Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
03/09/2024, 22:41
240903-2mjg9szhkh 103/09/2024, 22:36
240903-2h7djaygmp 303/09/2024, 19:45
240903-ygjdjawerd 303/09/2024, 19:41
240903-yd6dwsweld 503/09/2024, 17:36
240903-v6kfcasbpq 511/08/2024, 17:42
240811-v988wazdrj 511/08/2024, 17:24
240811-vytn2stdrc 528/07/2024, 18:08
240728-wrcbvszhqh 8Analysis
-
max time kernel
58s -
max time network
55s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-es -
resource tags
arch:x64arch:x86image:win10v2004-20240802-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
03/09/2024, 19:45
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.bluestacks.com/es/index.html
Resource
win10v2004-20240802-es
windows10-2004-x64
9 signatures
150 seconds
Behavioral task
behavioral2
Sample
https://www.bluestacks.com/es/index.html
Resource
android-x64-20240624-es
android-10-x64
2 signatures
150 seconds
General
-
Target
https://www.bluestacks.com/es/index.html
Score
3/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133698663760864684" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3620 chrome.exe 3620 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3620 chrome.exe 3620 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe Token: SeShutdownPrivilege 3620 chrome.exe Token: SeCreatePagefilePrivilege 3620 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe 3620 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3620 wrote to memory of 1440 3620 chrome.exe 83 PID 3620 wrote to memory of 1440 3620 chrome.exe 83 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 1720 3620 chrome.exe 84 PID 3620 wrote to memory of 492 3620 chrome.exe 85 PID 3620 wrote to memory of 492 3620 chrome.exe 85 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86 PID 3620 wrote to memory of 744 3620 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.bluestacks.com/es/index.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3620 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd6d5bcc40,0x7ffd6d5bcc4c,0x7ffd6d5bcc582⤵PID:1440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2108,i,5538753804135212109,7155796750040351870,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:1720
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1764,i,5538753804135212109,7155796750040351870,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2488 /prefetch:32⤵PID:492
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,5538753804135212109,7155796750040351870,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2576 /prefetch:82⤵PID:744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,5538753804135212109,7155796750040351870,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:12⤵PID:2160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,5538753804135212109,7155796750040351870,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:2368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4580,i,5538753804135212109,7155796750040351870,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4736 /prefetch:82⤵PID:1204
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:2972
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:2080
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD56bb9fa1e93907e57dd3d5363caf5f9cd
SHA1f37dc23517598b5af239b68bd4fee5a48217cf40
SHA256631afdf179abcf767d0843f026493fe13baa6259299b52dacd29ae1769b295d4
SHA5121e28b59a3768fbe3b7fcdce2c4fca113cd4ad9c201afe0795e5b48f6d25983319f53d878c345a9b37a6949ad6a5f4c5e7474968f53e9311ec61614d9f71c21ec
-
Filesize
432B
MD58f0bbb08753ba471ce77079a7ced3775
SHA1dc0332af5f7d1fec61e417435b8df7ec0b5b822b
SHA256b7dcf1734cbba97d47cc8b619f91aee1837109f9220b3b1d9f38ce2396cf0164
SHA512108dc1626ad37937554565afc19a946b25401ce3dd829a5936f25f12af943fb6d0c4ac3a6adff5d3645d44f7c2bbccb87fe2a7c1ade27183dbfb1557ec607b61
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
858B
MD592ef750a92a0e45f026d127c933ace65
SHA1a3e036c9a044be91d23bc75efcb59c3f64a97b45
SHA2566c7a5ef703fdc2fda9a31f4b3e9fc492f3bb28a9fa5a1b5314a1076bcdb012c0
SHA51206c392e4342ac49db09cf4f54616ff4e3e3f357fd47a6e764d64c70add440e8746eb9efee5dcf0122b80677340789858196d055821899119515886d178c5aaee
-
Filesize
9KB
MD5a37c7b0795cb597bb487a426c6716b20
SHA16a6c888e2a66cfca76cf426f323dbbd3d18fe1d7
SHA25630fb16bbd2578a8afe764eec3fd18ad54d91e089fd68fc188be71eca7ebee244
SHA5122ff579431d9dfce8b0849c61cc9ab81e63670a2018967687ef663d94d8c7e0f276f74a744a30869b3bcf4148545ec719c3d038c92e8429e997de604cb765bb30
-
Filesize
9KB
MD51cc620235fab918fae869b9572dc529f
SHA16d45059d7db0678a9766fb260bad5709c2b89849
SHA25683a8e3944734034ee26b865decbd1d776f9bb0b2140801c27bcf61a1ba455b0b
SHA51295cff03c083aca76ba85614144d1e00238c05dd46a874da194d47a6849483159fc969e718e791083107afa4a6d1550efb68ba27053d77a71fe6f0cb9f5c1e4c5
-
Filesize
99KB
MD5cb0af21160d431e7bdb9f6e2207660aa
SHA1515c7fb8c8e5805a58b93cd07d9db4928dc992cb
SHA256bb2931f209c32f4446b11709f5e591cb3f87c74f7d4896cd0463dd045dc513ba
SHA5129f9cfe5f047942c0eaa94b3dd8e9d6767c104847144a08a9363ed4caac7d02bf1e51bbc013b915af43159673e2c20458c11b8d5c869b8e6f5d4cabe09fb9d194
-
Filesize
99KB
MD55c588b38f8516034f8f75619b2e32f25
SHA1511fff3d0b0aeed53aedb28ef9da968993513e22
SHA256908538e6c3dbe581b972a19caf90d6c553d1c786cfc0ac000304c19afc238e27
SHA512c8b561c0b71285fd069c8e946e9cbb8cdeb30f8ecf6bab914a3546429b031235617a696e04ef14bbfa030729c85652c4ded2c230489c25f4693c070779edd7a3