ad927962330c2d2cf2bf7c33c1a5395df5ccd4ceabfb10c72db240041d773dda

Analysis

max time kernel
30s
max time network
61s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2024 00:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RobloxPlayerInstaller.exe
Size

5.5MB
MD5

94740510822524d579f869a81e02f5ea
SHA1

0e87d714e9eec2eee7c3af028e8e66e7478a107f
SHA256

ad927962330c2d2cf2bf7c33c1a5395df5ccd4ceabfb10c72db240041d773dda
SHA512

7cb3e72b0f1bdcbd53096fdec470fec9a6aa56d56b5f4bfa86b6afaa3ddbd2be6878f7874feb2c15647a627cea34a1fee7be35f6d1dffbf6a5a9c0bf8efa1d24
SSDEEP

98304:nrvxPrhl9Tn+HPneE2baWbtglM4pZqmRPRwLuBmBzluav5:zBrhlGnsTgl3RPRnBezlPv5

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\IndieFlower-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\compositing\CompositPantsTemplate.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\Creepster-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\Montserrat-Bold.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\SourceSansPro-Light.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\configs\DateTimeLocaleConfigs\de-de.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\defaultDynamicHeadV2.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\models\AvatarCompatibilityPreviewer\bodyPreview.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\sounds\impact_water.mp3	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\GothamSSm-Bold.otf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\families\RobotoCondensed.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\meshes\rightarm.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\scripts\humanoidAnimatePlayEmote.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\unification\PhysicsReference.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\shaders\shaders_vulkan_desktop.pack	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\characterR15.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\compositing\CompositLeftArmBase.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\Montserrat-Medium.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\PatrickHand-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\compositing\CompositTShirt.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\BuilderSans-Medium.otf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\Sarpanch-Bold.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\Ubuntu-Italic.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\families\DenkOne.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\sky\cloudDetail.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\configs\DateTimeLocaleConfigs\en-au.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\Oswald-Bold.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\unification\AdapterReferenceVisible.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\AmaticSC-Bold.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\Fondamento-Italic.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\Kalam-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\SourceSansPro-Semibold.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\models\RigBuilder\AnthroRigs.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\compositing\CompositFullAtlasOverlayTexture.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\heads\headD.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\families\PermanentMarker.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\models\Thumbnails\Mannequins\R15.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\models\WindControl\windhose.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\defaultPants.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\places\UserSafetyTest.rbxl	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\configs\DateTimeLocaleConfigs\en-gb.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\models\AssetImporter\previewMesh.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\models\AvatarCompatibilityPreviewer\headPreview.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\models\LayeredClothingEditor\mannequin_mock.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\BuilderSans-Regular.otf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\NotoSansSinhalaUI-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\SourceSansPro-It.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\families\Arimo.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\sky\moon.jpg	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\compositing\R15CompositRightArmBase.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\LuckiestGuy-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\families\Oswald.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\unification\CollisionHead.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\shaders\shaders_d3d10_1.pack	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\families\SpecialElite.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\models\AvatarCompatibilityPreviewer\pedestal.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\Montserrat-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\models\AssetImporter\bonePreviewMesh.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\heads\headG.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\unification\humanoidAnimateR6WithFace.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\sky\cloudAdvection.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\PermanentMarker-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\families\PressStart2P.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\families\Sarpanch.json	RobloxPlayerInstaller.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe\" %1"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\version = "version-034c0d4a0a9b44cc"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerInstaller.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1940	RobloxPlayerInstaller.exe
1940	RobloxPlayerInstaller.exe

C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe"
1⤵
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
5.4MB

MD5
4fa63f4ccb9b1fca93ab82e51c6d4750

SHA1
1f26018c15ed5e14140ed44c28cf52a7b892fc86

SHA256
685f8b14eb645f892a666cf61cf691d086fe0d3e344a245323f1fe75034869fb

SHA512
a25031fb2afe1baebe9b46266192574c6c73b7fcd8e3e2897873d97b3f6232c5228fa4f633b1df98b9410808d5afe1dd470cd8f3f6dbc0c52526311b769554ab

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\b022682dd39d113f2d5a65a172dbd28f

Filesize
5.8MB

MD5
b022682dd39d113f2d5a65a172dbd28f

SHA1
aa874df3d3d0a9539c53a8a0c96c4c119bae2c52

SHA256
47a2e8bbef18d5491be3c449d9a5464a8804d9d1a85bc7e24ff80876e85104a3

SHA512
d6746ca7c1e10b1ed7fb48d857210ce5cd0f0542c81fdbf00a6afaf4607f30020ccc09f4c41ef9f50bc2562bf6e4380e7abaef1d5a5b1e91773281bcd9e58525

Download Submit