hxxp://www[.]bozemanclimatepartners[.]net/

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2024, 17:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.bozemanclimatepartners.net/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133570722452656626"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4728	chrome.exe
4728	chrome.exe
4744	chrome.exe
4744	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4728 wrote to memory of 4604	4728	chrome.exe	86
PID 4728 wrote to memory of 4604	4728	chrome.exe	86
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 3548	4728	chrome.exe	89
PID 4728 wrote to memory of 4484	4728	chrome.exe	90
PID 4728 wrote to memory of 4484	4728	chrome.exe	90
PID 4728 wrote to memory of 4076	4728	chrome.exe	91
PID 4728 wrote to memory of 4076	4728	chrome.exe	91
PID 4728 wrote to memory of 4076	4728	chrome.exe	91
PID 4728 wrote to memory of 4076	4728	chrome.exe	91
PID 4728 wrote to memory of 4076	4728	chrome.exe	91
PID 4728 wrote to memory of 4076	4728	chrome.exe	91
PID 4728 wrote to memory of 4076	4728	chrome.exe	91
PID 4728 wrote to memory of 4076	4728	chrome.exe	91
PID 4728 wrote to memory of 4076	4728	chrome.exe	91
PID 4728 wrote to memory of 4076	4728	chrome.exe	91
PID 4728 wrote to memory of 4076	4728	chrome.exe	91
PID 4728 wrote to memory of 4076	4728	chrome.exe	91
PID 4728 wrote to memory of 4076	4728	chrome.exe	91
PID 4728 wrote to memory of 4076	4728	chrome.exe	91
PID 4728 wrote to memory of 4076	4728	chrome.exe	91
PID 4728 wrote to memory of 4076	4728	chrome.exe	91
PID 4728 wrote to memory of 4076	4728	chrome.exe	91
PID 4728 wrote to memory of 4076	4728	chrome.exe	91
PID 4728 wrote to memory of 4076	4728	chrome.exe	91
PID 4728 wrote to memory of 4076	4728	chrome.exe	91
PID 4728 wrote to memory of 4076	4728	chrome.exe	91
PID 4728 wrote to memory of 4076	4728	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.bozemanclimatepartners.net/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb51c19758,0x7ffb51c19768,0x7ffb51c19778
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1864,i,9190183884969558277,17579286611616661844,131072 /prefetch:2
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1864,i,9190183884969558277,17579286611616661844,131072 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1864,i,9190183884969558277,17579286611616661844,131072 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2808 --field-trial-handle=1864,i,9190183884969558277,17579286611616661844,131072 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2828 --field-trial-handle=1864,i,9190183884969558277,17579286611616661844,131072 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4032 --field-trial-handle=1864,i,9190183884969558277,17579286611616661844,131072 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 --field-trial-handle=1864,i,9190183884969558277,17579286611616661844,131072 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1864,i,9190183884969558277,17579286611616661844,131072 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3772 --field-trial-handle=1864,i,9190183884969558277,17579286611616661844,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4744

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
071ba5b7dd2471d5a11e3873e6e7e6f5

SHA1
f98c675542882949b75076a04bd2293d5a1e7b2f

SHA256
d6ca34bab864c93e237374c3e225be692269eeadbf98f4f414b861e5ec34b06f

SHA512
eb0c349efdd9e5b5fe6b8223c12568312b9d6cf0850e2a352ec6a5570e175d910a45efee92347e06e8a9eaeba8b8baa6ca22555ba7861aacb2b14c86a6c150b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
995ab65f9651036fb1674168f84306a3

SHA1
02065c2e1a3e9736f128309caf15fa24027e2be5

SHA256
22e3d95b5d3ef27e787f246cd09ba129837ff3c149f367a93c1c5b20825459fb

SHA512
4eac778767719b77e1ddb9fa18d6efc5c18f3ad7790c9579fdca1c1f9bd7d62462f16120b39702702f5c23754d6e93b1760e46c386759482f49bd17f69d3309f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c2b6181306cfb89a3c5f946ab2ebef04

SHA1
7901046d4469263617bc7fb5cff9295916519a0f

SHA256
e092f3864d25bd3f7c84e1e40f7d3f158e3c1c5845d00f64c15d503d703625af

SHA512
e4fe4995373caa461574b81fae6e597cf6076fa6346e755b56a9c40480f185071315b2ae4439e683123dcb4fed2f2ad06357aeeab1d1df66c74d3ffba461c639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
69f126411125dc7a919b5542be66f20f

SHA1
36a06ea4609de3c486c52eb523fb81baf8fc8f32

SHA256
06af925449606177591124f4d6ca7124de9247fa83b18f8aee38da0622b1b14b

SHA512
c7be1188700cb85871a397598bff5527906ca280f4bccf9915eee2ab6001653c608dddf2c05e1ab26dcf3a38e2a38b9f8c1ec008d825e08a2c31c57a44447107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ca9884c01eb6a0de5f2a49b266328113

SHA1
7c1b863c41f2bc5f53f534abae9fc86c29d8ee04

SHA256
84dd460f54ab574b850e73278e8c288e624785c6ea82583c3eb64b10814f19c5

SHA512
bf7531f1553f6e90c7413883b01ef375340cd93ac04f4438b785bddb2940b045d8ea387e760c7b03b08906778a756bf49835f50242363043ec0e3d76f1919182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
f38c0aa809477b3aaa955dab96a686c2

SHA1
e88a9d71ef883f4a25e8fe6276a0b5d6165763c2

SHA256
c1cb3088498121657fd0a4863f37de6213d2f68977d1f2ae4da1b85a34511857

SHA512
b20a8832227b5c3fe84ec83b38ade7b147c62055ad2cc50d17f1b05bc9998e3d73e743f092284b3b73cb033f7f4d60989c9ea413275cd69c74c7cc6f04e663ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit