Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

URLScan

urlscan

1

https://cloud.bluest...

windows7-x64

8

https://cloud.bluest...

windows10-2004-x64

8

Analysis

  • max time kernel
    69s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/01/2023, 14:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cloud.bluestacks.com/api/getdownloadnow?platform=win&win_version=10&mac_version=&client_uuid=b3eb443b-13c1-44ca-bd20-bdfd87b82d02&app_pkg=&platform_cloud=%257B%2522description%2522%253A%2522Chrome%2520108.0.0.0%2520on%2520Windows%252010%252064-bit%2522%252C%2522layout%2522%253A%2522Blink%2522%252C%2522manufacturer%2522%253Anull%252C%2522name%2522%253A%2522Chrome%2522%252C%2522prerelease%2522%253Anull%252C%2522product%2522%253Anull%252C%2522ua%2522%253A%2522Mozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64)%2520AppleWebKit%252F537.36%2520(KHTML%252C%2520like%2520Gecko)%2520Chrome%252F108.0.0.0%2520Safari%252F537.36%2522%252C%2522version%2522%253A%2522108.0.0.0%2522%252C%2522os%2522%253A%257B%2522architecture%2522%253A64%252C%2522family%2522%253A%2522Windows%2522%252C%2522version%2522%253A%252210%2522%257D%257D&preferred_lang=es&utm_source=&utm_medium=&gaCookie=&gclid=&clickid=&msclkid=&affiliateId=&offerId=&transaction_id=&aff_sub=&first_landing_page=&referrer=&download_page_referrer=&utm_campaign=homepage-dl-button-es&user_id=&exit_utm_campaign=homepage-dl-button-es&incompatible=false&bluestacks_version=bs5&device_memory=4&device_cpu_cores=4

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://cloud.bluestacks.com/api/getdownloadnow?platform=win&win_version=10&mac_version=&client_uuid=b3eb443b-13c1-44ca-bd20-bdfd87b82d02&app_pkg=&platform_cloud=%257B%2522description%2522%253A%2522Chrome%2520108.0.0.0%2520on%2520Windows%252010%252064-bit%2522%252C%2522layout%2522%253A%2522Blink%2522%252C%2522manufacturer%2522%253Anull%252C%2522name%2522%253A%2522Chrome%2522%252C%2522prerelease%2522%253Anull%252C%2522product%2522%253Anull%252C%2522ua%2522%253A%2522Mozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64)%2520AppleWebKit%252F537.36%2520(KHTML%252C%2520like%2520Gecko)%2520Chrome%252F108.0.0.0%2520Safari%252F537.36%2522%252C%2522version%2522%253A%2522108.0.0.0%2522%252C%2522os%2522%253A%257B%2522architecture%2522%253A64%252C%2522family%2522%253A%2522Windows%2522%252C%2522version%2522%253A%252210%2522%257D%257D&preferred_lang=es&utm_source=&utm_medium=&gaCookie=&gclid=&clickid=&msclkid=&affiliateId=&offerId=&transaction_id=&aff_sub=&first_landing_page=&referrer=&download_page_referrer=&utm_campaign=homepage-dl-button-es&user_id=&exit_utm_campaign=homepage-dl-button-es&incompatible=false&bluestacks_version=bs5&device_memory=4&device_cpu_cores=4
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:884
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:884 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:680

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    a84659e00d09b65942dd6319948f4b09

    SHA1

    5019ed50b4dc83eb14ee8f741b7fb78b0cd32483

    SHA256

    5883ea503ab00c9fa511bb6ba9f0367ef9e37951f681ed647d76e61646946708

    SHA512

    974b291e90ddf2bea9436bfb1ba6649530a29d1611885fc909e41a99f47211414c9cb86d13cbd30229274da1ca35533ad0da2c695499df77036cfe0b096ca404

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    38d5ba9a71b19528f39aeac4c9be9fbe

    SHA1

    8da6544d0e48f2b07675bac36b60a91cb62d07eb

    SHA256

    49534fcee31b7f66a1c51a2e527537dcb02bb44fec879368ae95d99f07efd3f9

    SHA512

    92b54ef943f33b9846e2fa10a48190edbabc85d97b4a58b2d5ffebceaebc25f461a7e318ff5f648bf74ece96c78689af003aceb94a8209c655d9cbb7987aec1a

    Download Submit