_3x_11.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\fonts\Montserrat-Bold.ttf	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\ExtraContent\textures\ui\LuaChatV2\[email protected]	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\TerrainEditor\mesa.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\TerrainTools\unlocked.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\ui\Controls\PlayStationController\[email protected]	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\content\textures\ui\TopBar\emotesOff.png	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

Processes:

2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe

Modifies registry class 30 IoCs

Processes:

2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol"	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\version = "version-c5a2369e0d774f91"	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-d8aa63d3654646d0\\RobloxPlayerBeta.exe"	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe"	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-d8aa63d3654646d0\\RobloxPlayerBeta.exe\" %1"	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol"	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\version = "version-d8aa63d3654646d0"	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\version = "version-d8aa63d3654646d0"	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe\" %1"	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-d8aa63d3654646d0\\RobloxPlayerBeta.exe"	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-d8aa63d3654646d0\\RobloxPlayerBeta.exe\" %1"	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exeRobloxPlayerBeta.exe

pid	process
2184	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
2184	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
4564	RobloxPlayerBeta.exe
4564	RobloxPlayerBeta.exe

Suspicious use of UnmapMainImage 1 IoCs

Processes:

RobloxPlayerBeta.exe

pid process

4564 RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe

description	pid	process	target process
PID 2184 wrote to memory of 4564	2184	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe	RobloxPlayerBeta.exe
PID 2184 wrote to memory of 4564	2184	2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe	RobloxPlayerBeta.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-23_6e350b85936b588d7cda0beee7c7d716_magniber.exe"
1⤵
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2184

C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\RobloxPlayerBeta.exe" -app
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:4564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1036 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
1⤵
PID:4468

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
Filesize
5.3MB

MD5
0469bb703f1233c733ba4e8cb45afda2

SHA1
a07afd7ecf1d0b740b0e2eddfcde79dcf6e1767f

SHA256
00314da401908da37ebfe9b642506cab81a4467c092719fcf007be045bc4a9e0

SHA512
342c9629e705eb78c7bd52b3efe4a92b6a8bece9933956390450600635e4c0511ca96ccaa25e6920e9d25ccdf444dabfea7b09f8fbcba2f371655f87633b6d67

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\RobloxPlayerBeta.dll
Filesize
17.6MB

MD5
a98207598f6d46d59f869fcd44d0ae31

SHA1
744ac16a7e0626f2d26dd886b20f788f438ebc40

SHA256
c3cdcee3478ed69130cf826f7b3d39cdd2145d65035e9aebfb90dfec118c5c06

SHA512
e5be7c1f322bb061080faad13004f153a171dce21c1019e5b873526e76e8d8c1467d83837eaeff33eebe85fbb0fee4ab578eaf2bc7bab2d6bb78948d803e6333

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\de55b55ef62fb1b17eb3c103f4fc0cef
Filesize
5.7MB

MD5
de55b55ef62fb1b17eb3c103f4fc0cef

SHA1
37dd8656942325f787227b65fc829508d48723a8

SHA256
62f90bf759c32cd1d916627a4456b547a90641e7e94e3cbb2be6ff2033275f0b

SHA512
7c312975a4825ddaaea32ffd48a80a5216a2a385c4556811a16accceee743122c396a41fd5a5b442689603ddbd4a3d0806c29f4e1b251fa824b9fb69abcf81b6

