hxxp://www[.]bluedart[.]com

Analysis

max time kernel
600s
max time network
587s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2023, 17:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.bluedart.com

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133367665096875861"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe
4972	chrome.exe
4972	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4444 wrote to memory of 1612	4444	chrome.exe	82
PID 4444 wrote to memory of 1612	4444	chrome.exe	82
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 4168	4444	chrome.exe	86
PID 4444 wrote to memory of 3360	4444	chrome.exe	84
PID 4444 wrote to memory of 3360	4444	chrome.exe	84
PID 4444 wrote to memory of 1632	4444	chrome.exe	85
PID 4444 wrote to memory of 1632	4444	chrome.exe	85
PID 4444 wrote to memory of 1632	4444	chrome.exe	85
PID 4444 wrote to memory of 1632	4444	chrome.exe	85
PID 4444 wrote to memory of 1632	4444	chrome.exe	85
PID 4444 wrote to memory of 1632	4444	chrome.exe	85
PID 4444 wrote to memory of 1632	4444	chrome.exe	85
PID 4444 wrote to memory of 1632	4444	chrome.exe	85
PID 4444 wrote to memory of 1632	4444	chrome.exe	85
PID 4444 wrote to memory of 1632	4444	chrome.exe	85
PID 4444 wrote to memory of 1632	4444	chrome.exe	85
PID 4444 wrote to memory of 1632	4444	chrome.exe	85
PID 4444 wrote to memory of 1632	4444	chrome.exe	85
PID 4444 wrote to memory of 1632	4444	chrome.exe	85
PID 4444 wrote to memory of 1632	4444	chrome.exe	85
PID 4444 wrote to memory of 1632	4444	chrome.exe	85
PID 4444 wrote to memory of 1632	4444	chrome.exe	85
PID 4444 wrote to memory of 1632	4444	chrome.exe	85
PID 4444 wrote to memory of 1632	4444	chrome.exe	85
PID 4444 wrote to memory of 1632	4444	chrome.exe	85
PID 4444 wrote to memory of 1632	4444	chrome.exe	85
PID 4444 wrote to memory of 1632	4444	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.bluedart.com
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff8233d9758,0x7ff8233d9768,0x7ff8233d9778
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1864,i,2002299064867832988,14590383511310905023,131072 /prefetch:8
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1864,i,2002299064867832988,14590383511310905023,131072 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1864,i,2002299064867832988,14590383511310905023,131072 /prefetch:2
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1864,i,2002299064867832988,14590383511310905023,131072 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1864,i,2002299064867832988,14590383511310905023,131072 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1864,i,2002299064867832988,14590383511310905023,131072 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1864,i,2002299064867832988,14590383511310905023,131072 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5160 --field-trial-handle=1864,i,2002299064867832988,14590383511310905023,131072 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4964 --field-trial-handle=1864,i,2002299064867832988,14590383511310905023,131072 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4000 --field-trial-handle=1864,i,2002299064867832988,14590383511310905023,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3292 --field-trial-handle=1864,i,2002299064867832988,14590383511310905023,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=748 --field-trial-handle=1864,i,2002299064867832988,14590383511310905023,131072 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3776 --field-trial-handle=1864,i,2002299064867832988,14590383511310905023,131072 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3828 --field-trial-handle=1864,i,2002299064867832988,14590383511310905023,131072 /prefetch:1
  2⤵
  PID:4036

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
824B

MD5
cef065750db881cfb4432365f6ce87c2

SHA1
6c87015aa2596f4a959bea9cb3d227c378b80da8

SHA256
4c3e8e46dc365e5a43fc912febc191f885a60cc31e5245699efab4aff5b467b3

SHA512
7f4a1cb9ca30d03d96f93f3f4dc80f90619f71891e2c197b29297c32c90f6aae945736b978a35beedf6b467696e46a19293feda0db8d6cd69168a6cb037ae0f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d0917949fa1ee6373fea436e6fb661ca

SHA1
e3b41fd5bfd0eba25521ec61849dead19f15ce75

SHA256
dfc9534338869a5c3c1c677f2c7e86843100d1c78e2408e0c59c2e795dc5344c

SHA512
e873783d0aa02cc514cccc903d41d1ef20915ad869265cdcc82957a65606ec51da88b0fbc0381a35edc164d80207a87f19b600159d7c02f2142975e67e4c3d4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6f99aeeb0acb37c48fae38f2131aee8d

SHA1
f3d10df089bdf900265e779aef44879cd6eb7385

SHA256
dbf3e75cc2419c2daba22e47f1361b808fad5ca7f388113cf57627b29d5cb233

SHA512
a7febbffab581ea7b009ed8de2a11df722942fc3ea9c4792eaba7e20a965c63a2aa563e7921d41807b7d117481ab36cc15a438a1877b396863b0b17c01a21dbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
66990795ff6103348b575f1c44a61e3c

SHA1
9c038d74ccb93961ff654d101febd2ffcb874073

SHA256
358e7e88c6d6172034793f264229d724ef6c8dec49d96c8d1a9d257fe8a64b10

SHA512
17f7b8e7e8b8fd41ce8ce88093dd3cd88d46f01b9ae96d9b7f687e4a61f242cccc8380ca5c55155ccd1a7150542dafd4b9e517eead924be0f2ee9fc5076a3e63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit