Overview

overview

7

Static

static

3

RobloxPlay...er.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    22s
  • max time network
    20s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240611-en
  • resource tags

    arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    20/06/2024, 04:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RobloxPlayerLauncher.exe

  • Size

    884KB

  • MD5

    e08730e0e3ee36a477cda966403acd1a

  • SHA1

    9cbdb2886acd340c11cb70235655192605e72fd6

  • SHA256

    4516b047f0e42c7da52071c388602ca575af53944d869aee5e687ce6eefe6f84

  • SHA512

    958324fdd4fc82cda708f58de058767f309d6df50f9746738f62187bd932b71eb1d20869ff62dc7237ce9bcd8afdd6386c2b5c16734e304c5fad347b695da715

  • SSDEEP

    12288:Vc7BKHlWKdQ10neuMpsUhRF55g+BqeWaTsS+6bS+EMDk7l:Vc7C1Q10neuUsUhRFjCaTU6W+EMDk7

Score
7/10
discoveryevasionpersistenceprivilege_escalationspywarestealertrojan

Malware Config

Signatures

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 10 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe"
    1⤵
    • Checks whether UAC is enabled
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    PID:2960

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Roblox\Versions\version-2608e90bc20e49a7\PlatformContent\pc\textures\cobblestone\normaldetail.dds
    Filesize

    176B

    MD5

    620e055b9e500e85a131d8be2a65c11e

    SHA1

    d7fa8af56bfcfd48f38931e3ef8606585664a248

    SHA256

    2a51ad9239a2102af2c08ee23e18407c3500770a931332a722c643ffca90a60e

    SHA512

    551a93a5cffbc008f6d6b122f4c45d686faf1ef5a90975b8b2ef906123d7981e40efc644494957544832f5f605dac434714239a17baea97fcb38175d589d8794

    Download Submit

  • C:\Program Files (x86)\Roblox\Versions\version-2608e90bc20e49a7\RobloxPlayerLauncher.exe
    Filesize

    884KB

    MD5

    e08730e0e3ee36a477cda966403acd1a

    SHA1

    9cbdb2886acd340c11cb70235655192605e72fd6

    SHA256

    4516b047f0e42c7da52071c388602ca575af53944d869aee5e687ce6eefe6f84

    SHA512

    958324fdd4fc82cda708f58de058767f309d6df50f9746738f62187bd932b71eb1d20869ff62dc7237ce9bcd8afdd6386c2b5c16734e304c5fad347b695da715

    Download Submit

  • C:\Program Files (x86)\Roblox\Versions\version-2608e90bc20e49a7\content\textures\ArrowCursor.png
    Filesize

    283B

    MD5

    b1f62754035b8d2f1326af35263155a0

    SHA1

    7d54aafa89cbe40ac25008bdace179f0fca0a809

    SHA256

    f0e82a0c5d05ca94dd997e8c3a55dddf43754484e93d8ab36941a5279bcd8c78

    SHA512

    815eeeb9e15ab9347c18cc5261408ea6e9b28ed747b97395a43fb754056c36ab710a2652fc0347309351c965b4cc5f7c8c3ab4a2186e705c1943fa2f1bd6e09a

    Download Submit

  • C:\Program Files (x86)\Roblox\Versions\version-2608e90bc20e49a7\content\textures\Exit_dn.png
    Filesize

    3KB

    MD5

    d36e2398b06c451a10a9f0d0fb57856c

    SHA1

    f5d0d7f8715df7425c5cc91d0ed1e0116bad44dd

    SHA256

    0b54cf53004a2efbeed2dad4344b0745f3b15488ec1e8505e437308c599f3184

    SHA512

    bffe5dc56ebacaf43b069212d4e17317b48ea4771b6a82ca39fdb871fe0ef3444555d580f0ad5a79f6d1837b53e473eeab589e9af55f1ec5c5d9a8a3ca2affe7

