Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://www.bluestac...

windows10-2004-x64

1

Resubmissions

15-06-2024 19:46

240615-yhfc9ssfpd 8

15-06-2024 19:45

240615-ygc7hssfna 1

15-06-2024 19:34

240615-yah47awfnn 1

Analysis

  • max time kernel
    51s
  • max time network
    53s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-06-2024 19:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.bluestacks.com/bluestacks-5.html?utm_source=Google&utm_medium=CPC&utm_campaign=aw-ded-tier1-eng-bluestacks5-industry&utm_source=google&utm_campaign=12328978978&utm_medium=ad&utm_content=523252340576&utm_term=android%20emulator%20pc&gad_source=1&gclid=Cj0KCQjw97SzBhDaARIsAFHXUWDOKGW_cOlZ_XZq9fzI4hMm-b16naSqCAuMiM0u0c15opZ2YQB6f-QaAq_hEALw_wcB

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.bluestacks.com/bluestacks-5.html?utm_source=Google&utm_medium=CPC&utm_campaign=aw-ded-tier1-eng-bluestacks5-industry&utm_source=google&utm_campaign=12328978978&utm_medium=ad&utm_content=523252340576&utm_term=android%20emulator%20pc&gad_source=1&gclid=Cj0KCQjw97SzBhDaARIsAFHXUWDOKGW_cOlZ_XZq9fzI4hMm-b16naSqCAuMiM0u0c15opZ2YQB6f-QaAq_hEALw_wcB"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1232
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.bluestacks.com/bluestacks-5.html?utm_source=Google&utm_medium=CPC&utm_campaign=aw-ded-tier1-eng-bluestacks5-industry&utm_source=google&utm_campaign=12328978978&utm_medium=ad&utm_content=523252340576&utm_term=android%20emulator%20pc&gad_source=1&gclid=Cj0KCQjw97SzBhDaARIsAFHXUWDOKGW_cOlZ_XZq9fzI4hMm-b16naSqCAuMiM0u0c15opZ2YQB6f-QaAq_hEALw_wcB
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2540
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.0.267607303\940543465" -parentBuildID 20230214051806 -prefsHandle 1752 -prefMapHandle 1744 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e14ff4b6-a1ac-49c5-a531-f615583fa11f} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 1844 2615c9f5458 gpu
        3⤵
          PID:3176
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.1.875998912\832831778" -parentBuildID 20230214051806 -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da0bdaab-70c0-482f-9711-765efbdd2694} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 2428 26150c95e58 socket
          3⤵
          • Checks processor information in registry
          PID:2120
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.2.1529985524\1585585889" -childID 1 -isForBrowser -prefsHandle 2980 -prefMapHandle 2976 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db66f1b4-fd9b-4157-8ae0-fcf6eabf5c8d} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 2992 26160918b58 tab
          3⤵
            PID:4192
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.3.1596180478\89685868" -childID 2 -isForBrowser -prefsHandle 3392 -prefMapHandle 3388 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe1dc6c9-a834-4726-b308-2310c3dd8b24} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 3364 26150c86858 tab
            3⤵
              PID:4520
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.4.432639929\1284452254" -childID 3 -isForBrowser -prefsHandle 5028 -prefMapHandle 5016 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ef0d40b-8408-4c79-8fc4-0eb459a61ccb} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 5008 26163db3c58 tab
              3⤵
                PID:5048
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.5.983452572\1024680707" -childID 4 -isForBrowser -prefsHandle 5164 -prefMapHandle 5168 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49f672b6-0843-40d7-a731-392dfb08300a} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 5152 26163db4558 tab
                3⤵
                  PID:3088
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.6.1142105898\1301276334" -childID 5 -isForBrowser -prefsHandle 5204 -prefMapHandle 5212 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97e4cdfe-2958-4934-b252-01e22e4b6227} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 5192 2616454d558 tab
                  3⤵
                    PID:4164
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2540.7.2103201811\2026772077" -childID 6 -isForBrowser -prefsHandle 3076 -prefMapHandle 3092 -prefsLen 27771 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f924560c-27d9-4889-9dd9-2da5069560c8} 2540 "\\.\pipe\gecko-crash-server-pipe.2540" 3068 26150c85858 tab
                    3⤵
                      PID:1816

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  24KB

                  MD5

                  620864efb22d35ffa30f856d935dc235

                  SHA1

                  9732ca44c0a365e6c5418bc1d1c0b273651ef8bd

                  SHA256

                  85e0b4420d43b737bfdd042219545ed9e98a03dc1c8ee0f3ae799d3b2603ea4e

                  SHA512

                  3869104566c8f13a0e3ab7d09a2298e41272248e0f89aeedc2e29db508592b1f0c119e94f877f8022cecf00ebf5df46239069f718917607f0830a6eeb2a1ad94

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  1097679bf8a88cf2d853a8ba429161e6

                  SHA1

                  c7d98e37289bebb5f57079cf5aa7204d2732d4f8

                  SHA256

                  04969e4a27c525edbabbaa8245a5ace9748dabf14c6dd879ee4eeb86cf73cb62

                  SHA512

                  220a3275ac8889be5ef4bcc61536c41e3bd2b26e8f257912841318003deccdedc25bcff18635b0beb4cb5cd2dcf687b9f2bd5e9b1b3bd65ce7befa616bda1ab5

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  f90522ffe8ab34107f88133bff993f22

                  SHA1

                  186ffb356071dccf80c69987bbe0e26da50116e0

                  SHA256

                  e572f1e5b196370c5c210b471bff88cf19954bfa7d2e4b9013075c4c1c4f64ac

                  SHA512

                  23cdf627e283a16c09426318f71735533f30dd24305940592199f9f36d8d0bcb54479f30f1bee28e4e3a991741516916afd0e3a6ada7aea63e313e856a2228dc

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionCheckpoints.json
                  Filesize

                  259B

                  MD5

                  e6c20f53d6714067f2b49d0e9ba8030e

                  SHA1

                  f516dc1084cdd8302b3e7f7167b905e603b6f04f

                  SHA256

                  50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

                  SHA512

                  462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  3e154168754a9e627d57e8f66f61b40e

                  SHA1

                  3107f4b58a35d7ff8f6d6f07adf68957ae9735d1

                  SHA256

                  802b8efd51760122cb026191a6b408d09e05d73c89a12a5899c28e259ccfeeab

                  SHA512

                  5ab5ed2b08e63387e945c8560c6b56d6cfc3d8d032f0d727c915edf4d7e4d7f324344897d43e68844eea8c0082b375b7b78694087802d1f60e626e034583971d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore.jsonlz4
                  Filesize

                  937B

                  MD5

                  b5d9a2e2eac19a27e3499d253f0aa3b4

                  SHA1

                  7e543a8314f434921c5021bcffc5dce966ed9db5

                  SHA256

                  d8afc2e9cb378c380d29a45b462e65e41ce057d975758d45e2ad825aa2663a82

                  SHA512

                  741c6dc0d414eb0163e74f60a76830de818edfe5f6be7398ed73398626698585c4cb1e9ad8b0f86f90d991bde793a1199c983e12b31df82ca1c1980d0a661e27

                  Download Submit