hxxps://en[.]m[.]wikipedia[.]org/wiki/Len_Blavatnik

Analysis

max time kernel
120s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2023, 06:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://en.m.wikipedia.org/wiki/Len_Blavatnik

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133397520074344899"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
948	chrome.exe
948	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
948	chrome.exe
948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 4452	948	chrome.exe	70
PID 948 wrote to memory of 4452	948	chrome.exe	70
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4584	948	chrome.exe	87
PID 948 wrote to memory of 4576	948	chrome.exe	88
PID 948 wrote to memory of 4576	948	chrome.exe	88
PID 948 wrote to memory of 3896	948	chrome.exe	89
PID 948 wrote to memory of 3896	948	chrome.exe	89
PID 948 wrote to memory of 3896	948	chrome.exe	89
PID 948 wrote to memory of 3896	948	chrome.exe	89
PID 948 wrote to memory of 3896	948	chrome.exe	89
PID 948 wrote to memory of 3896	948	chrome.exe	89
PID 948 wrote to memory of 3896	948	chrome.exe	89
PID 948 wrote to memory of 3896	948	chrome.exe	89
PID 948 wrote to memory of 3896	948	chrome.exe	89
PID 948 wrote to memory of 3896	948	chrome.exe	89
PID 948 wrote to memory of 3896	948	chrome.exe	89
PID 948 wrote to memory of 3896	948	chrome.exe	89
PID 948 wrote to memory of 3896	948	chrome.exe	89
PID 948 wrote to memory of 3896	948	chrome.exe	89
PID 948 wrote to memory of 3896	948	chrome.exe	89
PID 948 wrote to memory of 3896	948	chrome.exe	89
PID 948 wrote to memory of 3896	948	chrome.exe	89
PID 948 wrote to memory of 3896	948	chrome.exe	89
PID 948 wrote to memory of 3896	948	chrome.exe	89
PID 948 wrote to memory of 3896	948	chrome.exe	89
PID 948 wrote to memory of 3896	948	chrome.exe	89
PID 948 wrote to memory of 3896	948	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://en.m.wikipedia.org/wiki/Len_Blavatnik
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffe8fa29758,0x7ffe8fa29768,0x7ffe8fa29778
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1916,i,11233750077177657269,2463530885871729474,131072 /prefetch:2
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1916,i,11233750077177657269,2463530885871729474,131072 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2280 --field-trial-handle=1916,i,11233750077177657269,2463530885871729474,131072 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1916,i,11233750077177657269,2463530885871729474,131072 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1916,i,11233750077177657269,2463530885871729474,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1916,i,11233750077177657269,2463530885871729474,131072 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1916,i,11233750077177657269,2463530885871729474,131072 /prefetch:8
  2⤵
  PID:4004

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
1fe9166e48177e51e931d7a1ba114f65

SHA1
aec809eac9142e35e3e0fe2c35c5ed770101681d

SHA256
0a91569c5e3b1f460daf9189d3c91843a393a0cb50ed05badb32df450f116101

SHA512
d4f89fd406f23dc02681cdeb4dda3ea9b861cf621f1e1272e44e061f9a6d1a6e33c39badd9671e9d975b3153685c5276c5591036e44ea1e4b1ee6b3bb599219c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
59bdb8d12c326e623dd3bf52ac0e3135

SHA1
9d471c5caf590c9268a1e535e34951d9aab98358

SHA256
c89cf851eee4af6e423eabdaaf85e639437ed8d2998f30d0711bd2813389175f

SHA512
b27a49b96ead469f75a4385e757ac07b724034ad3df07123aba76605df5d6e4702efe0d9fc52ec747c6d14a1963436140c04632247b28f2fe2dcfa89ec9eeb72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
d0b2b27d629cb5dd27acf34d94b6a240

SHA1
6cb55576f2d4a05171126ac1519f484a8d190a6e

SHA256
304659599605677f5491a3ba5b88daf1cca7aa2f3b61bdd30797b9744141d448

SHA512
052097898dcc7294cf5719c40c238c7ac1787d855f4c3faffab291ed2726ede3a5cd7a7cdbafbe5e5fe1e2b5ac4a46f1310ed5fb7b41ea09cf2a50860e898e28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
584b73e8a994e9129f89cf9c6e078c07

SHA1
a1d55b1d9745fdc48182aa62a2f53d7abb90f94b

SHA256
02fb43a4dde190443c20680ec22ca2910cd8e9452c1cda2402af59f73efc599b

SHA512
d47507a0fd006e3cb6b0e755dca60bb2b4102e7c4fe60fed6b03d1d018855ff8177e92f8fcd494474e6a12fb85c0cf2ccf8a1dea61049cb2bd5030a24699c5db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ce49b3b1f10c0b894c544aa8ed16598c

SHA1
7902ba3a4d095205e835e0c8ebd9fab359cf87a6

SHA256
20dabb9f6ca6a358f90018220ac8679c9c488753403c944e54122f5e90769a52

SHA512
51675b496cbb1ce9ec5147f9a48d911e5c5a48713d2457b826ab4ee0cccb1338238bc9813a4b5e3adf4ddedc149631c077a0382d0a9fe94e7fdd2f5c41874fc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a524b8f3b2ea33c5f18afe3de3c9c1b4

SHA1
58e4fab6f56ab46f87384e5b8312996e3067edaa

SHA256
5d7a42554191557e2b4467f5e3e888abd1bda7ebb1085188206fff8c21a2bfb1

SHA512
221dfbdd270d4abf03364e9bf5e534875e63f3b8b6fe0b8acc1ed6402fdb0d426fe88083b53b5a9e23c0599041c47a77e8dd232239eeb75c4976fba6b5a0fb23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
291e32014198cc1a36e20f350b7c142e

SHA1
caca17eabecdf60daf2f8fd4f11a41a2492931d4

SHA256
6b677286487cb4954bb37e6e101485dd19c42bbbf65b6845e73100dd8348ab38

SHA512
832810f1660ac68874b4556e001971ca6330c06ed2b7519fd4dfc8018787066fb1f6e47d43bb0434545be9647093da83e79461e677fb2266a1df0ec9c7c37852

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit