65f37b7282190878e166baee70ace082270667ea6ef8a55ec9b237fc33e5387c

Analysis

max time kernel
143s
max time network
129s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
04-11-2023 20:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BlueStacks_Soft.exe
Size

45.0MB
MD5

5c74337da357e753298bd0caf28ca768
SHA1

3c7d963066fcea336c31748a2c1732d4c61e8e92
SHA256

65f37b7282190878e166baee70ace082270667ea6ef8a55ec9b237fc33e5387c
SHA512

23efa6f5fdc79f1b64dc949167d828f31cb696b8daa29ccee0be33e017e74d168a8d6f51ff523fae42f597a4b590e79bc2a79d9872ae1f5706a279bc1b560a91
SSDEEP

786432:jw/Bf10nurIxotzzlJ75opKNXQmic5J4f0n74oe8DUEHqpEHSnA9SJNtlWsnaJEC:E/BfCnurICtzP7E+XQmiuJG0EoqyIEHN

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2056	BlueStacks_Soft.tmp

Loads dropped DLL 3 IoCs

pid	Process
1516	BlueStacks_Soft.exe
2056	BlueStacks_Soft.tmp
2056	BlueStacks_Soft.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2056	BlueStacks_Soft.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 2056	1516	BlueStacks_Soft.exe	28
PID 1516 wrote to memory of 2056	1516	BlueStacks_Soft.exe	28
PID 1516 wrote to memory of 2056	1516	BlueStacks_Soft.exe	28
PID 1516 wrote to memory of 2056	1516	BlueStacks_Soft.exe	28
PID 1516 wrote to memory of 2056	1516	BlueStacks_Soft.exe	28
PID 1516 wrote to memory of 2056	1516	BlueStacks_Soft.exe	28
PID 1516 wrote to memory of 2056	1516	BlueStacks_Soft.exe	28

C:\Users\Admin\AppData\Local\Temp\BlueStacks_Soft.exe
"C:\Users\Admin\AppData\Local\Temp\BlueStacks_Soft.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Users\Admin\AppData\Local\Temp\is-PD6NC.tmp\BlueStacks_Soft.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-PD6NC.tmp\BlueStacks_Soft.tmp" /SL5="$70122,46341165,832512,C:\Users\Admin\AppData\Local\Temp\BlueStacks_Soft.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-PD6NC.tmp\BlueStacks_Soft.tmp

Filesize
3.1MB

MD5
c3198c4bb4d6fa16b223c6df6e5795ff

SHA1
c8487bb2aa94321425a6fa80bab0197011139524

SHA256
b0238a3f71905bd7ad8c24a18b655a1edfb73cf515089698c0a48fd1afd24eff

SHA512
349507476aa44d0c048f1b6d753cf6d303231ac94847c7fcd5139165c1ea1c1188d7e22e779268f0a5ca4e8571debd98814413ff9ca7c858638a9ed48eae41ce

Download Submit
\Users\Admin\AppData\Local\Temp\is-D36F8.tmp\T2B1P1U1.dll

Filesize
510KB

MD5
8a1e27b27604a98e29e3c77be06a1902

SHA1
4e8eebcf4e32c04cb72d74695d62b3c12aab1cda

SHA256
b785231aabe0f35eb1d81bf023604bcfb9fedbb5dcbc2ce3209e9bafdd134292

SHA512
526f05f7fd7fc0ee79079c3e38f49b3746ff2109d45e87a641a226cba9094cb066120b5228fe698f50043373c7236228e84d062a783bfb4f1cad0cec2c37e7df

Download Submit
\Users\Admin\AppData\Local\Temp\is-D36F8.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
\Users\Admin\AppData\Local\Temp\is-PD6NC.tmp\BlueStacks_Soft.tmp

Filesize
3.1MB

MD5
c3198c4bb4d6fa16b223c6df6e5795ff

SHA1
c8487bb2aa94321425a6fa80bab0197011139524

SHA256
b0238a3f71905bd7ad8c24a18b655a1edfb73cf515089698c0a48fd1afd24eff

SHA512
349507476aa44d0c048f1b6d753cf6d303231ac94847c7fcd5139165c1ea1c1188d7e22e779268f0a5ca4e8571debd98814413ff9ca7c858638a9ed48eae41ce

Download Submit
memory/1516-1-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1516-24-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2056-15-0x0000000003A40000-0x0000000003AC9000-memory.dmp

Filesize
548KB

Download
memory/2056-17-0x0000000003C10000-0x0000000003C11000-memory.dmp

Filesize
4KB

Download
memory/2056-8-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2056-26-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2056-27-0x0000000003A40000-0x0000000003AC9000-memory.dmp

Filesize
548KB

Download
memory/2056-28-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2056-30-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2056-34-0x0000000003A40000-0x0000000003AC9000-memory.dmp

Filesize
548KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads