9bac38d897b4f8cbaa3bd89ec459833007f2757759ea1849c2d5a4ec4cd38823

Analysis

max time kernel
1558s
max time network
1591s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 17:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BlueStacks10Installer_10.25.0.1001_native_ce685bd702de7b1b0e37d173f92c6c2f_MDs1LDM7MTUsMTsxNSw0OzE1.exe
Size

910KB
MD5

c2926fa2deca63bde88cc201b12730db
SHA1

0a728540ef83f36554935403502875ed30d8f0fe
SHA256

9bac38d897b4f8cbaa3bd89ec459833007f2757759ea1849c2d5a4ec4cd38823
SHA512

97f153eaff3f9eb996f26807380fef72692d4b68250e6fac8f2c8b897fa96768a975a05a0b99926a6c9a4bc8969203af892df0d16d4f5f1e66813ba4f709f4ff
SSDEEP

24576:DivtCXWeGKL9Txt9OkcXsbpmBKm6HOSj/RXk:GtCXWP+vz5ccbABKfuS9k

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2860	BlueStacksInstaller.exe
2904	HD-CheckCpu.exe

Loads dropped DLL 4 IoCs

pid	Process
2084	BlueStacks10Installer_10.25.0.1001_native_ce685bd702de7b1b0e37d173f92c6c2f_MDs1LDM7MTUsMTsxNSw0OzE1.exe
2084	BlueStacks10Installer_10.25.0.1001_native_ce685bd702de7b1b0e37d173f92c6c2f_MDs1LDM7MTUsMTsxNSw0OzE1.exe
2084	BlueStacks10Installer_10.25.0.1001_native_ce685bd702de7b1b0e37d173f92c6c2f_MDs1LDM7MTUsMTsxNSw0OzE1.exe
2084	BlueStacks10Installer_10.25.0.1001_native_ce685bd702de7b1b0e37d173f92c6c2f_MDs1LDM7MTUsMTsxNSw0OzE1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2860	BlueStacksInstaller.exe
2860	BlueStacksInstaller.exe
2860	BlueStacksInstaller.exe
2860	BlueStacksInstaller.exe
2860	BlueStacksInstaller.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2860	BlueStacksInstaller.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2860	2084	BlueStacks10Installer_10.25.0.1001_native_ce685bd702de7b1b0e37d173f92c6c2f_MDs1LDM7MTUsMTsxNSw0OzE1.exe	28
PID 2084 wrote to memory of 2860	2084	BlueStacks10Installer_10.25.0.1001_native_ce685bd702de7b1b0e37d173f92c6c2f_MDs1LDM7MTUsMTsxNSw0OzE1.exe	28
PID 2084 wrote to memory of 2860	2084	BlueStacks10Installer_10.25.0.1001_native_ce685bd702de7b1b0e37d173f92c6c2f_MDs1LDM7MTUsMTsxNSw0OzE1.exe	28
PID 2084 wrote to memory of 2860	2084	BlueStacks10Installer_10.25.0.1001_native_ce685bd702de7b1b0e37d173f92c6c2f_MDs1LDM7MTUsMTsxNSw0OzE1.exe	28
PID 2860 wrote to memory of 2904	2860	BlueStacksInstaller.exe	29
PID 2860 wrote to memory of 2904	2860	BlueStacksInstaller.exe	29
PID 2860 wrote to memory of 2904	2860	BlueStacksInstaller.exe	29
PID 2860 wrote to memory of 2904	2860	BlueStacksInstaller.exe	29

C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.25.0.1001_native_ce685bd702de7b1b0e37d173f92c6c2f_MDs1LDM7MTUsMTsxNSw0OzE1.exe
"C:\Users\Admin\AppData\Local\Temp\BlueStacks10Installer_10.25.0.1001_native_ce685bd702de7b1b0e37d173f92c6c2f_MDs1LDM7MTUsMTsxNSw0OzE1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Users\Admin\AppData\Local\Temp\7zS42836116\BlueStacksInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS42836116\BlueStacksInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2860
- - C:\Users\Admin\AppData\Local\Temp\7zS42836116\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS42836116\HD-CheckCpu.exe" --cmd checkHypervEnabled
    3⤵
    - Executes dropped EXE
    PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c1da3c17b23489ac067f7d432128108

SHA1
7187cd5f74c617f1a3ce5cd8cf14d5d439a8aaba

SHA256
8270ed0006df271c5254bed94f8913d6209e8fb1e566132277fad9b782fd4211

SHA512
5b46773701fc1f28e1c92e781f218976ab54736d51346a02629bf3acbed4195d9aba40647f3dff79904ae10442b0b7d8c88fb996f720e1bd0439c9538c23cf02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8df9cdabb395743f7a19564fa18e4622

SHA1
33d0b893b1a7dd3dabd845db64700a11a2520a25

SHA256
9c2c4ddfadf3999de3f7586040d112457678b5f67e5adb5a7d4cd487162e7836

SHA512
b0fce6e22b9f78cb94280f2f6525abe565cfa24347276c364873569a87662fad599ff7a2f5de8c64fb5faa04348b370adbae926978813e3b9b77a8f4fcf06782

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d214a8ba581a209b0d2ce0b09ca7a50

SHA1
14504e98fbb49431a3b238c1118a90c5c92c2eab

SHA256
33041da4d4fd635b32aeec98bc77c4a6ba7b0f74bf1e87f4f7a5770796aa339d

SHA512
c59e1f66a6138790d0e17b8a2329f04c2c70ae8876bed8e143f6b237207cd150db0ff28a7843925131f4ab9d3f84cecb0f4f7ade73e1a2005c0d638e86daba46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3bac84f693f70f146bd9495efecd1237

SHA1
f0088f4a6e728bfd801c9c0b20b2f186ddbd2d1f

SHA256
e937d5652cb882407d99d8350d08b93bdde271db1a6e63b5a4c5f33af8322a1c

SHA512
7a76bf1b826cfb31f26f9aaa49da46d33dcc71874c24330d12cc5c9f4c1383ae7a749c9577e6afb4cc9d96620be4e24a393f9728ae6c36277ead7345dc739c0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f36687a965e9a9fb93078bfa124054bb

SHA1
f38344a0c58fe82f7bed80c40b25a094a626ff79

SHA256
eb092399c8e98f7031fd4fec018216e735f7ed94e87fdf2eb75fb62da9970349

SHA512
1ecf2991b63a0a5ea4845d5f50e72eaef5e60ae3c2b89ba76c6de11b7ca8001dbdf8bc97c180216522112bee828ef3549ebaca041f93d9f66e8e3c82e285401d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a76e91cc5ab031a57fa25393d9e9688

SHA1
cb2c2637f53e6ea86075c84db7751ac4cdcab400

SHA256
8a6e525fc7defb55b8b79de9f23e4ad22ee3877c28eb9a4463c19e8994274872

SHA512
da238aff9da55a57cc3ef95409ca638233718ec4528130b524b1f9eee132fe5c959d6966193bd261fac1ddcd79a5b4b0a8b3c31938b8e022fe70aac0630e10b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81b7a65206b42e17f68f6dbd84680e3b

SHA1
712c4a4503c22700aa11c078cf4614e588e46c3f

SHA256
70c4fceffbf373db83f5e74cb52cf9aaa646babe22b80259957a7c36d467c6f4

SHA512
2b33d4cfb4d4f217e6d527c6f4d8aba58deb4106c935985c37b6be5322dee5a9343d06be66afb1d642d72a77b67d789283304e59fbf49a91014182f34b1c2521

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42fab2442f0f9a74e537f9ee426b6f5f

SHA1
a70220fc4ec51aaae953a9fd1d226f36fcfeed3c

SHA256
ecff1753517944068b470457e0d9b7c913d85a68dfba8288aca6dec9ec656f4f

SHA512
632bbd2f2b49914182bec4e5a80f93755876e2a0dcd5690ca81cddf45461f3366850a15daa86f68c3a3c33108fa106e8b867c50ab3600bc10a1cb9e86a7679ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f2b8308d26de973fb24518beee398ae

SHA1
9c9a2892c2a1ad559585b126ff1a55fd05687c25

SHA256
7a74ae2efe2e5c514110e3a78807397b47fc2783fac46d0b2872cf7bdb71229c

SHA512
aecd83521bad5c1200f62bf3ff023a304f9ecef3b77ec7507ef7528f15f04748e3374ffa883b8cd2cccbbcba20419ed0c2343b1a1aeeb79d68e9959f5fa16b94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b5cdae20c0a8b876f427134fb12d030

SHA1
a4fd9aa4b505d4b5904c22817d14dde0487b96c1

SHA256
8efb18cdb358fe51b1b6f8fe96f8d1ffd851ff2c755cc1b8cf93065d48105dd3

SHA512
7f45d90bdc16a2f4e8fea2c13be711210b26e5fb90ed68d1c9f48bc5ddd5aaae84773e0336ec141f096c5777938968cb8fb1b21730bce91a873ec08d7dbf8240

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2617ddab1d48adb15bf949be092bf7ba

SHA1
b76514328c6c47fba99314c7985322ac8063b897

SHA256
22f61dcb07eac53c33adc62b540cdab7da54c7398cc3068b35b5fe8975f5d545

SHA512
f64fe0c7e88346649a172db4ad0e4a5153f72218ddfb3b05d2b04790ed40de91fba6ea926185f59ff4700306bb7e2937a5f146f4604f185b65bbad0beaa55a9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
010f11da96f42266ed59b626eead40ff

SHA1
c19a51d6455e1a52404a4b86d00db2b26f6fb2fd

SHA256
ae1966936fd9c7024d57cc32945ead95daf0aef1c1c5b3ae04a350843e17f6ae

SHA512
9bc88a2131ad8cd4e73ebee44fe91056a48c8f6054658a0169f15c0821d0a70d1e2b51c6477543e1c2007ae0c7852e30dff83d153dd712d8dd13660eda264060

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a59b7228d8ef7cb8b3e063ddb7f9b74

SHA1
eb52a01c7fdbfe4026fa7f5f1d92675354038637

SHA256
c5ac269f277b9295227d47fb6ba0ba6e947fbac4aa0d65b8e1c0d1417d268a85

SHA512
b52b263fc23ccf13f899bac1526e4c9eccc25869d62feaeb66f6d3ee7e4732c1334c1fc38dccdefaac14afee73981efe6d561dc0e0848407d74c768c2106a819

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24ab6c98ef188689fb0e7515fa5415bf

SHA1
eb32adf6e1437b52219da546906fb26d184a4032

SHA256
b47f087355b7c5bdfbbd8499cc3ec0f5c109efa582dc4472eb5ec8c17f28d8cf

SHA512
a04c34c5d4425e5ebcdc34cbe17a8b5294f847da8bcfa0a66d041d482ab19829a1b30aa810d4e84854b9b35cb18a214d47ccc414273784480884632fe42d6ce2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS42836116\Assets\error_icon_72.png

Filesize
1KB

MD5
4aaf83d2b3fd56ad806708e60474df39

SHA1
144777a265879b69fadea3eb3ac6939458918578

SHA256
84e59d14d9433e6c3d92daeb8c443063b5e3be6c0b297f0403dbde473a05cb3f

SHA512
3b8485f054fe6ed2374bc81cb1786f09741219fbfcb22503707b11cf5db1ab262ba4349633597d5d9ddabc3415b170fa8eebc932f58d211d7092b8fb96fa1304

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS42836116\Assets\exit_close.png

Filesize
670B

MD5
26eb04b9e0105a7b121ea9c6601bbf2a

SHA1
efc08370d90c8173df8d8c4b122d2bb64c07ccd8

SHA256
7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157

SHA512
9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS42836116\Assets\link.png

Filesize
306B

MD5
ae2c73ee43d722c327c7fb6fdbee905c

SHA1
96f238bf53ac80f5b7a9ad6ef2531e8e3f274628

SHA256
28c0abc6bfe7a155815104883a37a53dd783d142300471064c95eddf3cae0eaf

SHA512
5a1e341f727cf1cb4832cced8e96c5a74971451629603c48bfb91ceb4561d0122ab9ae701f8b34681d5f13115a384467d430ccb8282494b40f4577ebc3ad825b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS42836116\Assets\loader.png

Filesize
279B

MD5
03903fd42ed2ee3cb014f0f3b410bcb4

SHA1
762a95240607fe8a304867a46bc2d677f494f5c2

SHA256
076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1

SHA512
8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS42836116\Assets\minimize_progress.png

Filesize
212B

MD5
1504b80f2a6f2d3fefc305da54a2a6c2

SHA1
432a9d89ebc2f693836d3c2f0743ea5d2077848d

SHA256
2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6

SHA512
675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS42836116\BlueStacksInstaller.exe.config

Filesize
324B

MD5
1b456d88546e29f4f007cd0bf1025703

SHA1
e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

SHA256
d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

SHA512
c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS42836116\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS42836116\JSON.dll

Filesize
411KB

MD5
f5fd966e29f5c359f78cb61a571d1be4

SHA1
a55e7ed593b4bc7a77586da0f1223cfd9d51a233

SHA256
d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156

SHA512
d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS42836116\Locales\i18n.en-US.txt

Filesize
19KB

MD5
206562eed57e938afe21fc6942fa8e59

SHA1
779e90fec866c0fd2f47da020651db71c89ec3dd

SHA256
27d611a71edf36307a7ed0651f6c5910292ac7e2b68074a7e33d306b3d93ec45

SHA512
275c3192a7aee28fad31beb521cf5e7c66010e7562ce244ba9fc4de352f35b4ab63180ed12a56ea0b1458c185e076e2d07ba6d8797467177d3c5b2ac14371b26

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS42836116\ThemeFile

Filesize
80KB

MD5
c3e6bab4f92ee40b9453821136878993

SHA1
94493a6b3dfb3135e5775b7d3be227659856fbc4

SHA256
de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6

SHA512
a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1405.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
\Users\Admin\AppData\Local\Temp\7zS42836116\BlueStacksInstaller.exe

Filesize
623KB

MD5
667dc6e65e713ef551d46be4b9fc5160

SHA1
88d44e8d5c2a958cbbe96ced8888662273abc154

SHA256
8d2dfd057e6942dfe0425098ca4f46341b4ebe6ae42f5e9cfc420cc04d7f9b5d

SHA512
2ec115eb35fafce02471818ab0475e33c360591ee04abacafebc46bd431cc852bd50261c9a360bb0acb1cf6e6ad8cfb9ac5c691f48d982d25229e2e63008f1c3

Download Submit
memory/2860-628-0x000000001B100000-0x000000001B180000-memory.dmp

Filesize
512KB

Download
memory/2860-195-0x000000001A870000-0x000000001A871000-memory.dmp

Filesize
4KB

Download
memory/2860-192-0x0000000000640000-0x000000000064A000-memory.dmp

Filesize
40KB

Download
memory/2860-191-0x0000000000640000-0x000000000064A000-memory.dmp

Filesize
40KB

Download
memory/2860-190-0x000000001B100000-0x000000001B180000-memory.dmp

Filesize
512KB

Download
memory/2860-617-0x000000001B100000-0x000000001B180000-memory.dmp

Filesize
512KB

Download
memory/2860-526-0x000007FEF56B0000-0x000007FEF609C000-memory.dmp

Filesize
9.9MB

Download
memory/2860-126-0x0000000000B20000-0x0000000000B88000-memory.dmp

Filesize
416KB

Download
memory/2860-124-0x000000001B100000-0x000000001B180000-memory.dmp

Filesize
512KB

Download
memory/2860-123-0x000007FEF56B0000-0x000007FEF609C000-memory.dmp

Filesize
9.9MB

Download
memory/2860-122-0x00000000011C0000-0x000000000125E000-memory.dmp

Filesize
632KB

Download