hxxps://www[.]bloxget[.]com

Analysis

max time kernel
599s
max time network
589s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28-04-2024 20:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.bloxget.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133588123947023580"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe
224	chrome.exe
224	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 4216	2340	chrome.exe	81
PID 2340 wrote to memory of 4216	2340	chrome.exe	81
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 4788	2340	chrome.exe	83
PID 2340 wrote to memory of 3740	2340	chrome.exe	84
PID 2340 wrote to memory of 3740	2340	chrome.exe	84
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85
PID 2340 wrote to memory of 4076	2340	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.bloxget.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95ffdab58,0x7ff95ffdab68,0x7ff95ffdab78
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1876,i,2250139330170209272,7352907434373800659,131072 /prefetch:2
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1876,i,2250139330170209272,7352907434373800659,131072 /prefetch:8
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1876,i,2250139330170209272,7352907434373800659,131072 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1876,i,2250139330170209272,7352907434373800659,131072 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1876,i,2250139330170209272,7352907434373800659,131072 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1876,i,2250139330170209272,7352907434373800659,131072 /prefetch:8
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1876,i,2250139330170209272,7352907434373800659,131072 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4428 --field-trial-handle=1876,i,2250139330170209272,7352907434373800659,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:224

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
50becb27e0630c21a1fb9ef94864e686

SHA1
7c2379cae1814a363629a6e83526943979147c6b

SHA256
db6dac1b5ebad88147a570b04e223be37a42b62ab6085768786c7e916138ca98

SHA512
315acb4b654b75278f02e7678bbdd32279ca6376a6b2d16044d3b8f91da15c6f57edd8c4f8723cd745c56bd0b975d1a8169eb202e19339142e6624e8373d483e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cc1e020223cb136149655608a6772a78

SHA1
b53459d90a131f2d4b3290dbac831a4a5f7a62ad

SHA256
0f769dbfab1e653049ff8bdf5705ef8146d19d52542b1d3d4bb7785848baface

SHA512
1c4f383d884e7815cc3a63c03f8a1e36fcd55a274b0af90cc99b5d658a970c55b07f203f3d86ba10061976d5964c5e5bba417371a63c316c7f532f0078753b83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
56b33742d8dab781755aa81bbe1be424

SHA1
8773d49112baa5670ddbd57678ad48b6be17fc50

SHA256
4cb2514963f2f22356c875a7bc2d0c818bbf84f7c3155f87ef4c1de93376f2ba

SHA512
cc4640450cd8f24f10679e1a0cf02a48e51bf7916e11655650e136a1b10febcb20d71856b50680f29b3ea2f8c19ab799ed3c3215c68b86215de2b5418133a0ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
467a17e0a76c3856304cf8fcfad6a5fa

SHA1
1faeb33723a3b29690486e1232c58f9bc9deddbf

SHA256
6cf6d73808df01e3f6b71eed9640c87bc6415f2783d49976b6c46ad5a28abddd

SHA512
e5bc4e1b7db8052237b56fb8524e0bf71b2435049d60be1998426d2fe2a262c0dd282944192d6ca5180f01413bfafc1c872fb61bda9895fe51b053862469f485

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
5097db40c4e416bd39e2f9bba6932d57

SHA1
b6f3ea0d4f5a59f498f206b7c265403c12c6730a

SHA256
aff998008ff058bdbb4d96c96c3ce4d24089a5dd65e786a936523fa193db1f6e

SHA512
08ed19d0b0c705d1bbc425a6cf88a481f72ecee1bfff53ba3eaed3c8e6ae6fcc097ffc23ea0b0255da77d865491d52bbf190f3a3621ecbab752b8b2a1ad05f51

Download Submit