hxxps://dahbbfd[.]r[.]bh[.]d[.]sendibt3[.]com/tr/cl/cN1nhlKHlqphHJpuYL__jgDsaJG2mI3Df6I-EW-YYA8WCkeKErMJQFlPIZ7u8EeiBJU-mN0ICXNU_LSIv_bLegvoV8mrPIzPUjmbttuTfdHiYjx5a8YgCKZKJ4O4abXD34kWbqwaEU9_Wb3OW_j4NWOWTPzuASq1RtZW6SL8vQzgoeTTD54Dl82JiY3ouvQfGiMWba2nn1nJp90EKOkAb5H1XNF-tw4A2Le6xtTUjHIzSanGrDlclwaeBpbiUhbr1kv2vG4BQYrINVRIW5m2uLf5h_E0jw

Analysis

max time kernel
5s
max time network
592s
platform
windows10-1703_x64
resource
win10-20231220-en
resource tags

arch:x64arch:x86image:win10-20231220-enlocale:en-usos:windows10-1703-x64system
submitted
22/12/2023, 03:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dahbbfd.r.bh.d.sendibt3.com/tr/cl/cN1nhlKHlqphHJpuYL__jgDsaJG2mI3Df6I-EW-YYA8WCkeKErMJQFlPIZ7u8EeiBJU-mN0ICXNU_LSIv_bLegvoV8mrPIzPUjmbttuTfdHiYjx5a8YgCKZKJ4O4abXD34kWbqwaEU9_Wb3OW_j4NWOWTPzuASq1RtZW6SL8vQzgoeTTD54Dl82JiY3ouvQfGiMWba2nn1nJp90EKOkAb5H1XNF-tw4A2Le6xtTUjHIzSanGrDlclwaeBpbiUhbr1kv2vG4BQYrINVRIW5m2uLf5h_E0jw

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2252	chrome.exe
2252	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2252	chrome.exe
Token: SeCreatePagefilePrivilege	2252	chrome.exe
Token: SeShutdownPrivilege	2252	chrome.exe
Token: SeCreatePagefilePrivilege	2252	chrome.exe
Token: SeShutdownPrivilege	2252	chrome.exe
Token: SeCreatePagefilePrivilege	2252	chrome.exe
Token: SeShutdownPrivilege	2252	chrome.exe
Token: SeCreatePagefilePrivilege	2252	chrome.exe
Token: SeShutdownPrivilege	2252	chrome.exe
Token: SeCreatePagefilePrivilege	2252	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 4400	2252	chrome.exe	17
PID 2252 wrote to memory of 4400	2252	chrome.exe	17
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 1292	2252	chrome.exe	26
PID 2252 wrote to memory of 3524	2252	chrome.exe	25
PID 2252 wrote to memory of 3524	2252	chrome.exe	25
PID 2252 wrote to memory of 2076	2252	chrome.exe	21
PID 2252 wrote to memory of 2076	2252	chrome.exe	21
PID 2252 wrote to memory of 2076	2252	chrome.exe	21
PID 2252 wrote to memory of 2076	2252	chrome.exe	21
PID 2252 wrote to memory of 2076	2252	chrome.exe	21
PID 2252 wrote to memory of 2076	2252	chrome.exe	21
PID 2252 wrote to memory of 2076	2252	chrome.exe	21
PID 2252 wrote to memory of 2076	2252	chrome.exe	21
PID 2252 wrote to memory of 2076	2252	chrome.exe	21
PID 2252 wrote to memory of 2076	2252	chrome.exe	21
PID 2252 wrote to memory of 2076	2252	chrome.exe	21
PID 2252 wrote to memory of 2076	2252	chrome.exe	21
PID 2252 wrote to memory of 2076	2252	chrome.exe	21
PID 2252 wrote to memory of 2076	2252	chrome.exe	21
PID 2252 wrote to memory of 2076	2252	chrome.exe	21
PID 2252 wrote to memory of 2076	2252	chrome.exe	21
PID 2252 wrote to memory of 2076	2252	chrome.exe	21
PID 2252 wrote to memory of 2076	2252	chrome.exe	21
PID 2252 wrote to memory of 2076	2252	chrome.exe	21
PID 2252 wrote to memory of 2076	2252	chrome.exe	21
PID 2252 wrote to memory of 2076	2252	chrome.exe	21
PID 2252 wrote to memory of 2076	2252	chrome.exe	21

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dahbbfd.r.bh.d.sendibt3.com/tr/cl/cN1nhlKHlqphHJpuYL__jgDsaJG2mI3Df6I-EW-YYA8WCkeKErMJQFlPIZ7u8EeiBJU-mN0ICXNU_LSIv_bLegvoV8mrPIzPUjmbttuTfdHiYjx5a8YgCKZKJ4O4abXD34kWbqwaEU9_Wb3OW_j4NWOWTPzuASq1RtZW6SL8vQzgoeTTD54Dl82JiY3ouvQfGiMWba2nn1nJp90EKOkAb5H1XNF-tw4A2Le6xtTUjHIzSanGrDlclwaeBpbiUhbr1kv2vG4BQYrINVRIW5m2uLf5h_E0jw
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xac,0xd8,0x7ffacf319758,0x7ffacf319768,0x7ffacf319778
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2052 --field-trial-handle=1668,i,18396137079818856801,12072978563237410409,131072 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1668,i,18396137079818856801,12072978563237410409,131072 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1668,i,18396137079818856801,12072978563237410409,131072 /prefetch:1
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1668,i,18396137079818856801,12072978563237410409,131072 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1668,i,18396137079818856801,12072978563237410409,131072 /prefetch:2
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4440 --field-trial-handle=1668,i,18396137079818856801,12072978563237410409,131072 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4748 --field-trial-handle=1668,i,18396137079818856801,12072978563237410409,131072 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3436 --field-trial-handle=1668,i,18396137079818856801,12072978563237410409,131072 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1668,i,18396137079818856801,12072978563237410409,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1668,i,18396137079818856801,12072978563237410409,131072 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3240 --field-trial-handle=1668,i,18396137079818856801,12072978563237410409,131072 /prefetch:8
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=928 --field-trial-handle=1668,i,18396137079818856801,12072978563237410409,131072 /prefetch:2
  2⤵
  PID:5020

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0e0f6154827a43c8ddd3f66f7f5afa75

SHA1
013235e88a3b7af5962cedf6a567000c70eadbe3

SHA256
475536bd81e8fd450f9b2581c21cd19528fcfd6d66f0d8da304fc1cee2a36a8b

SHA512
7fb5cc3187781ade32a79d471617d7f94bdbdf61f3dda431cab4cc8099ed9a28bcaa822e23ee198b5572bdc10e33436d883a0050aea17677f5fafe6ddb9eb50e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
02d7e1f69b1db5eb2da61090f5e4a816

SHA1
63aae7bf384d21ee9fc22b36114f74a7c21ad14b

SHA256
0556284e29c5abfeee59c5c798e0bc793a05cfc2fcab201ed2a1ebbc3c6722f9

SHA512
53e58b62c3e4fa7f48a370feadc63626cca318c1fb7277e2e6c88466f4af2f52f28b95273fe61fc14a0d5e757fb008b88913c0f93d1198c7841d0c6328945a9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
415dcab1c50071552bc1f47034d750d4

SHA1
dfe77c570f972958075f8409eaad0faa60624a70

SHA256
b30fff0563e32d6a80e1ee35f64cd161ca36cdc21793a626a99bccfe26a3cff3

SHA512
7b38e84c213e452186405ad2bf034b93af5e3c1f9a424dc2918938c4d6839499846241d8f00a155bf558f037779ccc41626bd1ccae36334f8c63779b04452f26

Download Submit