Download Submit
memory/2184-0-0x0000000000400000-0x0000000001050000-memory.dmp

Filesize
12.3MB

Download
memory/2184-61-0x0000000000400000-0x0000000001050000-memory.dmp

Filesize
12.3MB

Download
memory/2184-151-0x0000000000400000-0x0000000001050000-memory.dmp

Filesize
12.3MB

Download
memory/4564-72-0x00007FF9A6840000-0x00007FF9A6850000-memory.dmp

Filesize
64KB

Download
memory/4564-75-0x00007FF9A6890000-0x00007FF9A68C0000-memory.dmp

Filesize
192KB

Download
memory/4564-78-0x00007FF9A6920000-0x00007FF9A6925000-memory.dmp

Filesize
20KB

Download
memory/4564-76-0x00007FF9A6890000-0x00007FF9A68C0000-memory.dmp

Filesize
192KB

Download
memory/4564-74-0x00007FF9A6890000-0x00007FF9A68C0000-memory.dmp

Filesize
192KB

Download
memory/4564-77-0x00007FF9A6890000-0x00007FF9A68C0000-memory.dmp

Filesize
192KB

Download
memory/4564-71-0x00007FF9A6840000-0x00007FF9A6850000-memory.dmp

Filesize
64KB

Download
memory/4564-70-0x00007FF9A6730000-0x00007FF9A6740000-memory.dmp

Filesize
64KB

Download
memory/4564-69-0x00007FF9A6730000-0x00007FF9A6740000-memory.dmp

Filesize
64KB

Download
memory/4564-73-0x00007FF9A6890000-0x00007FF9A68C0000-memory.dmp

Filesize
192KB

Download
memory/4564-83-0x00007FF9A6020000-0x00007FF9A6030000-memory.dmp

Filesize
64KB

Download
memory/4564-86-0x00007FF9A6020000-0x00007FF9A6030000-memory.dmp

Filesize
64KB

Download
memory/4564-82-0x00007FF9A6000000-0x00007FF9A6010000-memory.dmp

Filesize
64KB

Download
memory/4564-89-0x00007FF9A3FF0000-0x00007FF9A4000000-memory.dmp

Filesize
64KB

Download
memory/4564-96-0x00007FF9A4270000-0x00007FF9A42A0000-memory.dmp

Filesize
192KB

Download
memory/4564-97-0x00007FF9A6630000-0x00007FF9A6640000-memory.dmp

Filesize
64KB

Download
memory/4564-103-0x00007FF9A66E0000-0x00007FF9A66EE000-memory.dmp

Filesize
56KB

Download
memory/4564-110-0x00007FF9A5700000-0x00007FF9A570B000-memory.dmp

Filesize
44KB

Download
memory/4564-109-0x00007FF9A5700000-0x00007FF9A570B000-memory.dmp

Filesize
44KB

Download
memory/4564-108-0x00007FF9A5700000-0x00007FF9A570B000-memory.dmp

Filesize
44KB

Download
memory/4564-107-0x00007FF9A5700000-0x00007FF9A570B000-memory.dmp

Filesize
44KB

Download
memory/4564-106-0x00007FF9A5700000-0x00007FF9A570B000-memory.dmp

Filesize
44KB

Download
memory/4564-105-0x00007FF9A56E0000-0x00007FF9A56F0000-memory.dmp

Filesize
64KB

Download
memory/4564-104-0x00007FF9A56E0000-0x00007FF9A56F0000-memory.dmp

Filesize
64KB

Download
memory/4564-102-0x00007FF9A66E0000-0x00007FF9A66EE000-memory.dmp

Filesize
56KB

Download
memory/4564-101-0x00007FF9A66E0000-0x00007FF9A66EE000-memory.dmp

Filesize
56KB

Download
memory/4564-100-0x00007FF9A66E0000-0x00007FF9A66EE000-memory.dmp

Filesize
56KB

Download
memory/4564-99-0x00007FF9A66E0000-0x00007FF9A66EE000-memory.dmp

Filesize
56KB

Download
memory/4564-98-0x00007FF9A6630000-0x00007FF9A6640000-memory.dmp

Filesize
64KB

Download
memory/4564-95-0x00007FF9A4270000-0x00007FF9A42A0000-memory.dmp

Filesize
192KB

Download
memory/4564-94-0x00007FF9A4270000-0x00007FF9A42A0000-memory.dmp

Filesize
192KB

Download
memory/4564-93-0x00007FF9A4270000-0x00007FF9A42A0000-memory.dmp

Filesize
192KB

Download
memory/4564-92-0x00007FF9A4270000-0x00007FF9A42A0000-memory.dmp

Filesize
192KB

Download
memory/4564-91-0x00007FF9A4100000-0x00007FF9A4110000-memory.dmp

Filesize
64KB

Download
memory/4564-90-0x00007FF9A4100000-0x00007FF9A4110000-memory.dmp

Filesize
64KB

Download
memory/4564-88-0x00007FF9A3FF0000-0x00007FF9A4000000-memory.dmp

Filesize
64KB

Download
memory/4564-87-0x00007FF9A6020000-0x00007FF9A6030000-memory.dmp

Filesize
64KB

Download
memory/4564-84-0x00007FF9A6020000-0x00007FF9A6030000-memory.dmp

Filesize
64KB

Download
memory/4564-85-0x00007FF9A6020000-0x00007FF9A6030000-memory.dmp

Filesize
64KB

Download
memory/4564-81-0x00007FF9A6000000-0x00007FF9A6010000-memory.dmp

Filesize
64KB

Download
memory/4564-80-0x00007FF9A5F70000-0x00007FF9A5F80000-memory.dmp

Filesize
64KB

Download
memory/4564-119-0x00007FF9A4750000-0x00007FF9A4776000-memory.dmp

Filesize
152KB

Download
memory/4564-118-0x00007FF9A4750000-0x00007FF9A4776000-memory.dmp

Filesize
152KB

Download
memory/4564-117-0x00007FF9A4750000-0x00007FF9A4776000-memory.dmp

Filesize
152KB

Download
memory/4564-116-0x00007FF9A4750000-0x00007FF9A4776000-memory.dmp

Filesize
152KB

Download
memory/4564-115-0x00007FF9A4750000-0x00007FF9A4776000-memory.dmp

Filesize
152KB

Download
memory/4564-114-0x00007FF9A4720000-0x00007FF9A4730000-memory.dmp

Filesize
64KB

Download
memory/4564-113-0x00007FF9A4720000-0x00007FF9A4730000-memory.dmp

Filesize
64KB

Download
memory/4564-112-0x00007FF9A4620000-0x00007FF9A4630000-memory.dmp

Filesize
64KB

Download
memory/4564-111-0x00007FF9A4620000-0x00007FF9A4630000-memory.dmp

Filesize
64KB

Download
memory/4564-79-0x00007FF9A5F70000-0x00007FF9A5F80000-memory.dmp

Filesize
64KB

Download
memory/4564-130-0x00007FF9A4470000-0x00007FF9A4492000-memory.dmp

Filesize
136KB

Download
memory/4564-132-0x00007FF9A6720000-0x00007FF9A6721000-memory.dmp

Filesize
4KB

Download
memory/4564-131-0x00007FF9A4470000-0x00007FF9A4492000-memory.dmp

Filesize
136KB

Download
memory/4564-129-0x00007FF9A4470000-0x00007FF9A4492000-memory.dmp

Filesize
136KB

Download
memory/4564-128-0x00007FF9A4470000-0x00007FF9A4492000-memory.dmp

Filesize
136KB

Download
memory/4564-127-0x00007FF9A4470000-0x00007FF9A4492000-memory.dmp

Filesize
136KB

Download
memory/4564-124-0x00007FF9A3F60000-0x00007FF9A3F87000-memory.dmp

Filesize
156KB

Download
memory/4564-125-0x00007FF9A3F60000-0x00007FF9A3F87000-memory.dmp

Filesize
156KB

Download
memory/4564-123-0x00007FF9A3F60000-0x00007FF9A3F87000-memory.dmp

Filesize
156KB

Download
memory/4564-122-0x00007FF9A3F60000-0x00007FF9A3F87000-memory.dmp

Filesize
156KB

Download
memory/4564-121-0x00007FF9A3F60000-0x00007FF9A3F87000-memory.dmp

Filesize
156KB

Download
memory/4564-120-0x00007FF9A3F60000-0x00007FF9A3F87000-memory.dmp

Filesize
156KB

Download
memory/4564-126-0x00007FF9A3F60000-0x00007FF9A3F87000-memory.dmp

Filesize
156KB

Download