hxxps://bitly2s[.]com/nb12v3

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2023, 12:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bitly2s.com/nb12v3

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133368346235620821"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4388	chrome.exe
4388	chrome.exe
2104	chrome.exe
2104	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4388 wrote to memory of 3760	4388	chrome.exe	82
PID 4388 wrote to memory of 3760	4388	chrome.exe	82
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 1396	4388	chrome.exe	84
PID 4388 wrote to memory of 4392	4388	chrome.exe	85
PID 4388 wrote to memory of 4392	4388	chrome.exe	85
PID 4388 wrote to memory of 4512	4388	chrome.exe	86
PID 4388 wrote to memory of 4512	4388	chrome.exe	86
PID 4388 wrote to memory of 4512	4388	chrome.exe	86
PID 4388 wrote to memory of 4512	4388	chrome.exe	86
PID 4388 wrote to memory of 4512	4388	chrome.exe	86
PID 4388 wrote to memory of 4512	4388	chrome.exe	86
PID 4388 wrote to memory of 4512	4388	chrome.exe	86
PID 4388 wrote to memory of 4512	4388	chrome.exe	86
PID 4388 wrote to memory of 4512	4388	chrome.exe	86
PID 4388 wrote to memory of 4512	4388	chrome.exe	86
PID 4388 wrote to memory of 4512	4388	chrome.exe	86
PID 4388 wrote to memory of 4512	4388	chrome.exe	86
PID 4388 wrote to memory of 4512	4388	chrome.exe	86
PID 4388 wrote to memory of 4512	4388	chrome.exe	86
PID 4388 wrote to memory of 4512	4388	chrome.exe	86
PID 4388 wrote to memory of 4512	4388	chrome.exe	86
PID 4388 wrote to memory of 4512	4388	chrome.exe	86
PID 4388 wrote to memory of 4512	4388	chrome.exe	86
PID 4388 wrote to memory of 4512	4388	chrome.exe	86
PID 4388 wrote to memory of 4512	4388	chrome.exe	86
PID 4388 wrote to memory of 4512	4388	chrome.exe	86
PID 4388 wrote to memory of 4512	4388	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bitly2s.com/nb12v3
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff42ca9758,0x7fff42ca9768,0x7fff42ca9778
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1860,i,14499737286249695477,13436513840126052009,131072 /prefetch:2
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1860,i,14499737286249695477,13436513840126052009,131072 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1860,i,14499737286249695477,13436513840126052009,131072 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1860,i,14499737286249695477,13436513840126052009,131072 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1860,i,14499737286249695477,13436513840126052009,131072 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4040 --field-trial-handle=1860,i,14499737286249695477,13436513840126052009,131072 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3120 --field-trial-handle=1860,i,14499737286249695477,13436513840126052009,131072 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1860,i,14499737286249695477,13436513840126052009,131072 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1860,i,14499737286249695477,13436513840126052009,131072 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4064 --field-trial-handle=1860,i,14499737286249695477,13436513840126052009,131072 /prefetch:1
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=1860,i,14499737286249695477,13436513840126052009,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2104

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fdbf3a8c0c3340fbe81f61273e7f9ea1

SHA1
c8f4af2b3c972847f5881ed5dd483bc05b8968d8

SHA256
861cef99ff59a2d32d7b8ef9cee1bed488fcbcd1490d54ad94e54c100e578422

SHA512
1ff10988e3ec467575821cc21290e6e6bfc5932e71cfe50b6b02b99bd14c97a8652d24c50f004d7992619d916e6a8fd934115158f30032a280eaf268e2e630b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0f6960c9d8995d56f92355c01374ceb5

SHA1
b370c5856c79d92b4235911ac9d9e98eb926bf1b

SHA256
a071299504e2d88a76e782c7e4800e028c21669631c546294a3ea944abca0ad3

SHA512
a38e668fa1f45e3adcc16e8845d12df0cfdc07f12ad46410a244cfbc0b8f5d3487f6695aa47c4c2eb38c784d2f097306392c9b165da3ce184dbf91e288b805ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
147bc9fa69c68aff9566ad76c0471d03

SHA1
0820395fcb866f84b301385166631880ff921978

SHA256
b624af003f7a93d4d224a1b1a20bfda36f7fb7cf4fd6b3a3c2523fe981bf381f

SHA512
9b3500790aa856e184695d81a82b6f7fe1a61e853080ec45a4ff255be10152df04ef15901614dd187b4d800953f76deff3918d366ee8af3467dee7fd26d323c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
54e2a63c620bd740847d8a8123f5cde9

SHA1
bc5ca1b495c69188bbaa0396585e162cb59cdc82

SHA256
270a8711698f580525c480d40cf1841070b632ca192f74febc3c7524866673a0

SHA512
40ccb8cc4bb69cb5623769d44a759508dcdce818bddaf20ded90c5a70557d0ecfdab328b19d9ccd41ef632309b19efbccb81da49fd0b915ae72649854fbada17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
6a7fc536f75340e4ab578a27b1745130

SHA1
f0996197ba530ba1282589f221fa02674d3cde2c

SHA256
84966c287948ab6af3b26d4009635f09e7e40f444e2e8db5feeb8fb677cfe061

SHA512
94012246fd1d68b1938f06e9bd61c2605ec449fea547243b5d9795dc7ad72e56836a5a5f6f38c78d055717feda24dbe5961529ed02c9059bbcbabe4ba22b0c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit