Analysis Overview
SHA256
c4e4b832dfab883152602b2ffef83f57281ebd8d08b3b8b12540f580fe0526d0
Threat Level: Shows suspicious behavior
The file RobloxPlayerInstaller.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks whether UAC is enabled
Drops file in Program Files directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-17 14:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-17 14:22
Reported
2024-11-17 14:26
Platform
win11-20241023-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\VR\VRPointerDiscRed.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\Controls\DesignSystem\ButtonL3.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\configs\ReflectionLoggerConfig\EphemeralCounterWhitelistMock.json | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\CollisionGroupsEditor\delete.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\DefaultController\ButtonR1.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaApp\graphic\gr-avatar [email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Capture\Shutter.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\AnimationEditor\image_keyframe_linear_selected.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\TerrainTools\mtrl_slate.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Settings\Players\BlockIcon.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\TerrainEditor\crater.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\PlayStationController\PS4\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Settings\LeaveGame\Button_1080.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\avatar\unification\R15.rbxm | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\fonts\GrenzeGotisch-Regular.ttf | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\9SliceEditor\Dragger2Right.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\TerrainTools\mtrl_ground_2022.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\CollisionGroupsEditor\rename.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\DefaultController\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\InGameMenu\game_tiles_background.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ManageCollaborators\arrowRight_dark.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\MaterialManager\Recents.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\VoiceChat\SpeakerNew\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\PlayStationController\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\LegacyRbxGui\brickSide.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\fonts\Montserrat-Black.ttf | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\StudioToolbox\Clear.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\TerrainTools\mtrl_basalt.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\TextureViewer\refresh_dark_theme.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\TopBar\coloredlogo.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\VR\buttonBackground.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\PlatformContent\pc\textures\sky\indoor512_rt.tex | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\avatar\scripts\CompositorAnimate\v1betaRC1\AnimateDependencies.rbxm | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\AnimationEditor\animation_editor_blue.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\StudioSharedUI\radio_selected_enabled_dark.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\XboxController\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\PlayStationController\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaChat\9-slice\tag-bubble.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaChatV2\ic-friend-empty-border.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaApp\icons\ic-game.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\GameSettings\delete.PNG | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\ImageSet\AE\img_set_1x_1.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\PlayerList\TileShadowMissingTop.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\StudioSharedUI\packages.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\TagEditor\huesatgradient.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\TerrainTools\icon_regions_fill.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Backpack\Backpack.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\StudioToolbox\AssetConfig\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\StudioToolbox\AssetConfig\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\StudioUIEditor\icon_resize4.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\VoiceChat\MicLight\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\RoactStudioWidgets\toggle_disable_light.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\TerrainTools\mtrl_concrete.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Emotes\Large\[email protected] | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ViewSelector\right_zh_cn.png | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\version = "version-e0a840597ded474b" | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe" | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe\" %1" | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol" | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49770 | tcp | |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | client-telemetry.roblox.com | udp |
| GB | 128.116.119.4:443 | client-telemetry.roblox.com | tcp |
| N/A | 127.0.0.1:49774 | tcp | |
| FR | 13.249.9.54:443 | clientsettingscdn.roblox.com | tcp |
| US | 205.234.175.102:443 | setup.rbxcdn.com | tcp |
| N/A | 127.0.0.1:49777 | tcp | |
| N/A | 127.0.0.1:49792 | tcp | |
| US | 205.234.175.102:443 | setup.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | setup.rbxcdn.com | tcp |
Files
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
| MD5 | 7478745f2ffdcebdb1c5ccbd482312b8 |
| SHA1 | 6f754125fdea66ca783875f7c6c0f96be14211d3 |
| SHA256 | ae19ae02450f9e885abbed2e40fbabf9992acf61fd206d6ec0da8fcc2ecfeecb |
| SHA512 | 9ff8e19eb3471d69654a9a83fdc62f9d340dfee344a1cc89802ab4924921edc2c4b1e4f6573143ac61cb61d970d6150ae694369c90ba453cfeb63966d85bf352 |
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\c261fa92769bc5ab6443aade831bdc18
| MD5 | c261fa92769bc5ab6443aade831bdc18 |
| SHA1 | 60c313b138fdc767d1b6108e6ce5c800ac1f4bf1 |
| SHA256 | c6f1c59442953fb894b7414e2bc7c494d379df20a81bef8a974afec150e0cab5 |
| SHA512 | 85f433f98441707bffb7d071e8dd20c77766244cc649b6887f43cc01e6d791f70a87f83d836a6f20d35c148327f466e184b3db7ae8db20fab9d3f36efc675e35 |