hxxps://tittle-gambler[.]tumblr[.]com

Analysis

max time kernel
302s
max time network
283s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06-03-2024 23:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tittle-gambler.tumblr.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133542398473348173"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4544	chrome.exe
4544	chrome.exe
4692	chrome.exe
4692	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4544 wrote to memory of 1820	4544	chrome.exe	88
PID 4544 wrote to memory of 1820	4544	chrome.exe	88
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 3888	4544	chrome.exe	90
PID 4544 wrote to memory of 2528	4544	chrome.exe	91
PID 4544 wrote to memory of 2528	4544	chrome.exe	91
PID 4544 wrote to memory of 3572	4544	chrome.exe	92
PID 4544 wrote to memory of 3572	4544	chrome.exe	92
PID 4544 wrote to memory of 3572	4544	chrome.exe	92
PID 4544 wrote to memory of 3572	4544	chrome.exe	92
PID 4544 wrote to memory of 3572	4544	chrome.exe	92
PID 4544 wrote to memory of 3572	4544	chrome.exe	92
PID 4544 wrote to memory of 3572	4544	chrome.exe	92
PID 4544 wrote to memory of 3572	4544	chrome.exe	92
PID 4544 wrote to memory of 3572	4544	chrome.exe	92
PID 4544 wrote to memory of 3572	4544	chrome.exe	92
PID 4544 wrote to memory of 3572	4544	chrome.exe	92
PID 4544 wrote to memory of 3572	4544	chrome.exe	92
PID 4544 wrote to memory of 3572	4544	chrome.exe	92
PID 4544 wrote to memory of 3572	4544	chrome.exe	92
PID 4544 wrote to memory of 3572	4544	chrome.exe	92
PID 4544 wrote to memory of 3572	4544	chrome.exe	92
PID 4544 wrote to memory of 3572	4544	chrome.exe	92
PID 4544 wrote to memory of 3572	4544	chrome.exe	92
PID 4544 wrote to memory of 3572	4544	chrome.exe	92
PID 4544 wrote to memory of 3572	4544	chrome.exe	92
PID 4544 wrote to memory of 3572	4544	chrome.exe	92
PID 4544 wrote to memory of 3572	4544	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://tittle-gambler.tumblr.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7f229758,0x7ffe7f229768,0x7ffe7f229778
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1880,i,16825515183592997362,8349989080950661011,131072 /prefetch:2
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1880,i,16825515183592997362,8349989080950661011,131072 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1880,i,16825515183592997362,8349989080950661011,131072 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3208 --field-trial-handle=1880,i,16825515183592997362,8349989080950661011,131072 /prefetch:1
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1880,i,16825515183592997362,8349989080950661011,131072 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4636 --field-trial-handle=1880,i,16825515183592997362,8349989080950661011,131072 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3976 --field-trial-handle=1880,i,16825515183592997362,8349989080950661011,131072 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 --field-trial-handle=1880,i,16825515183592997362,8349989080950661011,131072 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3636 --field-trial-handle=1880,i,16825515183592997362,8349989080950661011,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4692

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
83d8f396fa26538c32023f326cbfee6e

SHA1
dfd7c949e0ee09a7a97ac7af0606540139235276

SHA256
77f0178f380278fdeb50e3fa3e2c700a9bbd7f32a4914aba8191cca39cf8a6ff

SHA512
8b5753a25b31500fdf63026a2ad9d2da5f03a61562cd3ef5f8e142650fc374a95afa273dbb84e453ac1cc59e63f19c4b672591bb6fca8d6529a406ff8c7148f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6e236cae2eb31a12b6e241f351bc3a7f

SHA1
3071f0bd3efae0cd727ce948ab12d2f2c2bca543

SHA256
04f1ab0a1e4915787463176332b7d8df3ec1340e947338af00cd0e352a80581e

SHA512
6630d48ded6acff0b292c33561b360122a70bbb293af0325646f493c286ff0e3caced21bbdb4e55d9daeb581836cf5f7e6cff3a10331a3807d2bd3d039867d62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b9031d4b2ca67ade4e874abb22cc9824

SHA1
5a6822e803f320b6b4762f2c30c9a33e170ceada

SHA256
9d500461917d04fd791441e9f4f7f92909f6fbc55001125b9643f9867afe0fca

SHA512
7d981e43fa62a338f581d6039f242322bc650b7a054fa93dac391b8260f37233999eea604e21a1381df314075fa484734f5aecdbbceb9ac95d8e5935faaee12a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
41354bd0c5eb7ba09101247bcc2e399e

SHA1
fa33234d1eef93dbbacf07773c145fd82a213f0a

SHA256
8013cba38a24890d526f0d1afce613af7ec2f294c1e98053812c5e7633c749a5

SHA512
f7083c6e635d6c3041df8f332ccebbbe4a33ca410adcb15aa6bbcdd5272da74a9952e37bbb40ec0a8cbe6ebd47cd08c2111b706d56bafe0685ba0c9b51f512e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
c82a55482dbe260a4a4441c733c468c6

SHA1
09d7e0b538979a90082abfca79e4bbf3ae54d884

SHA256
aaee3ee1b1ee0163f334193fb12d25bf1afb0bd4aa5c3d1adb582ecd2ac3e1f4

SHA512
1a7fc174fc4b199e50b00e75b414236e5d6b0105f7884a898215bd76e8b38230426153361766060c69f5fc679f5d017a155e23f4f6657fbf5aeaff987d2643c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit