hxxps://www[.]bloomoove[.]com/#/support/view/97152877?cacheredirect=true

Analysis

max time kernel
161s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2023, 14:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.bloomoove.com/#/support/view/97152877?cacheredirect=true

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133397809457445273"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3016	chrome.exe
3016	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3016	chrome.exe
3016	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 2808	3016	chrome.exe	84
PID 3016 wrote to memory of 2808	3016	chrome.exe	84
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3060	3016	chrome.exe	87
PID 3016 wrote to memory of 3320	3016	chrome.exe	88
PID 3016 wrote to memory of 3320	3016	chrome.exe	88
PID 3016 wrote to memory of 4676	3016	chrome.exe	89
PID 3016 wrote to memory of 4676	3016	chrome.exe	89
PID 3016 wrote to memory of 4676	3016	chrome.exe	89
PID 3016 wrote to memory of 4676	3016	chrome.exe	89
PID 3016 wrote to memory of 4676	3016	chrome.exe	89
PID 3016 wrote to memory of 4676	3016	chrome.exe	89
PID 3016 wrote to memory of 4676	3016	chrome.exe	89
PID 3016 wrote to memory of 4676	3016	chrome.exe	89
PID 3016 wrote to memory of 4676	3016	chrome.exe	89
PID 3016 wrote to memory of 4676	3016	chrome.exe	89
PID 3016 wrote to memory of 4676	3016	chrome.exe	89
PID 3016 wrote to memory of 4676	3016	chrome.exe	89
PID 3016 wrote to memory of 4676	3016	chrome.exe	89
PID 3016 wrote to memory of 4676	3016	chrome.exe	89
PID 3016 wrote to memory of 4676	3016	chrome.exe	89
PID 3016 wrote to memory of 4676	3016	chrome.exe	89
PID 3016 wrote to memory of 4676	3016	chrome.exe	89
PID 3016 wrote to memory of 4676	3016	chrome.exe	89
PID 3016 wrote to memory of 4676	3016	chrome.exe	89
PID 3016 wrote to memory of 4676	3016	chrome.exe	89
PID 3016 wrote to memory of 4676	3016	chrome.exe	89
PID 3016 wrote to memory of 4676	3016	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.bloomoove.com/#/support/view/97152877?cacheredirect=true
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff87eac9758,0x7ff87eac9768,0x7ff87eac9778
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1892,i,13803985791825809674,12094629912422669331,131072 /prefetch:2
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1892,i,13803985791825809674,12094629912422669331,131072 /prefetch:8
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1892,i,13803985791825809674,12094629912422669331,131072 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1892,i,13803985791825809674,12094629912422669331,131072 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1892,i,13803985791825809674,12094629912422669331,131072 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1892,i,13803985791825809674,12094629912422669331,131072 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1892,i,13803985791825809674,12094629912422669331,131072 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1892,i,13803985791825809674,12094629912422669331,131072 /prefetch:2
  2⤵
  PID:2232

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
a7556e8241495779af6cc73abc7c7ab2

SHA1
6c4a1482fbe7e38535715fc4f8b0d942283755d0

SHA256
e756f8024fc0103ccfe54b5aaf017058c810db98d5ed5d42a00f0865ff6c2640

SHA512
9be3a1af1aafa75eba45094c37cf8bf0f8353e999975b5288ad8400c622148f6db5f1918687a2c20c85419a8b376e9aabea45396efdfc83cad458659edea2e58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
57101c621ef7d711da996c6e6a87ab99

SHA1
23b2a8e53cc6410f94c80244834e5145c35e2d64

SHA256
567ab4dabae82ac1143733fe83d026cb2cd353005c061264842d53d8c29a2759

SHA512
a3f40a24aa637925718d77940186ecb522223b14156802ebce3880474350ea6cbfecfedd952a97202cb67292f886f3ce04c21b949d0beaa67d90871ae1cbb9c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6509244dfcf984475f3f85f6c1991236

SHA1
503f88ede8eb94cbbe23a6f8cf784e425f276cf1

SHA256
a51f4709ba09b0a3ef84c2b5379ab6cab977b77e1694d741450dd4a3cbb5c3fa

SHA512
d42888342b46f9d13e899e901f18c5ee964be986d85bcc8758a1919cc218b586da53ec18d6d2bb77615985f45937e2ef29820cc296430562726e9061e443a5bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
9e8acd15c1b28bde8924bad5dfa46d83

SHA1
210d92e0ddbe91ac1d6f747c7b380b7130afd7dd

SHA256
da694d11048d42be6094ab1d7169847a9817fe0d14ef10ec737c5eabdc6ff2c5

SHA512
b0bec57397430afaf59be1797fe2c7c53638e34bb7bc1fe7653ba7870dac1de5d8a807839a93f021b0723f4eb6d610be0cd2d020b7925d6adf8c0e9f0c182196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
56da45c43887f882a03504e786ea4599

SHA1
1f64affbd337d6eeb1edce4f89e8b80f906f2107

SHA256
ee63ef057e0b0b769ab9a6a3b3f7ee3e3769839a1b7fbe4741a60bee8b7f75f5

SHA512
6edc02f50062a16e4be4f338b0cdc95bfc6f9f2e5846f06fbea42a8782e2b36b0e525bb507405c6036917e375bea29fce4cada2c666b6215f63b35244590bf2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
da88d1a72250b095ec12cdc896856c0a

SHA1
b14b4355f88735804a2f58051248db046598b798

SHA256
0acaeb484e00f09300fccc2a1747274140ab076e961be83734fe8dabe858683d

SHA512
395888100c86e53e8d72dfdda03d72e1ae29553e72ed431682c662d744103c3e81ea29d91db3390fd878fe86beae3580e8beadaf97173eb17781ff1190e4bebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
67413da0be2058800aa85917c509d9b4

SHA1
d7643c309fbe9d75191b7c98b20b546da199566c

SHA256
3264f81a0cdebba0b0d4d495dc199757c910222a093ee39838082661b33d0162

SHA512
aa2f2d52a4333903c35526fec9ea4374bd0ae99019a1b5ef731418ca980b53a17a03d3d176e1e99d9724ec286245a9a97c4a867b3111f5b2b545c6d81b79f555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d17d2612969a5f11ff6cbe4474669d0f

SHA1
f9a528ab3ab4d4e21b2bfecfc8feb009dfff9103

SHA256
4c5c62b441bb0f6353cc83ae5cd1f1a1040427f6d7834f516b21668ec1a0633f

SHA512
59311a189db9f6b3aad78c5c19c3dfbf5116421d6a26584de3052e648375fca0e29238e3a2b4bdd8526ec7ee28377e35d5ed3c5e85014c5d9c7beaf68764cf01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
10636fe67129de2c0471e77305292c8b

SHA1
dde80c7c562d41090e2cf5113155e88a8f7e342b

SHA256
9e65e2c6305329577dd7f71b34284a3de1ed7edf8574bef8864d6da1496a4506

SHA512
f1a0027995003cd435b91bd998d64cddb4e991040fa9bbcb7ec540e3ae853b69364f4ff74c9d017869528649ba5edbbec064f31c8a49442dbae3ed92b409224d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit