Overview

overview

6

Static

static

1

RobloxPlay...er.exe

windows7-x64

6

RobloxPlay...er.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    1440s
  • max time network
    1443s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30/09/2024, 15:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RobloxPlayerLauncher.exe

  • Size

    2.1MB

  • MD5

    a37cac76cc02bf62462a514281e29047

  • SHA1

    5b430683926059ef58df924fd87638abb2d82eab

  • SHA256

    af4f0da458195e016f0a5e395df89c36f005bf24ca1ddd68a35373ba8ff66734

  • SHA512

    c94ffc5ba4a4abddb437f46115f1eb83e3b6a51224860e337f4286edd0e8442676f3b999a28234c34f61f983cbbc2363fb953306dfe1ef98d710752e0e29ef51

  • SSDEEP

    49152:NYuRj40EoNbMp3zEKzIATbqa3q2WrT2/MyPMQ3dSIDTrb6SMg:ucjCoNbGzEKzRPbP

Score
6/10
discoveryevasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies system certificate store 2 TTPs 5 IoCs
    evasionspywaretrojan
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:2688
    • C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
      C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=3539e67194ee6ba0c99d6e96abe3b09d611a4794 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=0 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5a4,0x5a8,0x5ac,0x580,0x5b4,0x1098c44,0x1098c54,0x1098c64
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2572

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    42900099f5b387d8bc22f8d54143b24c

    SHA1

    fa0cbeddb995ba392731caf774adb45203bfbddf

    SHA256

    7ffb5e7964c9752935c0fe3998eb4f5be5c30c43bdad9deac67659b4f11735fc

    SHA512

    f91a917bb1b24b58e46538eff8dab0bfbf41119deec30c0c9d7b9ced61b4b53ce08b7836590d4f24a0f6b27f6a3823ab5b8e9e35140915d9ab256e1cb5970ac1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab59C4.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit