hxxps://blogger-teame18[.]tumblr[.]com

Analysis

max time kernel
49s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26-03-2024 02:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://blogger-teame18.tumblr.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133558954421438534"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3276	chrome.exe
3276	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3276 wrote to memory of 4604	3276	chrome.exe	89
PID 3276 wrote to memory of 4604	3276	chrome.exe	89
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 4028	3276	chrome.exe	92
PID 3276 wrote to memory of 3736	3276	chrome.exe	93
PID 3276 wrote to memory of 3736	3276	chrome.exe	93
PID 3276 wrote to memory of 1280	3276	chrome.exe	94
PID 3276 wrote to memory of 1280	3276	chrome.exe	94
PID 3276 wrote to memory of 1280	3276	chrome.exe	94
PID 3276 wrote to memory of 1280	3276	chrome.exe	94
PID 3276 wrote to memory of 1280	3276	chrome.exe	94
PID 3276 wrote to memory of 1280	3276	chrome.exe	94
PID 3276 wrote to memory of 1280	3276	chrome.exe	94
PID 3276 wrote to memory of 1280	3276	chrome.exe	94
PID 3276 wrote to memory of 1280	3276	chrome.exe	94
PID 3276 wrote to memory of 1280	3276	chrome.exe	94
PID 3276 wrote to memory of 1280	3276	chrome.exe	94
PID 3276 wrote to memory of 1280	3276	chrome.exe	94
PID 3276 wrote to memory of 1280	3276	chrome.exe	94
PID 3276 wrote to memory of 1280	3276	chrome.exe	94
PID 3276 wrote to memory of 1280	3276	chrome.exe	94
PID 3276 wrote to memory of 1280	3276	chrome.exe	94
PID 3276 wrote to memory of 1280	3276	chrome.exe	94
PID 3276 wrote to memory of 1280	3276	chrome.exe	94
PID 3276 wrote to memory of 1280	3276	chrome.exe	94
PID 3276 wrote to memory of 1280	3276	chrome.exe	94
PID 3276 wrote to memory of 1280	3276	chrome.exe	94
PID 3276 wrote to memory of 1280	3276	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://blogger-teame18.tumblr.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa11d99758,0x7ffa11d99768,0x7ffa11d99778
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1848,i,13071548156096208280,16229329574111639985,131072 /prefetch:2
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1848,i,13071548156096208280,16229329574111639985,131072 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1848,i,13071548156096208280,16229329574111639985,131072 /prefetch:8
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1848,i,13071548156096208280,16229329574111639985,131072 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3344 --field-trial-handle=1848,i,13071548156096208280,16229329574111639985,131072 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1848,i,13071548156096208280,16229329574111639985,131072 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=1848,i,13071548156096208280,16229329574111639985,131072 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4828 --field-trial-handle=1848,i,13071548156096208280,16229329574111639985,131072 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3360 --field-trial-handle=1848,i,13071548156096208280,16229329574111639985,131072 /prefetch:1
  2⤵
  PID:4440

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cf8c1bc942025827928f66b3fec57037

SHA1
79947514f517cafe8a962ee15155e91120463463

SHA256
eed024c86f3a238e140865c12464bab6460922bb9867ca4e3d3e1fc525291f3d

SHA512
cd734c5785e380015cbecc547ffe9dd20f97faafc4231b043dc8e046cca40b83ef098b9ddc430f844111e567a9679167c2d96d56876e91202a4d2bab275079eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0464d2c5f60b936bd092a85131f8bb77

SHA1
f10705bcfe48e3d4a221dbb91912e0f790076065

SHA256
e08d6a9f1956c96ad42043dfb3b2010d3fa18e86000070ff666ab17e221963e7

SHA512
a59a882b202dabda46c4fb5d9b3b962aa2938bf0c69d97d314cb2642fef2ca45ab88093d684325bc7b0b8ec0892b7b7f36e845035fd91f761d2ed2d0ce769933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
90ebde64101b18f6b0043fd3bb54f602

SHA1
fc5bc66f23a471fd7fc3192efaae33dc43c88673

SHA256
a2063b9dd53765011ff20d92d3c1d90525cdd9fc90cc15ce365a5d462f80e0ab

SHA512
12cd033bdac92946ebe8049ba49df68fca8d732fb650ccf1bed1fa57825fc04b1f897134fed873979030581b1bb882166dffb959431d338f625660c44ec2f03b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0c94dd4c0991dddb9f98c0060da7fb10

SHA1
05c0485982852d8f222be1252ac4a402839cde16

SHA256
003066dbab8fd40629c84ecb605099d90b50e75e8d1a470d14aa66f6ef6ae82d

SHA512
fc60aa0bd32ed32e7ba79eb4b2206d6f3fbf813e0d9a554a627ef3cb8c81337c2fb1512c2d237a2625d3ac2ddca8c9d0a3b55bdaa7cf3fa5f5f0ebd21f7046b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2803af5979d62c46c5a2713322a3ed8a

SHA1
7579d8bc330e3cbc732e37b7e1848df730339697

SHA256
c8be8ba8a3ca85d2c1c5090ced8831a66645fa6af2b9ae1c41f8ba4d03aed795

SHA512
7b0ef11c726adbb4f23df9e4686be33d626ca6d2900ecfe6842ce4a33e81e027e2bf45e73a386bb2a1e8c1852d336dd0d0b846b4394060cd879418f48ff6a399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
338cf7358b415b4df870860d34a761a9

SHA1
2a571e9414ccb88055bf440af128fae9502022c7

SHA256
faa01347eda2ef1b292c832ee17cf25a29713476548abf377ff7634c387126ae

SHA512
f4843eca31ad1bec576b3be8706b768735ed62a9d5fb2ad3c9cd9cadf79ea19a71a9f26921e5af29638a1094b9a09997e921edec0f1e0758ca339873f04389f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit