hxxps://unblockit[.]dad

Analysis

max time kernel
300s
max time network
305s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://unblockit.dad

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133522431484528138"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

972 chrome.exe
972 chrome.exe
1064 chrome.exe
1064 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

972 chrome.exe
972 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe
Token: SeShutdownPrivilege	972	chrome.exe
Token: SeCreatePagefilePrivilege	972	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe
972	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 972 wrote to memory of 4612	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 4612	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 764	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 840	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 840	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 4408	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 4408	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 4408	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 4408	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 4408	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 4408	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 4408	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 4408	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 4408	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 4408	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 4408	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 4408	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 4408	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 4408	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 4408	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 4408	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 4408	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 4408	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 4408	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 4408	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 4408	972	chrome.exe	chrome.exe
PID 972 wrote to memory of 4408	972	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://unblockit.dad
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c6ae9758,0x7ff9c6ae9768,0x7ff9c6ae9778
2⤵
PID:4612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1860,i,13754487173006734757,233933905884125263,131072 /prefetch:2
2⤵
PID:764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1860,i,13754487173006734757,233933905884125263,131072 /prefetch:8
2⤵
PID:840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1860,i,13754487173006734757,233933905884125263,131072 /prefetch:8
2⤵
PID:4408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3208 --field-trial-handle=1860,i,13754487173006734757,233933905884125263,131072 /prefetch:1
2⤵
PID:2424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3248 --field-trial-handle=1860,i,13754487173006734757,233933905884125263,131072 /prefetch:1
2⤵
PID:3456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1860,i,13754487173006734757,233933905884125263,131072 /prefetch:8
2⤵
PID:5044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1860,i,13754487173006734757,233933905884125263,131072 /prefetch:8
2⤵
PID:3828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2352 --field-trial-handle=1860,i,13754487173006734757,233933905884125263,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1064

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
68c86a43317b21789b01c600b2a9a66f

SHA1
34d11545f82e0d29b40ae7ff6645b8cae1de2a0d

SHA256
288f04024fd95b525770f5f9d6c0880cafbd57ac2338f8f79a48fabf50b4a51e

SHA512
d0cdbf172b53c2fe9f465a9ab24195f0603bdb7c16526858586c699d790f6e78b1746d1964c7b1794024d9acb2057b5f2cd1ea9637c6079f784f6d44dc1eaed1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
d79b152a4f3f9c4f3790134ce062263d

SHA1
b88cec7ed822c4f950f3995533a61b0f97064cb4

SHA256
175c9c91716987d1655ac7236ab93c1395281a11e05164611bfff1ca0d4ef775

SHA512
784972ea55d235e5ea02d8c404a756d33ad1bfefd0566a9dba4a8cbd57f8b67ee1f0f5d0e0abd76ceea07e59ada4f4554736219c81de54d98ddb56fe05ae87a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b956df0d-3d85-41e4-950c-0aaa4dad27a1.tmp

Filesize
849B

MD5
164b511a496d3a0cea7f0f3d48726686

SHA1
c3b0608d4ad6bbfe7f58d22ded2f2cfd752144dc

SHA256
b741f709e2fffa1fdc1eb885c2c5dbd3cb6735fd9de9d91d9c37872278c05c3a

SHA512
2ca74214d86b3d6bd19d581ea83d2db0d1f20e33d3716a3f8e7b890be73ec3ad6b7667d64d56c31c6ea0a7b57a4841e3647933f35a93714a8c6528edd1a27e74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
93ba114c241ad9e4b8b2bebdc4358675

SHA1
abea014849d7908582556d1b22ab445b48180e51

SHA256
4731055230eb0ccf4339d36b20625123105456a5374135d593c0b301fbde0d17

SHA512
e4b08ae5690e2bf790d2940f11d35e1a84d4c5f55c26ffa0d51f8743be6e9f2998f18f980306239d8f8a0a8759ae056e39080a007ff2eb2b096d7319439d6ea7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ac284a57a9ea79de4bf7d44ca69604a4

SHA1
a33398d402480840929abf717b0025fede0eefaf

SHA256
3ea3e29e0ba2b6f87a07fcdc70d926fc99641700bb14995b9ba282ba10e4f881

SHA512
37764a71767c1c6f32ce6863b95aa091d4840c010aa36fc602d5cd9333ad4eaaf5e7b6f8a4e789d5534fa7ce797d9bde7d0e879b5e58a18a717d4b5c3f72c13c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
198f9ec116303d3f91f989ca6b2e434a

SHA1
b2fe13ff962d6c92d005c8279260cb7bcbcfaca8

SHA256
bba6959a254a38d71667820cc914df98a1b444dd309a4af2262d5235b50c5b97

SHA512
8c6619e7c19b5d4401830aa509134c4cd8053bf70398bd3bb447c83aafe589da53bdca8289af2f0510f4f3024cd601e6db4bc3e1230885739dc95cb0ef9b7e42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
06b74b34ceedf59ae48bced558b4a788

SHA1
3d6d2ea649fcb49a57d227e911f6943aa0924c76

SHA256
24dbc885cc3970cc8a90b676dab1b8da3297fed9cd32f2b7eb3ef64f101015a9

SHA512
261195795f9180dc88d3bbe3785d80972cb8fcf887e92cc4b299a4cd0e1c8b3f10f06b1693779c5782e0c4953662854aea9a7e5d9a33aa51d33baeb73576898e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_972_CGVBNPDTOOBHPWDQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit