hxxp://bk[.]gt

Analysis

max time kernel
26s
max time network
29s
platform
windows10-2004_x64
resource
win10v2004-20230703-es
resource tags

arch:x64arch:x86image:win10v2004-20230703-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
28/08/2023, 17:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://bk.gt

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133377159027051608"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of AdjustPrivilegeToken 50 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 5040	2584	chrome.exe	63
PID 2584 wrote to memory of 5040	2584	chrome.exe	63
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2212	2584	chrome.exe	84
PID 2584 wrote to memory of 2900	2584	chrome.exe	85
PID 2584 wrote to memory of 2900	2584	chrome.exe	85
PID 2584 wrote to memory of 4844	2584	chrome.exe	86
PID 2584 wrote to memory of 4844	2584	chrome.exe	86
PID 2584 wrote to memory of 4844	2584	chrome.exe	86
PID 2584 wrote to memory of 4844	2584	chrome.exe	86
PID 2584 wrote to memory of 4844	2584	chrome.exe	86
PID 2584 wrote to memory of 4844	2584	chrome.exe	86
PID 2584 wrote to memory of 4844	2584	chrome.exe	86
PID 2584 wrote to memory of 4844	2584	chrome.exe	86
PID 2584 wrote to memory of 4844	2584	chrome.exe	86
PID 2584 wrote to memory of 4844	2584	chrome.exe	86
PID 2584 wrote to memory of 4844	2584	chrome.exe	86
PID 2584 wrote to memory of 4844	2584	chrome.exe	86
PID 2584 wrote to memory of 4844	2584	chrome.exe	86
PID 2584 wrote to memory of 4844	2584	chrome.exe	86
PID 2584 wrote to memory of 4844	2584	chrome.exe	86
PID 2584 wrote to memory of 4844	2584	chrome.exe	86
PID 2584 wrote to memory of 4844	2584	chrome.exe	86
PID 2584 wrote to memory of 4844	2584	chrome.exe	86
PID 2584 wrote to memory of 4844	2584	chrome.exe	86
PID 2584 wrote to memory of 4844	2584	chrome.exe	86
PID 2584 wrote to memory of 4844	2584	chrome.exe	86
PID 2584 wrote to memory of 4844	2584	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://bk.gt
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb4e3c9758,0x7ffb4e3c9768,0x7ffb4e3c9778
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1900,i,14860951116082573030,5874898024155868564,131072 /prefetch:2
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1900,i,14860951116082573030,5874898024155868564,131072 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1900,i,14860951116082573030,5874898024155868564,131072 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1900,i,14860951116082573030,5874898024155868564,131072 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1900,i,14860951116082573030,5874898024155868564,131072 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4636 --field-trial-handle=1900,i,14860951116082573030,5874898024155868564,131072 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 --field-trial-handle=1900,i,14860951116082573030,5874898024155868564,131072 /prefetch:8
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 --field-trial-handle=1900,i,14860951116082573030,5874898024155868564,131072 /prefetch:8
  2⤵
  PID:3048

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
ee7208546276dc465186d241dec575a5

SHA1
ddc45ab8a6b1927c6039c3f346bc495b24815af8

SHA256
8b4e56229b5e2edb7923d3568cb264e24ad721fb118d9cd1d4b2251390e24723

SHA512
2f20e8a7a39b18a2dbeff1f7b7c6fef9c2b7d1fa6ccf7ed7d5008c4e51ce228158c5379dac1f6b9845b152d2fa4de712a4942058a36e705de23f73739703e778

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e8abba93cc4cdceb1dfc78b3470435f1

SHA1
337d4ffd8b3d0aedffe12f8cb3e796feb7e4eff6

SHA256
db1605c42d3ed74bf41f7c8a4a2b5f0c0165cd1385e5fa8379fe0fdfa73dd933

SHA512
4daecc7f771dd077bb6eb81ce8879aa75763289534accbcdc288feaf4b2697dbc7efebbab73986b1f147db87d8c04ebf99bd5b76ad916bb9740111c53b65023c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
790c9c48779b86855952cef6c3a9a3b1

SHA1
7c6682aa0161f3c377ff36edcffabe7a04da1afe

SHA256
28b5127dc4d313e17d238c29745d2e8d0b89db40b5d284ba62fe8bcabb6fd1f4

SHA512
45e71d8f59cb96ba08d18b46fa0dd9a8eb5e33a16093fea08dae8fbc3c31d40b85b804fd79af65b758a64fe5d9cf74e8bd086aba74a8236e89debabaecdfb422

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ae559cbd5871e3968ca99ebb3a09f2db

SHA1
77feca4ff7efbd46c1785bb465b0d9f8f2b851ce

SHA256
f3fb6f7e797ee14153ded09e4c06d3afd50681f01820e0d6628483c50180e741

SHA512
80e47896154a679363b6c483258ef3c1448f2329e07e2437764b90478b67155f3624281eb1697d48930163bbf9ed19a53d2416acf3c4a71522507999e9840d37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
c1d55c7a51448cafd35f0b3daa883007

SHA1
ae4e3be8b093633dacc92fe0a75cf69274a980ca

SHA256
f72f54c1947c9091ac039e42ce30235757f9b0111e4a6810e7e737c1cdfe0740

SHA512
f8fbc6017bbfd30480bd4f82db9cf75c9935881944d4125c80b38c54bf898bef2bc7e4b4dfed727a8a70e62ceb09c64c6122df1817ec28f6325d6f28475337ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit