hxxps://www[.]ablockofcrypto[.]com/email-action?type=broadcast&user_id=24209[.]6287ca2c8692f&email_send_id=646f25296ed21f3ffd6566d2&action=unsubscribed&token=null

Analysis

max time kernel
51s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2023 04:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.ablockofcrypto.com/email-action?type=broadcast&user_id=24209.6287ca2c8692f&email_send_id=646f25296ed21f3ffd6566d2&action=unsubscribed&token=null

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133295560280773150"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1416	chrome.exe
1416	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1416	chrome.exe
1416	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1416 wrote to memory of 1500	1416	chrome.exe	82
PID 1416 wrote to memory of 1500	1416	chrome.exe	82
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3312	1416	chrome.exe	83
PID 1416 wrote to memory of 3788	1416	chrome.exe	84
PID 1416 wrote to memory of 3788	1416	chrome.exe	84
PID 1416 wrote to memory of 3116	1416	chrome.exe	86
PID 1416 wrote to memory of 3116	1416	chrome.exe	86
PID 1416 wrote to memory of 3116	1416	chrome.exe	86
PID 1416 wrote to memory of 3116	1416	chrome.exe	86
PID 1416 wrote to memory of 3116	1416	chrome.exe	86
PID 1416 wrote to memory of 3116	1416	chrome.exe	86
PID 1416 wrote to memory of 3116	1416	chrome.exe	86
PID 1416 wrote to memory of 3116	1416	chrome.exe	86
PID 1416 wrote to memory of 3116	1416	chrome.exe	86
PID 1416 wrote to memory of 3116	1416	chrome.exe	86
PID 1416 wrote to memory of 3116	1416	chrome.exe	86
PID 1416 wrote to memory of 3116	1416	chrome.exe	86
PID 1416 wrote to memory of 3116	1416	chrome.exe	86
PID 1416 wrote to memory of 3116	1416	chrome.exe	86
PID 1416 wrote to memory of 3116	1416	chrome.exe	86
PID 1416 wrote to memory of 3116	1416	chrome.exe	86
PID 1416 wrote to memory of 3116	1416	chrome.exe	86
PID 1416 wrote to memory of 3116	1416	chrome.exe	86
PID 1416 wrote to memory of 3116	1416	chrome.exe	86
PID 1416 wrote to memory of 3116	1416	chrome.exe	86
PID 1416 wrote to memory of 3116	1416	chrome.exe	86
PID 1416 wrote to memory of 3116	1416	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.ablockofcrypto.com/email-action?type=broadcast&user_id=24209.6287ca2c8692f&email_send_id=646f25296ed21f3ffd6566d2&action=unsubscribed&token=null
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5dd79758,0x7fff5dd79768,0x7fff5dd79778
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1836,i,4702429082565423765,17396289528068226434,131072 /prefetch:2
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1836,i,4702429082565423765,17396289528068226434,131072 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1836,i,4702429082565423765,17396289528068226434,131072 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1836,i,4702429082565423765,17396289528068226434,131072 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3168 --field-trial-handle=1836,i,4702429082565423765,17396289528068226434,131072 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5268 --field-trial-handle=1836,i,4702429082565423765,17396289528068226434,131072 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 --field-trial-handle=1836,i,4702429082565423765,17396289528068226434,131072 /prefetch:8
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1836,i,4702429082565423765,17396289528068226434,131072 /prefetch:8
  2⤵
  PID:4940

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4628

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
d955dd8ceb907a8366f11649b048ef67

SHA1
ee75e9c8b93a479c9de077dddfa3ba257fcae5cf

SHA256
2ccb32f2c56ba2cd158f71af9c8382c2303d45352ad2909110d4e1588388c8c8

SHA512
57108e6f63839906a3d1f9ab329f84cbfbc80951e9065c4de9a4d0cc02fd9d41cb0e7ec4e88624c5a38de95c2ea58e0806e79749db37e733e514fe0486e9548d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9b769a6610235303e46e027ecdf48608

SHA1
47b4fa52e8a17ee936173b4f222c3895ad688453

SHA256
e1f442bcfc1fabc09315ad9c2aa10a3156fbe7a8c3735922c642fdb1f9a7b6fd

SHA512
5dd5df273a653e5117b7fdda47f987a67b0f2eed1c29012a8e9f0b3d574a9bc73e14d8235223f052dbda2c04f4b186f10a6e4e28a7ed08af746b118fe1b6041e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8aa8b1990fb3a67a6e96628445587caf

SHA1
9293e1902249a3b51a5a10e81691095ead2f812f

SHA256
aa4190c242df908b19c4a77bd366f71b3c01330dc5885c0bb283f46686debdf2

SHA512
493167d960cad6d64ddc0db3ef0f9fc5daebdb50df983f9f857a7a9a0a23fe35bebba17cc0780f58c940ac3e3dd43ea076a52e5e58fc883a7f8fe827dc36f9fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cceb0dd3de2c2c9443305a1ca84b7cc7

SHA1
5af0a795ab9a5091f70cc3fcd62a5ffcb4b0beac

SHA256
2cd3e52efe1a9ab1e91b7b5883755336f6479545468a1b272be025df167421b1

SHA512
98a32ac2f2a1642ff2f4a639ce29b237837920e68d239001f26134fdf9843e3aa30355b697a4cc38985be5b53aa6f8f47ada7e30ee41c2f5b4a77b7079a3fdf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b1ee333d68f6fe17fc52e0151d04dedc

SHA1
6f5dde69973806ca4ef1ee3b517de2f5ceb3c4aa

SHA256
6113b5a80b19bd4ee760012a327cf4f9f52b1ebc1c5e0ae085c72a594639398b

SHA512
d9b51bb8a3bfd413b9312c4b0f1fa8bacb878c3804f73afe02a3ec7bc9e6d5d2c5cb784d471389e209a2452f3ee7f53e67f40ff5b2b04668308bc0f53e30736c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7db5273bc75cfa882cd24714f458bca3

SHA1
66cf19bc7ff16b3089fe2afbf45e1b6d11b5ba90

SHA256
ad4dd7a62cfe5c2f6f2e084f64c0a584b9e3e7b80db0e6b7cf4fab0853698bbc

SHA512
ce69aae811f9c8f371543b5c1ee3fe922fb393a1975ed5822850eeb19fb567cd4f7fe21df0403dfcd0dddaf978369c27c8a824000eefcd4cfb8644ed8d7498b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5dded095cf092f99479f081e26bef923

SHA1
eefb88ecea351fbce07a65dc1ac20f4f53c5eaea

SHA256
f12c6a6c4fac317ab4da67c073b6c7d1252606ab3133c7ec23b7bd5023b855f0

SHA512
fc30f6888c545bc5d90580f9fb2ebc4f9a976123a4328b652353c87f98421e72464dfbaedd4fa33174511211698c59b6045475d4ca3cd6dd1ddae52e2bbc5f64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
cee6559986f1432f830a05bba083b8c9

SHA1
665a11a0e19679400d6bb32d28bae0d4ddd6381e

SHA256
d0b5fbefec148a7afb3a4be12e69b6b864109d0a11612c0c227412592cc5f38a

SHA512
40784fd4fd18a718c9de8b45e76df18ea2b6680c74948129cf4501f4fa11f8808bff13b21071ce7aa2f582bce42fadb9413ba0121cf2de3a7fc66f616a1278f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit