Overview

overview

8

Static

static

URLScan

urlscan

1

https://cloud.bluest...

windows7-x64

8

https://cloud.bluest...

windows10-2004-x64

8

Analysis

  • max time kernel
    66s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    07-01-2023 14:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cloud.bluestacks.com/api/getdownloadnow?platform=win&win_version=10&mac_version=&client_uuid=b3eb443b-13c1-44ca-bd20-bdfd87b82d02&app_pkg=&platform_cloud=%257B%2522description%2522%253A%2522Chrome%2520108.0.0.0%2520on%2520Windows%252010%252064-bit%2522%252C%2522layout%2522%253A%2522Blink%2522%252C%2522manufacturer%2522%253Anull%252C%2522name%2522%253A%2522Chrome%2522%252C%2522prerelease%2522%253Anull%252C%2522product%2522%253Anull%252C%2522ua%2522%253A%2522Mozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64)%2520AppleWebKit%252F537.36%2520(KHTML%252C%2520like%2520Gecko)%2520Chrome%252F108.0.0.0%2520Safari%252F537.36%2522%252C%2522version%2522%253A%2522108.0.0.0%2522%252C%2522os%2522%253A%257B%2522architecture%2522%253A64%252C%2522family%2522%253A%2522Windows%2522%252C%2522version%2522%253A%252210%2522%257D%257D&preferred_lang=es&utm_source=&utm_medium=&gaCookie=&gclid=&clickid=&msclkid=&affiliateId=&offerId=&transaction_id=&aff_sub=&first_landing_page=&referrer=&download_page_referrer=&utm_campaign=homepage-dl-button-es&user_id=&exit_utm_campaign=homepage-dl-button-es&incompatible=false&bluestacks_version=bs5&device_memory=4&device_cpu_cores=4

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://cloud.bluestacks.com/api/getdownloadnow?platform=win&win_version=10&mac_version=&client_uuid=b3eb443b-13c1-44ca-bd20-bdfd87b82d02&app_pkg=&platform_cloud=%257B%2522description%2522%253A%2522Chrome%2520108.0.0.0%2520on%2520Windows%252010%252064-bit%2522%252C%2522layout%2522%253A%2522Blink%2522%252C%2522manufacturer%2522%253Anull%252C%2522name%2522%253A%2522Chrome%2522%252C%2522prerelease%2522%253Anull%252C%2522product%2522%253Anull%252C%2522ua%2522%253A%2522Mozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64)%2520AppleWebKit%252F537.36%2520(KHTML%252C%2520like%2520Gecko)%2520Chrome%252F108.0.0.0%2520Safari%252F537.36%2522%252C%2522version%2522%253A%2522108.0.0.0%2522%252C%2522os%2522%253A%257B%2522architecture%2522%253A64%252C%2522family%2522%253A%2522Windows%2522%252C%2522version%2522%253A%252210%2522%257D%257D&preferred_lang=es&utm_source=&utm_medium=&gaCookie=&gclid=&clickid=&msclkid=&affiliateId=&offerId=&transaction_id=&aff_sub=&first_landing_page=&referrer=&download_page_referrer=&utm_campaign=homepage-dl-button-es&user_id=&exit_utm_campaign=homepage-dl-button-es&incompatible=false&bluestacks_version=bs5&device_memory=4&device_cpu_cores=4
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1972 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1104

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    d17c325e8c852cbece8b0d80d0e827dc

    SHA1

    5fb78761318b0080d9594926a2ced121282ad08f

    SHA256

    7140355feed1b71ff143e8af3eb3d30e640da440b3b6ccc9a708a525e4a5a06b

    SHA512

    e4f7a64ce1437eb9e395f6f0abdab0d11064a0db9fe22c058f55b4bf324f499e7f43a6dbe1e5b7196eef93b1a9159fea2befd66732ebe8e9fe06c4f837375d5d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Y7UJPUAU.txt
    Filesize

    603B

    MD5

    48597239625634b82f6cbefca7c787cf

    SHA1

    ae922e3ed25cd1cf5db996a16a1f5841efc883f2

    SHA256

    6defe72f3f84427448f9406877835c039a99de8dda19d29ad070716ca63fcd07

    SHA512

    95e4c1faa112afe77ada17a3d07d6741642365b97573b9d33485b7fd63e25e8eab68ec2339c50946baddc9a235f2f411bc06fe7c922ef7a96afc294d3b1a4bef

    Download Submit