    Download Submit

  • C:\Program Files (x86)\Roblox\Versions\version-2608e90bc20e49a7\content\textures\ui\SettingsButton_dn.png
    Filesize

    3KB

    MD5

    172789ea92d3e10366147165933c7913

    SHA1

    f81fcad555b52d5322349eda05ade9a89d5f4da9

    SHA256

    800cee001c48f5cd749929bea4c6b782becef96fdf7072b39a515082b6925f15

    SHA512

    72e0a776a9d21a696854db9a54e16a9313ece1cdf4d23236efb281551e85e171f4578e3b10c5a48ec8a7c7ca236b90cbe8186f99ed63e740389c3e7e6d4e3d94

    Download Submit

  • C:\Program Files (x86)\Roblox\Versions\version-2608e90bc20e49a7\content\textures\ui\Slider_dn.png
    Filesize

    1KB

    MD5

    1b1d274287e578b30666e664eb8c6466

    SHA1

    fa5283c6c56ac54e4fc8f4239e8b3dc82bb700cc

    SHA256

    e191ccaa92c0a1366673d6a1c7374dd7e5fec2a9c39980b17584398492a22af7

    SHA512

    8b1b6365838dcd2c05e874ae27b99cfa1fc2bb13807840c01f75c9f0673372c913ceae8f8f269c5276971869a8216ce761959929629196805bd3820c72566cc9

    Download Submit

  • C:\Program Files (x86)\Roblox\Versions\version-2608e90bc20e49a7\content\textures\ui\scrollbuttonDown_dn.png
    Filesize

    1KB

    MD5

    4b1ea5c4ab2e2ef715d4df68ab39165f

    SHA1

    e8859bdbda1e297decdc35d7ca34820771a31221

    SHA256

    a6198e5b99c10db095aa2b80251534f670425a746f0ab0f66b0f458b9ae5b7e7

    SHA512

    641f9cbe0bc221491592ed2a86f21940a7de38cf72f55d614dc3bf6f705c4a4c7b630e5c72b78ccc9cdcd1eef553330951d9221700d8bee0fad4e2443c13da6d

    Download Submit

  • C:\Program Files (x86)\Roblox\Versions\version-2608e90bc20e49a7\content\textures\ui\scrollbuttonUp_dn.png
    Filesize

    1KB

    MD5

    8540a19e338e00a7e1184cc8d3f7048a

    SHA1

    911168941080c7a56a5c96e2e523c0c73e9d30ff

    SHA256

    2dec5468ea7310616708b7f8a6224f90628035826a3b885b622d1b1ae124d29a

    SHA512

    e9495b3ad4b62961fd26262e687d02c62355838f48511facef731abcc4f880c167489140c40e4715c4b408f0ab0a625cba76952a795591177edec23bb4b33c50

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RBX-835446F7.tmp
    Filesize

    3.7MB

    MD5

    fb31004ef97707265d32be105936f619

    SHA1

    2a7fe622c66372237fb717af36323942c4133ac9

    SHA256

    6e2faca77ee16f583f3d20e8068702bc49a2f37476bc3f69d39366f13107c521

    SHA512

    24a664dfc1fe8b74750e03d579c848f036bf57039099da31f878b2ea3ed0b2a925a1cf96e1c1853004cba0532efdbdca40868494e5148d732677716dd4ac1be2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RBX-FCD69C75.tmp
    Filesize

    448KB

    MD5

    4f84e193d34c9f9c4761916925fdeec8

    SHA1

    d7a2582e517c6cd2f2c1129d96c3105e2a39ef50

    SHA256

    b3d0c02462f2d5ac021b0ff5578a39886574f3abe9c3213f552db990d4085871

    SHA512

    f839c3378290472da1241d146558d3a88ef800dd650064d6228134855f735e0d927a5f50613bf04c5473bfc68957f9a2ebcd86ebd88c9b685231236bf03f68c1

    Download Submit