hxxps://amzrnisgojgtgsysdmkdli4t7esh3pxkhq4ckpvx4n4dttjm-ipfs-dweb-link[.]translate[.]goog/bull[.]htm?_x_tr_hp=bafybeielob&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp#dorothee[.]rueff@cogecomedia[.]com

General

Target

https://amzrnisgojgtgsysdmkdli4t7esh3pxkhq4ckpvx4n4dttjm-ipfs-dweb-link.translate.goog/bull.htm?_x_tr_hp=bafybeielob&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp#[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133238825484594340"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4984 chrome.exe
4984 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

4984 chrome.exe
4984 chrome.exe
4984 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4984 wrote to memory of 4080	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4080	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4448	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 1952	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 1952	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 676	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 676	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 676	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 676	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 676	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 676	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 676	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 676	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 676	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 676	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 676	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 676	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 676	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 676	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 676	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 676	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 676	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 676	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 676	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 676	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 676	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 676	4984	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://amzrnisgojgtgsysdmkdli4t7esh3pxkhq4ckpvx4n4dttjm-ipfs-dweb-link.translate.goog/bull.htm?_x_tr_hp=bafybeielob&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp#[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad18e9758,0x7ffad18e9768,0x7ffad18e9778
2⤵
PID:4080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1772,i,11016279831490622067,7752284026559987490,131072 /prefetch:2
2⤵
PID:4448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1772,i,11016279831490622067,7752284026559987490,131072 /prefetch:8
2⤵
PID:1952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1772,i,11016279831490622067,7752284026559987490,131072 /prefetch:8
2⤵
PID:676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3268 --field-trial-handle=1772,i,11016279831490622067,7752284026559987490,131072 /prefetch:1
2⤵
PID:1184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3252 --field-trial-handle=1772,i,11016279831490622067,7752284026559987490,131072 /prefetch:1
2⤵
PID:1956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5328 --field-trial-handle=1772,i,11016279831490622067,7752284026559987490,131072 /prefetch:1
2⤵
PID:4556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 --field-trial-handle=1772,i,11016279831490622067,7752284026559987490,131072 /prefetch:8
2⤵
PID:4952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=848 --field-trial-handle=1772,i,11016279831490622067,7752284026559987490,131072 /prefetch:8
2⤵
PID:1188

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1772

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
528B

MD5
156000d119310a587ee9e3c09fc2395a

SHA1
e818d15d5b98d1d58a7fedcbaadde1265a60f238

SHA256
6e7db3a82cc136bccaf61d80e8636ca9a7c85912527dcb28da04271b01d94c64

SHA512
ab80fdb43feae3f2d2b9f3c27878450940ba04a296048ae13a5343221670e2072a7bb93ebaa808fc0a255e3badf12e85defb52f2e77604614fbd0a727cd83f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
5838a9e3cd4f39d10d1f72c722366afa

SHA1
ddc4fa61d436d6610666ac1eafc15e287e6e1552

SHA256
5c5d9e0f9969e99fb90044c857e2a8ae62b548fec4353f236374336f8d1a59c1

SHA512
bd16e498ef4482d33efff36daff69dfc56c43d64766d7c113dae06a33cd14e529fa6b4a7b238777e4c2b86914e2fd19e42e1ce9a4d03d790863196d0675cadc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
55e330da24a3a09faa9b9c610076879d

SHA1
77e2ddb3d900371549b88516147f5161988be996

SHA256
1fa0d6b8cd1443b97a02be608689a5a613eaec53a5a0545c8f4d4dc58882f1b0

SHA512
77b606ed43a07d126c7301e4842db03c2a15163233e9321743881fb52e0e7f13eef538c650b90aaee4782d8185dbf190db8a57f1a27c1e7d87cff020cf002df2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
f7a510fe210f26b3ccaaf15d1497a312

SHA1
a0443057005cdd00f3c3dc83ef3cd8b5dfba1f49

SHA256
81c4da4c8c6a652876df46da5741064134937e7491499a3caffb4bb1edea490c

SHA512
cce932204ecbdabdfc2b6f6f36afcc4d432a4a42ed3747f5c679b165134b385b3df5eff44d6b097686eb59d892baa9663429185afbe6491604a4a7a441584594

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
6ac7852035cc56ce34404dfc6632d55a

SHA1
11d5d4c4b438e7e7edcc7fa0d769448edf31d4f7

SHA256
c654f6f0f142c9f916809dc60a8903697a8814eb3adb6d47901c04b7084f0914

SHA512
83ef42a8c2687bf7bed23eb5fcd177f5b744f68fb0d3b6cc75bd0e306cb989d7b7402cf2447170c7122f014bc1152db9a4e6a5a63f7a2d56d9ad49984d0fce46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
71KB

MD5
6a8f7f3ee818a6c03dfd16ddd46dfd17

SHA1
fd488e73173bd9eee8743c51ec88360ad5a8a3ad

SHA256
dcffce7a7bdea7e08c8e931e20cdb33cf391ad750c2b5262c0520805d0377b57

SHA512
a9940326afa3f7914da8cdfa0a0bda0ef285e83d8a3116b656bc7f51ce88ed989e440934cb1278fb11165141ead115da1c403303f4edef22d70af11c9f2cb102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
dbfa4bf8733b15dadd5a7873b3626ccf

SHA1
d0ae692e546411442bf46b125377654cbc8d225d

SHA256
4815781bffc8e113e047e5fcf91b4d97de5b7e75afbcd1183f6609f80328e9c6

SHA512
b0ca6c09d25e69e7d03ef22b5dae7a934b2e5eed2d89ceed740e5947f2d95a49e01a4900d3a23539b1cb15ea544f58ef236c7c5bf04eda2edeb86d6bbe89e117

Download Submit
\??\pipe\crashpad_4984_YQHRUXKTTHKUKBQP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads