hxxps://jojo-62150[.]bubbleapps[.]io

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
12-12-2023 00:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://jojo-62150.bubbleapps.io

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133468161675508080"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2480	chrome.exe
2480	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 3784	2052	chrome.exe	85
PID 2052 wrote to memory of 3784	2052	chrome.exe	85
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 4412	2052	chrome.exe	88
PID 2052 wrote to memory of 540	2052	chrome.exe	87
PID 2052 wrote to memory of 540	2052	chrome.exe	87
PID 2052 wrote to memory of 2460	2052	chrome.exe	89
PID 2052 wrote to memory of 2460	2052	chrome.exe	89
PID 2052 wrote to memory of 2460	2052	chrome.exe	89
PID 2052 wrote to memory of 2460	2052	chrome.exe	89
PID 2052 wrote to memory of 2460	2052	chrome.exe	89
PID 2052 wrote to memory of 2460	2052	chrome.exe	89
PID 2052 wrote to memory of 2460	2052	chrome.exe	89
PID 2052 wrote to memory of 2460	2052	chrome.exe	89
PID 2052 wrote to memory of 2460	2052	chrome.exe	89
PID 2052 wrote to memory of 2460	2052	chrome.exe	89
PID 2052 wrote to memory of 2460	2052	chrome.exe	89
PID 2052 wrote to memory of 2460	2052	chrome.exe	89
PID 2052 wrote to memory of 2460	2052	chrome.exe	89
PID 2052 wrote to memory of 2460	2052	chrome.exe	89
PID 2052 wrote to memory of 2460	2052	chrome.exe	89
PID 2052 wrote to memory of 2460	2052	chrome.exe	89
PID 2052 wrote to memory of 2460	2052	chrome.exe	89
PID 2052 wrote to memory of 2460	2052	chrome.exe	89
PID 2052 wrote to memory of 2460	2052	chrome.exe	89
PID 2052 wrote to memory of 2460	2052	chrome.exe	89
PID 2052 wrote to memory of 2460	2052	chrome.exe	89
PID 2052 wrote to memory of 2460	2052	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://jojo-62150.bubbleapps.io
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe2689758,0x7ffbe2689768,0x7ffbe2689778
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1968,i,18225949377250279973,14395899102026391833,131072 /prefetch:8
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1968,i,18225949377250279973,14395899102026391833,131072 /prefetch:2
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1968,i,18225949377250279973,14395899102026391833,131072 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1968,i,18225949377250279973,14395899102026391833,131072 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1968,i,18225949377250279973,14395899102026391833,131072 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4624 --field-trial-handle=1968,i,18225949377250279973,14395899102026391833,131072 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 --field-trial-handle=1968,i,18225949377250279973,14395899102026391833,131072 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3652 --field-trial-handle=1968,i,18225949377250279973,14395899102026391833,131072 /prefetch:8
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5900 --field-trial-handle=1968,i,18225949377250279973,14395899102026391833,131072 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1020 --field-trial-handle=1968,i,18225949377250279973,14395899102026391833,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2480

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
1b66e37f88be6fc9bdb9f288657c534c

SHA1
66c96f204c7912e268e24e7b52de75a8f7023eee

SHA256
2465ef9d3eeb34e5e21f03a08cf7c55fe2272d89800fe20cb7616b680541b740

SHA512
6099fb26e541d8eb49bcbfb0c5dac533b0a8168235ec8c3605a28db0f408905b0983e955c2aeff929afd66b811d553c996407a1cf46f031266fa35f74a8340d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8b6288210cf934e0632984231ec3b12f

SHA1
276297219dd3b433cc6a9bb144019be2caefd522

SHA256
f349e56907aee88641e3e564da83ada35691a76eb8b2723d77cd70c780fd25c7

SHA512
92d6a9721b69e75b4532621cb77b26f293a76697b97b896410927a7a7edfc167885c861b82fe5e69bff49841c5615aed89a687cc54bc3fd71b37aaa6b57d0d37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
ee8275f56887a1c5df62eaf07b56b78d

SHA1
a8de85488de234916e0b6b6fe6d9f14987a70f72

SHA256
85f451160cc33557a7dd2b30924038d7fb56bb3e5ec298d54290660f73afb5b2

SHA512
56cda99bc93b3533d49971e4412c3eac6c82e9b580643a94dc6eae400a4df454fb034e2b4212fe6f8399e7ffc18b2630f95e9682ec09d02abdf30260f960d9ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
5a62051f2eaec447fd00a4a15440bb5b

SHA1
aff88e8d9fdb3711e2ad3a790ac7fa2417f2c63c

SHA256
e2f3e207527f077dd3148a05f0676c64e05f75a6891b75c476539df88e4490cc

SHA512
281ab55ca4f2cf575b7669a273721c7a06df052625e2573296ee9f7e887d9cfa61c7d1cab52c367870005a24dac585a6e1f2bc40fd59f9bcb89de4187f778796

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dfea0ba23093e8ede478eb1bf20c30e0

SHA1
4fb927ba2b71d5c4eecf6d1c43f19146606ffeb7

SHA256
b6553676770e737d4e0087bf219b4b7a16531040d36b8c26099d4c8e5785d58e

SHA512
89147d3c60f4d5af0c09ba052030170fdb0a1db9bb100c588149536986a5120f4a5c33461fd51dbc686cee127f949e15a9eaa680de7a9307500f0ea59167c34d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
f69c2077970e292baaf34974a7e0773e

SHA1
6c2b6cd02721d21ab86f704be3f263d47881fd24

SHA256
43746768be29bc2606aeff43334e98e96fa977c581d309470816f2a6e2b402a9

SHA512
1d7227909bed6ff26e200e3214e855db438a8cf0324f4f803374425303e5cb1d584fc46ddd557c93d0c0e719461bf6cae247036b162024c06c038be55c435c05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit