hxxps://pub21[.]bravenet[.]com/emailfwd/show[.]php?usernum=1776454874&formid=3972

Analysis

max time kernel
149s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 14:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pub21.bravenet.com/emailfwd/show.php?usernum=1776454874&formid=3972

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133576662159978276"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1016	chrome.exe
1016	chrome.exe
6132	chrome.exe
6132	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1016 wrote to memory of 5044	1016	chrome.exe	88
PID 1016 wrote to memory of 5044	1016	chrome.exe	88
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 1220	1016	chrome.exe	89
PID 1016 wrote to memory of 3564	1016	chrome.exe	90
PID 1016 wrote to memory of 3564	1016	chrome.exe	90
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91
PID 1016 wrote to memory of 3448	1016	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pub21.bravenet.com/emailfwd/show.php?usernum=1776454874&formid=3972
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3ba3ab58,0x7ffc3ba3ab68,0x7ffc3ba3ab78
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1232 --field-trial-handle=1892,i,17207805428112676892,9838567076083605380,131072 /prefetch:2
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1892,i,17207805428112676892,9838567076083605380,131072 /prefetch:8
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1892,i,17207805428112676892,9838567076083605380,131072 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1892,i,17207805428112676892,9838567076083605380,131072 /prefetch:1
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1892,i,17207805428112676892,9838567076083605380,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4124 --field-trial-handle=1892,i,17207805428112676892,9838567076083605380,131072 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 --field-trial-handle=1892,i,17207805428112676892,9838567076083605380,131072 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1892,i,17207805428112676892,9838567076083605380,131072 /prefetch:8
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2656 --field-trial-handle=1892,i,17207805428112676892,9838567076083605380,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6132

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4028,i,2857654520668216285,12206737327839963915,262144 --variations-seed-version --mojo-platform-channel-handle=3608 /prefetch:8
1⤵
PID:4516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
2cf657d58c00b93ced428b763ebb3a9e

SHA1
0f8291aeaebad6933e5f859cf1709fb2a23a5b7a

SHA256
9b2aea8704c50b09f3389fe25b8a10b81ad7f031b6e6a79dbc4ed16e42772270

SHA512
fd1d525a424d96ea2ffde6111624fd34b8a538995f22a6097a5fb5319d5f292786e03bddd1a27f8f4ce393c852a146eba7ca43d04a25ba4785f42bb623fa43f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
66c992df717e0d43db685aa95f8d45fa

SHA1
85e636f007ea6207e11f410282f3a59bfea77da1

SHA256
b1a5005add8333b048391c86da93ee0095a496b0074427421128f001ccb45d92

SHA512
6a962ab6bff1262f893ba47d1a827fce183420a5be34e2184eb5547926dc556bdf4ae28892a4814a216812eac0a10562b2df4946798cd52b2946e7b3a7478247

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
be0ae10fae9e24b6f0f95d63842e528d

SHA1
41f58d6323039bb51aad3ab238ce1ddfb9581001

SHA256
0ecd5cf2d488361898a6232040b0eb264de5c48c56100e7deea67d5e2c328fe8

SHA512
97b9307659098766b9288ceaa18c5f8e1f08f9172266da02dd05a9af9263f661887558a8ca52a7c1e027ea4f411c3a1a0af3794ce7c363cb4ffee79811dc88f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\bbfaebd1-1308-4a83-b37e-38db989d6993.tmp

Filesize
1KB

MD5
bdedcf1fbe2eac0607d0710e41ef995e

SHA1
c32a574f3efe20af8b0bce93fe1ff0b0595c17fe

SHA256
fb44a652b256fe5e436bb9806d4f2c16b0f8682ad3ff9a7efd7931c5ee535e12

SHA512
b3d758c066d1cf565d25252dbd774e3d3d254472fceb527cdc685e283aa5bb12abdbc32af1326a9b86816d6f289fb93403e845d8e6051bd0d5a0d17130f9a95c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9f2d56ce5888b583ac3551f6357fd1d1

SHA1
9ac036d0e0166da165d9d4216a5c74a148d8587d

SHA256
d6560b400449290be417ad319508940d63666bf6cf0cb0fa55dc45d19ca1638f

SHA512
68668fc99fc51e330a8a5d172950216118bf980db9b638ddbaaff3a3791ec088cbb97e88a2f4064fcc19978ff14f6425cedecd4a98655048e74980e4fd4731b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
206e39b8ddb75d0e7631b30e6cb579b2

SHA1
f4bc52adbdb04a9efab15041b52edaa7fb1fab09

SHA256
aca5a781e595043be07b39f09c9967c2d183bc6fd96a98100aeb31474f992fe5

SHA512
88e8cef449a2f2f2681b943b36b374e56cb5b0df4c8b8c5bd54ced78208e66bee5d6903dc74cc61b20cfcea104f5deffebaa157384d632c675cbdd37d54c7270

Download Submit