Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

RobloxPlay...er.exe

windows7-x64

6

RobloxPlay...er.exe

windows10-2004-x64

7

Resubmissions

11/07/2024, 01:42

240711-b4wwtathph 8

11/07/2024, 01:41

240711-b4gf5a1hqm 7

Analysis

  • max time kernel
    3s
  • max time network
    7s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/07/2024, 01:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RobloxPlayerLauncher.exe

  • Size

    5.8MB

  • MD5

    b022682dd39d113f2d5a65a172dbd28f

  • SHA1

    aa874df3d3d0a9539c53a8a0c96c4c119bae2c52

  • SHA256

    47a2e8bbef18d5491be3c449d9a5464a8804d9d1a85bc7e24ff80876e85104a3

  • SHA512

    d6746ca7c1e10b1ed7fb48d857210ce5cd0f0542c81fdbf00a6afaf4607f30020ccc09f4c41ef9f50bc2562bf6e4380e7abaef1d5a5b1e91773281bcd9e58525

  • SSDEEP

    98304:6Qv2DFDUtJEjcseLtY1pthFX26elVJ2qg4FMvq821kRlzcV7yMuh:B2BDULEjL//elNg44R+VGMA

Score
7/10
evasionspywarestealertrojan

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe"
    1⤵
    • Checks computer location settings
    • Checks whether UAC is enabled
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3972
    • C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
      C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://uploads.backtrace.rbx.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=cb5e1ef861e0b94bbfd3c1c166285778889972be --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x7b4,0x7ac,0x7b8,0x67c,0x6ac,0x1826a74,0x1826a84,0x1826a94
      2⤵
        PID:3748

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
      Filesize

      2KB

      MD5

      c361abef55c9deca3430fc383378c04c

      SHA1

      c5eee0cc9e59c101c90414cb562688cfd7d48421

      SHA256

      bf8c55dbfdf76fffcb08902063d95865a9b767247c1b79dc3705f39f006ef05a

      SHA512

      1c39ab2018eb769191198a8d0f4695ee90bdeec99bc74bb87db7d1df74672ec0ba91cc9ba6bc0fbd0b3d3b67e227fe50e64a0a5cb0e7472848325415bb00114e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
      Filesize

      1KB

      MD5

      4930610a8a69f0dbb782ed1e766dde54

      SHA1

      7e4cb627f187156b2121594a9028dbdfa138c617

      SHA256

      00a45205bc050ece00eaf2a5435405593bce15aaf43af5474be5ed8670135aab

      SHA512

      c112a3100a016bd36b13de88130cea3dbc2ec51dc42bd6705b04d02685e679428cc09ef63800b25aa07f45053659579f5ed62aaa0592430302ae1b5c0752c608

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
      Filesize

      488B

      MD5

      c27888bf56e2aa2c203aac9c64f19d6d

      SHA1

      5bddd02037fbebe5fb689b01cf01b66cb3182a8f

      SHA256

      3040bf8e149b25570233c114f465f7770182d1c37109484e00b4288175276fb3

      SHA512

      45ee27f277db23647ccd5ff130a14963d509ba2fd0b2b17044a25d024b883a0096b47f1f2eda3bedc494ef690df3188449cba0877bf685b36ad911206a6235c6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
      Filesize

      482B

      MD5

      62299e4bf2a88f3d029bad6c5769dd1a

      SHA1

      12d55b833581bec80607aa3be494f9006baee6a7

      SHA256

      cf0eebd352fe8e8d440756095a93401ac10901fcafedaa7efc835a3732145857

      SHA512

      e2e1b5b542e420c1bc8f0bd89dd625861c1deac6f940c04ae3cbefd84e6f3154bc5d60aeb908257194e08d949cfa2e5f0f9d35d24323db06221ced87e4f877e9

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MQYRE6E5\PCClientBootstrapper[1].json
      Filesize

      8KB

      MD5

      dc739793526b0863ec929014503e2f7d

      SHA1

      d08912f1cbdd5819d0d42702f8943c03d61f4922

      SHA256

      b54095b8df7667737d879ea0e4c7e3ab35d4cafc12bc46af6ca941fddfda3a3d

      SHA512

      ee585523805ba42f9d64b498ffe3e13d3e4f9a14e24ffbd3b23a5da85f5f45155e7bd56f85f72d8935cbcca55fb5b006f9fc827ddfa44139b9be84f3c26f9bbd

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R9TFLRJ7\BatchIncrement[1].json
      Filesize

      163B

      MD5

      bedbf7d7d69748886e9b48f45c75fbbe

      SHA1

      aa0789d89bfbd44ca1bffe83851af95b6afb012c

      SHA256

      b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

      SHA512

      7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

      Download Submit