hxxps://bnc[.]lt/no-redirect?app_id=1152639359103553876

Analysis

max time kernel
1803s
max time network
1696s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2023, 15:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bnc.lt/no-redirect?app_id=1152639359103553876

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133232002579140105"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4052	chrome.exe
4052	chrome.exe
1152	chrome.exe
1152	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4052	chrome.exe
4052	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe
Token: SeShutdownPrivilege	4052	chrome.exe
Token: SeCreatePagefilePrivilege	4052	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe
4052	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4052 wrote to memory of 444	4052	chrome.exe	86
PID 4052 wrote to memory of 444	4052	chrome.exe	86
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 680	4052	chrome.exe	87
PID 4052 wrote to memory of 4520	4052	chrome.exe	88
PID 4052 wrote to memory of 4520	4052	chrome.exe	88
PID 4052 wrote to memory of 2024	4052	chrome.exe	89
PID 4052 wrote to memory of 2024	4052	chrome.exe	89
PID 4052 wrote to memory of 2024	4052	chrome.exe	89
PID 4052 wrote to memory of 2024	4052	chrome.exe	89
PID 4052 wrote to memory of 2024	4052	chrome.exe	89
PID 4052 wrote to memory of 2024	4052	chrome.exe	89
PID 4052 wrote to memory of 2024	4052	chrome.exe	89
PID 4052 wrote to memory of 2024	4052	chrome.exe	89
PID 4052 wrote to memory of 2024	4052	chrome.exe	89
PID 4052 wrote to memory of 2024	4052	chrome.exe	89
PID 4052 wrote to memory of 2024	4052	chrome.exe	89
PID 4052 wrote to memory of 2024	4052	chrome.exe	89
PID 4052 wrote to memory of 2024	4052	chrome.exe	89
PID 4052 wrote to memory of 2024	4052	chrome.exe	89
PID 4052 wrote to memory of 2024	4052	chrome.exe	89
PID 4052 wrote to memory of 2024	4052	chrome.exe	89
PID 4052 wrote to memory of 2024	4052	chrome.exe	89
PID 4052 wrote to memory of 2024	4052	chrome.exe	89
PID 4052 wrote to memory of 2024	4052	chrome.exe	89
PID 4052 wrote to memory of 2024	4052	chrome.exe	89
PID 4052 wrote to memory of 2024	4052	chrome.exe	89
PID 4052 wrote to memory of 2024	4052	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://bnc.lt/no-redirect?app_id=1152639359103553876
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb01689758,0x7ffb01689768,0x7ffb01689778
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1816,i,5855765448764207708,8155234892559480926,131072 /prefetch:2
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1816,i,5855765448764207708,8155234892559480926,131072 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1816,i,5855765448764207708,8155234892559480926,131072 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1816,i,5855765448764207708,8155234892559480926,131072 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1816,i,5855765448764207708,8155234892559480926,131072 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1816,i,5855765448764207708,8155234892559480926,131072 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3784 --field-trial-handle=1816,i,5855765448764207708,8155234892559480926,131072 /prefetch:8
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4712 --field-trial-handle=1816,i,5855765448764207708,8155234892559480926,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1152

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4708

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
613d57ce89849a839cdc9a995462c73e

SHA1
7eb6ee180163e69e1f36d54a148d671550326167

SHA256
b9d11a14440341626b170f606668367d7ac1760435c030abecb74d1ae1eee78d

SHA512
9b3383a1ef29b518ac65515912c082d12b0d0a1173bcd2d7cb06b1efb8d758bedd38c4ac9eb7ec3347121414c0926e7e36044b5706f101a123111f06030efb81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
1cfa73621fb9240af07eddb9bb3245ea

SHA1
90d7b729c67bb334e93cf987220bfa14667a95a2

SHA256
70493274555981934dc7d1813e955b579f03ed8cd0fc48e294062ebfa970cdc1

SHA512
e2f35703495c0c72a71322841be0d7e01c7f05a1056b980cfa76f85122b59881cb151602c68dd984c7177e12d347ffdfdf8ecfeb8aabbd4e9b3073edc81d3198

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
8d15349ce0cc469421defec14e2a4734

SHA1
a0f07bc79898fdcc6c6f58a9e47de5a4320d8c6d

SHA256
3d4defcaf1c6b06558ed743ae165297f224b47076464ad66daf1a173b249d2e1

SHA512
125449fb0e7bf29d8d45eae1740b74998bdf1ce798c97353fcd031e7a0debc7ffbb3830d0246ded45b1bfeb49c98911e203f5e7d0860a3058c426573d362047a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
49a0996402e62d5cefd5318c57e3a99d

SHA1
cb583edbe7a722ae72b0ffd175efba148629846f

SHA256
8aabf9072919561aed187672d0e056934fed43fb35360fa58ffe3b540b6993d3

SHA512
e8ea2f73c428f7035a0d7fd50b9e87fad9f5389effb1b2b06ea3d46e2cd376aea6d95bdb0ca499f138e833075744d8af3fe928aeb31460c813a10bc6e9c04fe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fef5a647-ffe6-42b0-83e7-71901d9834e2.tmp

Filesize
4KB

MD5
bdb67fb1a5b3d920804945b4fcf2094d

SHA1
5efe0385f529d4c881395b97d8f91d6dcd5b6340

SHA256
25720f0aadf5121d98d665c04bca7a1878dc2d1c11b62603b71680e15e895e90

SHA512
7f998414ceecaaeeabbbc066763d8ea42279256ceec4e16d1eb2143789b4fd04ba7a18d45c7357be153d0139b1ab39ab166a43c680fa479812e4bb036fd3213d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
cbb1757ed624fd2e221cfea26e53464d

SHA1
58b1b728d89608b7fc9aff7e6c222f12cc87d712

SHA256
f95857e7d2efeaebf7c29452da2279136e22c9116fe82511ca98e74d000059cb

SHA512
f08f508a6e583da55cb5c2b540f20d16591d9848926d52ac9ae018ab0feaba6e70c023e5a7d0cdad851279e977c3b9e3aa9ce45674a3a94dfbd7d45e4d078f17

Download Submit