hxxps://denotificationservices[.]bbcportal[.]com/Entry

Analysis

max time kernel
129s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
15/11/2023, 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://denotificationservices.bbcportal.com/Entry

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133445463997585143"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3320	chrome.exe
3320	chrome.exe
264	chrome.exe
264	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3320 wrote to memory of 3232	3320	chrome.exe	21
PID 3320 wrote to memory of 3232	3320	chrome.exe	21
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2860	3320	chrome.exe	91
PID 3320 wrote to memory of 2860	3320	chrome.exe	91
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://denotificationservices.bbcportal.com/Entry
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef3409758,0x7ffef3409768,0x7ffef3409778
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:2
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4608 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:264

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\75d54c8a-82c1-4de1-97e9-ad51bfc4672f.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
776b3aa9395ed89a32e8a4f6077573a6

SHA1
0be548b9dbdb4a7b9dbbbe8268d15358d51e9634

SHA256
7a725e2db5c7c6433d52a2bf8cb18ecd189cfffa54dda5a3a75dcd537bcfce25

SHA512
569658bc35eabd13bf3b638e9815260f799e953bdad43b8a5d5b96f5f330a141a55860a4eb03175d7a35773254c85fa5f7829ce093697295d49b87ea8055567a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ef520375d1cfdc63835d080c2f998869

SHA1
1160757038907166d4920121f144fff4a1c695ff

SHA256
a25d39fa9e1f05095d0a4c61bc9be337c2058e93a187029eab5d9a179d61d072

SHA512
e13b1a68ef15df45263063d840b14fcf836780eb79055995a3c5986d6f6dcb147d260a2449548540f87a92afc55852bb86e4232bdfb225e61301343153bdb2e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8592af38ac6daacb5b84d6030b2ea462

SHA1
50614e7a0346a0c2a418ee45b2d181897f62b882

SHA256
e1bbf96cb42e384df902ac97d42e32e5cd9c561eee514ffde4f2525354b29f4a

SHA512
b4fff41290a4542362b0f37a47fdbe0fbf2f4c772643c0be8509b9ade54f8563d2ba955578aedbe3de69d5bfde0743986ee671de2884cb0d4905b19b09ddf62d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
75cae19bde598f19bef126b18e1b24ff

SHA1
e4d24faeba2d7ef9937bc62cd350d61163236647

SHA256
0fb107c9251ec7950547500fee8fc7d15e5040e3c27108283b38de0dc9721b8b

SHA512
be727a54712ca638967d290677db8551a2c8d98babcdd48b7db74506a6fa4e60ce1960316b3e69006726b0fef37d65c2b0c3df7a75e04402cb0ffa15e9766d7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
23c5d6502a3707ac9c9049eb4c34b2e4

SHA1
259f95f7466041c8385996901bf209801d9a558a

SHA256
ba248f6305f03eafeeef04c2b4371d3429b3e2b526b2089a3638ca4756e4a318

SHA512
cf632305ef158ddd68fe8bd2014c71be05098b8d5f8ca9aaffc8a998cc7c5d0e22bef35a8527c911d329fd91569363d2c5f3f8fd732d28c7e3e0700de6d14afb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9973803f00920ff5eec9132b49a4066b

SHA1
cd32d2b3526f6e7a05b564affa59326c5a9afe7d

SHA256
83b14c957880d1a67d3356534e2539b79c6c7b71902bc81a02b453031cb68508

SHA512
61909f3d35ec4bceb2486e8b4e247c58ec328052398ebd054ac669437b0f199b103b077f4338c25f21af5d59005769df4fecd8c428aa0fcecee0fe4ce1a9700e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
8a1991a0d866d5cbf9377015904c0e4a

SHA1
20bedef7c16e0c2eff9659709dbbe64e4695360f

SHA256
76963696c59d7ecdda82c25238eb4959b58c60683128614c4c998c2a271bd62d

SHA512
ec8fc01cdfb0a44ccc19dcf23f97cefedc4c41961f221d07f7536ac528fb4f7e6527d3cb6945d985518772361cccdccc5cd2b59ad0c6192a27fa0867dc56dbe7

Download Submit