52ed4671a31c8529f2ba3027e25080c842d09f0517fe64e844f93d619cb4dd26

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
14/06/2024, 09:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BlueStacksMicroInstaller_5.21.210.1023_native.exe
Size

910KB
MD5

d2c72208f8783ec83b123324e8093cc1
SHA1

4afbc9f19f8a194bccd5216e05083e0d7617fff0
SHA256

52ed4671a31c8529f2ba3027e25080c842d09f0517fe64e844f93d619cb4dd26
SHA512

03b7c6511e32f9822a42182776b2f862bae7627a2df374f874df05f3d46f90857a37afaf12d7d29a960f5d22536878dea9240c5872d84c9835663d219c5d531a
SSDEEP

24576:0ivtCXWeGK69Txt9OkcXGgrwPgZNYtOvLm:xtCXWPXvz5cXGcwPgZOtcLm

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2896	BlueStacksInstaller.exe
2268	HD-CheckCpu.exe

Loads dropped DLL 4 IoCs

pid	Process
1180	BlueStacksMicroInstaller_5.21.210.1023_native.exe
1180	BlueStacksMicroInstaller_5.21.210.1023_native.exe
1180	BlueStacksMicroInstaller_5.21.210.1023_native.exe
1180	BlueStacksMicroInstaller_5.21.210.1023_native.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2896	BlueStacksInstaller.exe
2896	BlueStacksInstaller.exe
2896	BlueStacksInstaller.exe
2896	BlueStacksInstaller.exe
2896	BlueStacksInstaller.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2896	BlueStacksInstaller.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 2896	1180	BlueStacksMicroInstaller_5.21.210.1023_native.exe	28
PID 1180 wrote to memory of 2896	1180	BlueStacksMicroInstaller_5.21.210.1023_native.exe	28
PID 1180 wrote to memory of 2896	1180	BlueStacksMicroInstaller_5.21.210.1023_native.exe	28
PID 1180 wrote to memory of 2896	1180	BlueStacksMicroInstaller_5.21.210.1023_native.exe	28
PID 2896 wrote to memory of 2268	2896	BlueStacksInstaller.exe	29
PID 2896 wrote to memory of 2268	2896	BlueStacksInstaller.exe	29
PID 2896 wrote to memory of 2268	2896	BlueStacksInstaller.exe	29
PID 2896 wrote to memory of 2268	2896	BlueStacksInstaller.exe	29

C:\Users\Admin\AppData\Local\Temp\BlueStacksMicroInstaller_5.21.210.1023_native.exe
"C:\Users\Admin\AppData\Local\Temp\BlueStacksMicroInstaller_5.21.210.1023_native.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Users\Admin\AppData\Local\Temp\7zSC9451816\BlueStacksInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\7zSC9451816\BlueStacksInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2896
- - C:\Users\Admin\AppData\Local\Temp\7zSC9451816\HD-CheckCpu.exe
    "C:\Users\Admin\AppData\Local\Temp\7zSC9451816\HD-CheckCpu.exe" --cmd checkHypervEnabled
    3⤵
    - Executes dropped EXE
    PID:2268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
635efd3447cfc133e0b5bfb9d5c96720

SHA1
e177dd261b85428fdd45fb49a4530bdbbe917ca1

SHA256
249d2f49d404e055c46a57b05f1a1ba5f668b989ad25aae00f1a359745fb726b

SHA512
3640232ae8bb82ea0e45f0cf547dba2e8c3997bcec7fa4fb9a2490bce02605b11eba457a521fd241fb49c57194e471b1d109d99961349f3898e88a3170ed9f5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9be67e20162c056ef555231eb3ecede1

SHA1
9127da0a07cf64f76b1beee6e0044e993e1e7a56

SHA256
d087069961d2e3d2a8a3dbef8a933096c2ea3652d30e2679de5405ce9a7bbab4

SHA512
ee8745ea0f4bfc8c6181d3fbf5906d131be75cf8b47ae063e4a1bcd24674cc158709a6d8fbd193cae4f681228dcb59d8cfb821f3dd918127e67020248f06a534

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67928a56dc8d5bbe83f904cbc8885e36

SHA1
a80067a5660ad63a9ee737e479866ef3cb13670b

SHA256
aca2620dfe8dea0c76585c84d9464527683f873c9ded0acf6270c5f9ba1c8484

SHA512
8e3a02ac3b6fe121c3e9c356d24d4ff84c0aae8a745d0e975863f3fed6c85c90cf4b247cea28731076a071a493376a40f497892c4fee6702879c9e217e010cba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a1253604b953c4de13acc43e6739a55

SHA1
b6660a856c38a0d7eb8799cb50357751702d54f6

SHA256
5266d1811cf72b4fad3fa1a3a91d53e63ca1763eb0b5a60d70d3e4065713ffda

SHA512
420db3c0460cf9d8534530e1e14017b695cd52764213f7ae0414a1a7914f3ee7506a27efc4640fa5d29e96e788a6298ed41927e4f0e80cbb99c825aa5d40fcf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10e07a681ac749641a6e63f7bc476a3d

SHA1
2a6be7a5c925f6ff30ad529d87ec1bb5c41638d0

SHA256
29ac284646d61325d7838ded92153dfea8262bba3c7dac25349729930f7a7fb8

SHA512
7912ac6d450eb10235631713b8690d2241f572c31a2d9776047b120a63bda3e03e4ed785ff20d8f41e5bbdf287b0bbc9581ae35e94e5457f3969e1b264b599f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
057cc3a651ae7922eb15e56077614b30

SHA1
0aae4b8ac4c8a62641dd209a3005bf6766acba2a

SHA256
25babc12a84a74c968caa24b8579cd7691de9b1b6ceb5a4a95b84f3f1bce66cf

SHA512
688304990b861eea42fbbb7933840fc42fa7f2c815598569973ed929a602e58be627bd28fee37044fe43e1dc1d581a47e3a6294566a7c470783c6e6efe2ff153

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36583da90d5fe3378d6d78eba6b3da37

SHA1
df56e53f6dc508a1ed18be91f72945c19b94d168

SHA256
85a2019c2f2044cc9c4c0c7c51b2e6acf200fd5db0caeee5e6a5ac776078044b

SHA512
0bc7768ad5670838a31b563c3b8351f5c76d447732185b4b235dee34dc5503075ea979560b0f00a78c6f0a408feafd0a7e4303c01d65816c29d60779f96997dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9d3fbbeeb1db2921441663a26a512e4

SHA1
11bf993b926e5da0ff5817980893bb3b72635410

SHA256
2efe71d114650d67c06e437a29dedb00b04f6ae31e0734db4af19bd862d17887

SHA512
cc3c9f6fd1021808e70aa0c0b5d18fd50e472621c6760a2fe157b473440a33a4770ad9838110d858fbad9da4fdd78f058a1a0b940facb5fe55d1d1cf5bdc9fc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
557d30f2779c1e58236c32d084e24029

SHA1
f3d2fcbc5f6489efeec768649fb6ed9f3679bcd5

SHA256
d6ec48d0f7f84a9b48bfc8d73be55d35162d571a46e9847e61347045281f6178

SHA512
ba3453a169cd992a209aae5c8be534f7f03497ed9f13901546d9f31d2bb056b15dd6b43406ea68b12a5dce616ed2e49cf5ce14c00f86518f2af0745f15f4af84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5547fb4f140335b3667552626531666a

SHA1
6dba5360e19eff04bca7282dabf80d651fd26fed

SHA256
61009f354078a800a2903a7b4f797c6742b9ba15b27fa08aea6a7ebad075cade

SHA512
5f867d4da8716619aa5e93e81f04934329dafbfc766bb5a524ac6b90e77c7eb548b9a119b874a4e792510576466c6fd0f65e99a9f4de1e33c6b94c74ea392f19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e790c7ae987137a0a1327d7952dd4a65

SHA1
e1b6ba7373678321cb7f3ccb6301f984567196cb

SHA256
f0dd443d4721ce4a2c25f780b8ce70b776838b5918920b328a08b9560a89e8d8

SHA512
98fd534aa5ae116174fbabdb1bb6b98ae04bd2dc2129442ba44988c8f4f583e94ebdbdf05c5e7c2d22014aa402581d60ffc62fc1335e55f8807d76283d5b0324

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75a33bbff25da510286b404a760967cd

SHA1
a70a571b49cb7453120c1574b84a1bc7346cd106

SHA256
0fb9060bd9f1d4ce4b8596634bd5459165c9af3b70604b0cd743995b2357bd1c

SHA512
3a12accc1164c53e066bb2833a4e333ac8dca1c47c01d7082cfc792b0def32a2cbd17779d3bd11ad670bd62a6c51471ad2eff3c6870ad9a3d3cd00862d4a59d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f4d3a30f91ead6393341c3c4c5861dc

SHA1
232fbdfb0953c5337f8f563a95972226a94ff312

SHA256
ab43d6189a945e809e59cc05b1a0564ad955f360807afe06c3fb0bcb9c4235b9

SHA512
a23413d3c121ea71b017870038e81b406e36c65bba5e7ac58c9bbe9a1790d5150aca7502870b7a57881e3abf6c05be1f46b422d78433ad3c073e690ba6366d77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f494b1d86b878373aa675a5f14695b17

SHA1
297b65ef5951781f738558a551f569fbb94c65bb

SHA256
e061ee58c3d16789451a94d46d1a0e8427a66afd8c6c0a6cc0bf0de8287779c0

SHA512
16c1b02c839573eacd3cca85026d580249b9b02bce47105c84e852417c9e4342971adc4e6fa7da25b5a059b04c034705853e0385d2c0639abdd39d8650d7b463

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95b2716c67e68793d6738d7717b5a765

SHA1
5443d03aa52ecd2177b053613d2e58d5f59dbe7e

SHA256
4ee35493c61384b8121c04b94bde010b763b79ac0159514b8c2e0fed5795d6b1

SHA512
cbbc40620c108e55bc6eb1b609ceb6aa82476c7ceca6702450ae0206e39329f2b01674dbd260b98fa9b06275a7f4dc318a1ef4806ed855eaf29426ae450dfa88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72e4f8afd14ff91db31e9673c7882199

SHA1
9d8307e9d67ddbf34a02126319983be9b744200f

SHA256
568971e30aa5680ba63d9ae4b1974ae5256e7ac18644d30bb13d7f3846a1d530

SHA512
bf1e4579447b50da986a13ffed5f4c233817796465193148a0672c5cb63940a8709ffbe30c9e2a3d13f7162722a13325137208a7796a387b9f18f926e3141ccb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9451816\Assets\error_icon_72.png

Filesize
1KB

MD5
4aaf83d2b3fd56ad806708e60474df39

SHA1
144777a265879b69fadea3eb3ac6939458918578

SHA256
84e59d14d9433e6c3d92daeb8c443063b5e3be6c0b297f0403dbde473a05cb3f

SHA512
3b8485f054fe6ed2374bc81cb1786f09741219fbfcb22503707b11cf5db1ab262ba4349633597d5d9ddabc3415b170fa8eebc932f58d211d7092b8fb96fa1304

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9451816\Assets\exit_close.png

Filesize
670B

MD5
26eb04b9e0105a7b121ea9c6601bbf2a

SHA1
efc08370d90c8173df8d8c4b122d2bb64c07ccd8

SHA256
7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157

SHA512
9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9451816\Assets\link.png

Filesize
306B

MD5
ae2c73ee43d722c327c7fb6fdbee905c

SHA1
96f238bf53ac80f5b7a9ad6ef2531e8e3f274628

SHA256
28c0abc6bfe7a155815104883a37a53dd783d142300471064c95eddf3cae0eaf

SHA512
5a1e341f727cf1cb4832cced8e96c5a74971451629603c48bfb91ceb4561d0122ab9ae701f8b34681d5f13115a384467d430ccb8282494b40f4577ebc3ad825b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9451816\Assets\loader.png

Filesize
279B

MD5
03903fd42ed2ee3cb014f0f3b410bcb4

SHA1
762a95240607fe8a304867a46bc2d677f494f5c2

SHA256
076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1

SHA512
8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9451816\Assets\minimize_progress.png

Filesize
212B

MD5
1504b80f2a6f2d3fefc305da54a2a6c2

SHA1
432a9d89ebc2f693836d3c2f0743ea5d2077848d

SHA256
2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6

SHA512
675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9451816\BlueStacksInstaller.exe.config

Filesize
324B

MD5
1b456d88546e29f4f007cd0bf1025703

SHA1
e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

SHA256
d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

SHA512
c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9451816\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9451816\JSON.dll

Filesize
411KB

MD5
f5fd966e29f5c359f78cb61a571d1be4

SHA1
a55e7ed593b4bc7a77586da0f1223cfd9d51a233

SHA256
d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156

SHA512
d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9451816\Locales\i18n.en-US.txt

Filesize
19KB

MD5
206562eed57e938afe21fc6942fa8e59

SHA1
779e90fec866c0fd2f47da020651db71c89ec3dd

SHA256
27d611a71edf36307a7ed0651f6c5910292ac7e2b68074a7e33d306b3d93ec45

SHA512
275c3192a7aee28fad31beb521cf5e7c66010e7562ce244ba9fc4de352f35b4ab63180ed12a56ea0b1458c185e076e2d07ba6d8797467177d3c5b2ac14371b26

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC9451816\ThemeFile

Filesize
80KB

MD5
c3e6bab4f92ee40b9453821136878993

SHA1
94493a6b3dfb3135e5775b7d3be227659856fbc4

SHA256
de1a2e6b560e036da5ea6b042e29e81a5bfcf67dde89670c332fc5199e811ba6

SHA512
a64b6b06b3a0f3591892b60e59699682700f4018b898efe55d6bd5fb417965a55027671c58092d1eb7e21c2dbac42bc68dfb8c70468d98bed45a8cff0e945895

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1383.tmp

Filesize
67KB

MD5
2d3dcf90f6c99f47e7593ea250c9e749

SHA1
51be82be4a272669983313565b4940d4b1385237

SHA256
8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

SHA512
9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar13E7.tmp

Filesize
160KB

MD5
7186ad693b8ad9444401bd9bcd2217c2

SHA1
5c28ca10a650f6026b0df4737078fa4197f3bac1

SHA256
9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

SHA512
135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC9451816\BlueStacksInstaller.exe

Filesize
623KB

MD5
c8ec5e0af9329936df1fb6382f092687

SHA1
fc8a59149198e5acef2ca6a51f01d1e3ff0f50fe

SHA256
7b3fcbf635508cde1dd74e41b3914f5b85bdb8de1bcece745ac6a05ddfde63da

SHA512
1bd43948428d964b94befe7e2b9cd74e0cb5d6af76f5adb166323510b2f775ae479e781df104222197ac5e04e83e885cf6a5ec65c7bb3c5aebd45dead24439cf

Download Submit
memory/2896-121-0x000007FEF5983000-0x000007FEF5984000-memory.dmp

Filesize
4KB

Download
memory/2896-123-0x0000000000930000-0x00000000009CE000-memory.dmp

Filesize
632KB

Download
memory/2896-125-0x00000000004E0000-0x0000000000548000-memory.dmp

Filesize
416KB

Download
memory/2896-126-0x000007FEF5980000-0x000007FEF636C000-memory.dmp

Filesize
9.9MB

Download
memory/2896-180-0x0000000000340000-0x000000000034A000-memory.dmp

Filesize
40KB

Download
memory/2896-179-0x0000000000340000-0x000000000034A000-memory.dmp

Filesize
40KB

Download
memory/2896-703-0x000007FEF5983000-0x000007FEF5984000-memory.dmp

Filesize
4KB

Download
memory/2896-704-0x000007FEF5980000-0x000007FEF636C000-memory.dmp

Filesize
9.9MB

Download
memory/2896-705-0x0000000000340000-0x000000000034A000-memory.dmp

Filesize
40KB

Download