b6a2553a504032002396ffd960725d5514e3aa1e81185620cd03e1481e9b6ce1

Analysis

max time kernel
39s
max time network
41s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-09-2024 04:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RobloxPlayerInstaller (1).exe
Size

5.6MB
MD5

58de8886e5f8771990ddfc3d09eeec16
SHA1

daf4387bab065c8a6dbff50a0c9f7beec6f40747
SHA256

b6a2553a504032002396ffd960725d5514e3aa1e81185620cd03e1481e9b6ce1
SHA512

e90c661051b2c8298abeae2d6a070a1547912d6cf3bb4892e30a583e5f906b043768934a85c76c45482c3326d93bc1090df3d4616824a7173fd2f061d81a2be3
SSDEEP

98304:DMvEig8irqBV3hh+w8dynal9EgWhPbhiBs3HuARTMUV6evbR:wEiBiY3VnrgWlR1VtvN

Score

6^/10

discovery evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller (1).exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\SpecialElite-Regular.ttf	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\families\SpecialElite.json	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\avatar\meshes\rightarm.mesh	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\families\Montserrat.json	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\avatar\defaultDynamicHead.rbxm	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\avatar\heads\headH.mesh	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\NotoNaskhArabicUI-Regular.ttf	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\families\LegacyArimo.json	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\models\ViewSelector\ViewSelector.rbxm	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\ssl\cacert.pem	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\configs\DateTimeLocaleConfigs\ja-jp.json	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\configs\DateTimeLocaleConfigs\en-us.json	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\configs\DateTimeLocaleConfigs\it-it.json	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\avatar\defaultDynamicHeadV2.rbxm	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\avatar\morpherEditorR15.rbxmx	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\avatar\heads\headC.mesh	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\sky\cloudDetail.dds	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\configs\DataModelPatchConfig\DataModelPatchConfig.json	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\families\Creepster.json	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\families\Michroma.json	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\models\Thumbnails\Mannequins\R15.rbxm	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\Oswald-Regular.ttf	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\RobotoMono-Regular.ttf	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\families\Ubuntu.json	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\shaders\keepme	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\sky\moon.jpg	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\configs\ReflectionLoggerConfig\EphemeralCounterWhitelist.json	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\Ubuntu-Regular.ttf	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\models\AssetImporter\bonePreviewMesh.mesh	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\models\RigBuilder\RigBuilderGUI.rbxm	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\NotoSansGeorgian-Regular.ttf	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\models\LayeredClothingEditor\PartHeadTemplate.rbxm	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\avatar\compositing\R15CompositLeftArmBase.mesh	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\Fondamento-Regular.ttf	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\models\MaterialManager\material_model.rbxm	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\configs\OtaPatchConfigs\DiscoveryOtaPatchConfig.json	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\avatar\meshes\torso.mesh	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\shaders\shaders_glsl.pack	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\sky\noise.dds	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\avatar\heads\headO.mesh	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\RobotoCondensed-Regular.ttf	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\configs\DateTimeLocaleConfigs\en-nz.json	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\NotoSansMyanmarUI-Regular.ttf	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\families\GrenzeGotisch.json	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\avatar\scripts\humanoidAnimatePlayEmote.rbxm	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\families\Bangers.json	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\sky\cloudDetail3D.dds	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\avatar\compositing\CompositLeftLegBase.mesh	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\LuckiestGuy-Regular.ttf	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\TwemojiMozilla.ttf	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\zekton_rg.ttf	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\families\Guru.json	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\models\ViewSelector\Basic.mesh	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\configs\DateTimeLocaleConfigs\zh-hk.json	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\avatar\unification\humanoidAnimateR6WithFace.rbxm	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\Merriweather-Regular.ttf	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\TitilliumWeb-Bold.ttf	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\avatar\heads\headD.mesh	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\avatar\morpherEditorR6.rbxmx	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\avatar\compositing\R15CompositRightArmBase.mesh	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\avatar\heads\head.mesh	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\fonts\AmaticSC-Bold.ttf	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\shaders\shaders_glsl3.pack	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-a0ba2708f6fc499b\content\configs\DateTimeLocaleConfigs\en-gb.json	RobloxPlayerInstaller (1).exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller (1).exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller (1).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller (1).exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller (1).exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller (1).exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerInstaller (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerInstaller (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\version = "version-cc14b244a0c64f28"	RobloxPlayerInstaller (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerInstaller (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerInstaller (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe\" %1"	RobloxPlayerInstaller (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerInstaller (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerInstaller (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerInstaller (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe"	RobloxPlayerInstaller (1).exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4868	RobloxPlayerInstaller (1).exe
4868	RobloxPlayerInstaller (1).exe

C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller (1).exe
"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller (1).exe"
1⤵
- Checks whether UAC is enabled
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
5.5MB

MD5
f9d1a553612f8203a5c246abffe99a18

SHA1
f82e4c089d3e702049eb354bdc935f6012394c26

SHA256
71f1dd2c68ec5d8e199004d99b807b079a257352987663d544c83b1dc34d0a28

SHA512
ba6d05d4da639a0b009d8146958c60b860ee043a8372a30796fb2169d2ceba13fbf0a4caf0a6120d3f28f58d7abbaa259591e85970a5a56940c8a01c2e313da8

Download Submit