Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows11-21h2_x64 -
resource
win11-20241023-en -
resource tags
arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system -
submitted
17/11/2024, 14:22
Static task
static1
General
-
Target
RobloxPlayerInstaller.exe
-
Size
6.8MB
-
MD5
91563396f82674c0b8a13a5bd4faa2cc
-
SHA1
becfde376e3053a2593640e8fbb743890077ed07
-
SHA256
c4e4b832dfab883152602b2ffef83f57281ebd8d08b3b8b12540f580fe0526d0
-
SHA512
07ee5e4084c24885ce735e93c314700dfaad96bf1b65e63a36a9c14c9f91a14fb6d4e26a534627e6a0df9416ce6a80f0539af3e50d5606489638a36b6da95e09
-
SSDEEP
98304:Mcv+QirHeUqMuUP0vjg9bJnAVxlVvq0waHsdRblAH4qPSAupG+udFJp0:HpirHeUqOYkJSqcHsdRbgPQpB83a
Malware Config
Signatures
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxPlayerInstaller.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\VR\VRPointerDiscRed.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\Controls\DesignSystem\ButtonL3.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\configs\ReflectionLoggerConfig\EphemeralCounterWhitelistMock.json RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\CollisionGroupsEditor\delete.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaChat\graphic\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\DefaultController\ButtonR1.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaApp\graphic\gr-avatar [email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaChat\icons\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Capture\Shutter.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaChat\icons\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\AnimationEditor\image_keyframe_linear_selected.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\TerrainTools\mtrl_slate.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Settings\Players\BlockIcon.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\TerrainEditor\crater.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\PlayStationController\PS4\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Settings\LeaveGame\Button_1080.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\avatar\unification\R15.rbxm RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\fonts\GrenzeGotisch-Regular.ttf RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\9SliceEditor\Dragger2Right.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\TerrainTools\mtrl_ground_2022.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\CollisionGroupsEditor\rename.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\DefaultController\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\InGameMenu\game_tiles_background.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ManageCollaborators\arrowRight_dark.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\MaterialManager\Recents.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\VoiceChat\SpeakerNew\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\PlayStationController\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\LegacyRbxGui\brickSide.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\fonts\Montserrat-Black.ttf RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\StudioToolbox\Clear.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\TerrainTools\mtrl_basalt.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\TextureViewer\refresh_dark_theme.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\TopBar\coloredlogo.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\VR\buttonBackground.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\PlatformContent\pc\textures\sky\indoor512_rt.tex RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\avatar\scripts\CompositorAnimate\v1betaRC1\AnimateDependencies.rbxm RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\AnimationEditor\animation_editor_blue.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\StudioSharedUI\radio_selected_enabled_dark.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\XboxController\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\PlayStationController\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaChat\9-slice\tag-bubble.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaChatV2\ic-friend-empty-border.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaApp\icons\ic-game.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\GameSettings\delete.PNG RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\ImageSet\AE\img_set_1x_1.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\PlayerList\TileShadowMissingTop.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\StudioSharedUI\packages.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\TagEditor\huesatgradient.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\TerrainTools\icon_regions_fill.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Backpack\Backpack.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\StudioToolbox\AssetConfig\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\StudioToolbox\AssetConfig\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\StudioUIEditor\icon_resize4.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\VoiceChat\MicLight\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\RoactStudioWidgets\toggle_disable_light.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\TerrainTools\mtrl_concrete.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Emotes\Large\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ViewSelector\right_zh_cn.png RobloxPlayerInstaller.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RobloxPlayerInstaller.exe -
Enumerates system info in registry 2 TTPs 2 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS RobloxPlayerInstaller.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer RobloxPlayerInstaller.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio RobloxPlayerInstaller.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" RobloxPlayerInstaller.exe -
Modifies registry class 10 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\version = "version-e0a840597ded474b" RobloxPlayerInstaller.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell RobloxPlayerInstaller.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe" RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open RobloxPlayerInstaller.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe\" %1" RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio RobloxPlayerInstaller.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol" RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon RobloxPlayerInstaller.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1984 RobloxPlayerInstaller.exe 1984 RobloxPlayerInstaller.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe"1⤵
- Checks whether UAC is enabled
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1984
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.8MB
MD57478745f2ffdcebdb1c5ccbd482312b8
SHA16f754125fdea66ca783875f7c6c0f96be14211d3
SHA256ae19ae02450f9e885abbed2e40fbabf9992acf61fd206d6ec0da8fcc2ecfeecb
SHA5129ff8e19eb3471d69654a9a83fdc62f9d340dfee344a1cc89802ab4924921edc2c4b1e4f6573143ac61cb61d970d6150ae694369c90ba453cfeb63966d85bf352
-
Filesize
7.0MB
MD5c261fa92769bc5ab6443aade831bdc18
SHA160c313b138fdc767d1b6108e6ce5c800ac1f4bf1
SHA256c6f1c59442953fb894b7414e2bc7c494d379df20a81bef8a974afec150e0cab5
SHA51285f433f98441707bffb7d071e8dd20c77766244cc649b6887f43cc01e6d791f70a87f83d836a6f20d35c148327f466e184b3db7ae8db20fab9d3f36efc675e35