hxxps://platform[.]gulfpartyline[.]com/events/maybvd

Analysis

max time kernel
59s
max time network
57s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 01:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://platform.gulfpartyline.com/events/maybvd

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3960	chrome.exe
3960	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3960 wrote to memory of 1944	3960	chrome.exe	88
PID 3960 wrote to memory of 1944	3960	chrome.exe	88
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3176	3960	chrome.exe	92
PID 3960 wrote to memory of 3328	3960	chrome.exe	93
PID 3960 wrote to memory of 3328	3960	chrome.exe	93
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94
PID 3960 wrote to memory of 452	3960	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://platform.gulfpartyline.com/events/maybvd
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff541ab58,0x7ffff541ab68,0x7ffff541ab78
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1900,i,14527699372121998990,16771457216308860869,131072 /prefetch:2
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1860 --field-trial-handle=1900,i,14527699372121998990,16771457216308860869,131072 /prefetch:8
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=1900,i,14527699372121998990,16771457216308860869,131072 /prefetch:8
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1900,i,14527699372121998990,16771457216308860869,131072 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1900,i,14527699372121998990,16771457216308860869,131072 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 --field-trial-handle=1900,i,14527699372121998990,16771457216308860869,131072 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 --field-trial-handle=1900,i,14527699372121998990,16771457216308860869,131072 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4276 --field-trial-handle=1900,i,14527699372121998990,16771457216308860869,131072 /prefetch:1
  2⤵
  PID:3408

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4356,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=1748 /prefetch:8
1⤵
PID:5076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
e2a27b93a713c2fde85fa1ffbbe1dc7f

SHA1
1e3a7f42ba028f678214890929b30fc5c6ec70d5

SHA256
f2c1d802a35658e244c3bafbb3665390de588fb888e95d46e291968271998eed

SHA512
7a2945c3023504a59a5ddf1f3f5d71acca172ec8f6bb46598c8b644c4b0f478ba791a05f0624c94595d2cfc5248e8dabb13a4405bf088a9f8925b0788c00e2f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
d78185b2d6583e9da352f3da2ef44a82

SHA1
a90de8d2f50a7242ffdf4935686bd055e2d44ae7

SHA256
1dfdf6f54b256ba7835a4b53c1a00651dfc6644fd41cc8fdf74e5adb20f8376e

SHA512
b2988472869baad29bfa44b992f76d65d46d0b0926ef241c39da54d23537f7195314fbc231622a64ef8fabf92a11f1bd517cec0b94dd20739bb5c665634a2852

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
da8e8202155e5d40071cf2ebb70520f3

SHA1
c037b7ce5ca874eb0a646f659fed2758399b09ca

SHA256
5bc4e6cd321cc19f4b6b2326ff54c7ba989997b81e38e69a620a3b802f7ab854

SHA512
62beaa06b9012f26e26819b1149beb73d7c1214fe55eef6c6a4bcdfff76b17e13b8800063a7c514a625b4ae81901eed1075be66a2cad1c4866dea92444e136a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
758501dab2758cd09dc11aeeb819e70c

SHA1
61c2285ca723bfe544a65379565edb2ddc7745b1

SHA256
c6b2d75acf18b5a6e266908f549089223979b511610008009f352d0c17b99b40

SHA512
2c7bef01b8f4ee578aa8bc739c9366a550908a83c57595a22f4d70e643a7208e01c15575bdd2325c358725f9e31d5a86dfe593d009f3b01d93582d551894912a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0434f95e78260453dc88e2eac6108f79

SHA1
d4438078af001d586de905eb382d070296063ef6

SHA256
0de16347731dd956f660f5f154d96409280f445696ad5c693491cb9b419b8d2b

SHA512
525480f0dd4b4d442054f526f007a550c44d5801a56cf15641f33dd2015f36f76b7853e702837d332cfc0963ac2ec2463548bc4bbf2e8aeb88bbf26f7e7c5d35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
e9930cc5661b50958268664e98f95562

SHA1
e2046f0e418fd221e161f565f11a0a69dc4cc390

SHA256
aa93477900f1d5943e255cad4019dd7ae852d0507a7b3f3f15e3c4b42e93b438

SHA512
465de8f0f0b98c1a5c66f3cfa146632e925987cc0c6b8e9c385c211aad971b3ff008ebfce210eaaaba0f75a020f2e7a997d6ff1e357b61981a802b63d654a2f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
fefb891828b2f0863fc14d1fd3d5ebf8

SHA1
8bbf1c327f569c684c74c7cdbc63186220255754

SHA256
33bd2a2924d1f30a33ed59018faf5333b9654cd14debe820c8f06db3de297aab

SHA512
4a32c40a639e26180f76c85cb253e4c6b4199605bd29ef62bdabb5084397615112995605703f7cb18ae2faeb7afc8a65b6f69b920306915430730a7cecfb9d4a

Download Submit