hxxps://bmwag-rt-prod2-t[.]campaign[.]adobe[.]com/r/?id=h2ccc12b%2C8d23fb3%2C492093b&p1=[//]bharatmetal[.]in/jdjdhyeueieuidnbddd/ddhdhiwoiewyeueieiewbvdvvdcdd/nnddvduoeoeoeghvvsbsbss/30/Y2hhcmxlcy5tYWNncmVnb3JAZmlkZXNzYS5jb20=

Analysis

max time kernel
43s
max time network
41s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 12:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bmwag-rt-prod2-t.campaign.adobe.com/r/?id=h2ccc12b%2C8d23fb3%2C492093b&p1=//bharatmetal.in/jdjdhyeueieuidnbddd/ddhdhiwoiewyeueieiewbvdvvdcdd/nnddvduoeoeoeghvvsbsbss/30/Y2hhcmxlcy5tYWNncmVnb3JAZmlkZXNzYS5jb20=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133603365503750120"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1052	chrome.exe
1052	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1052	chrome.exe
1052	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 3188	1052	chrome.exe	83
PID 1052 wrote to memory of 3188	1052	chrome.exe	83
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 4268	1052	chrome.exe	84
PID 1052 wrote to memory of 2816	1052	chrome.exe	85
PID 1052 wrote to memory of 2816	1052	chrome.exe	85
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86
PID 1052 wrote to memory of 3640	1052	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bmwag-rt-prod2-t.campaign.adobe.com/r/?id=h2ccc12b%2C8d23fb3%2C492093b&p1=//bharatmetal.in/jdjdhyeueieuidnbddd/ddhdhiwoiewyeueieiewbvdvvdcdd/nnddvduoeoeoeghvvsbsbss/30/Y2hhcmxlcy5tYWNncmVnb3JAZmlkZXNzYS5jb20=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa75bab58,0x7fffa75bab68,0x7fffa75bab78
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1908,i,2967070589054652593,6645687587065335326,131072 /prefetch:2
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1908,i,2967070589054652593,6645687587065335326,131072 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1908,i,2967070589054652593,6645687587065335326,131072 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1908,i,2967070589054652593,6645687587065335326,131072 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1908,i,2967070589054652593,6645687587065335326,131072 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 --field-trial-handle=1908,i,2967070589054652593,6645687587065335326,131072 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4380 --field-trial-handle=1908,i,2967070589054652593,6645687587065335326,131072 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4292 --field-trial-handle=1908,i,2967070589054652593,6645687587065335326,131072 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1908,i,2967070589054652593,6645687587065335326,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1908,i,2967070589054652593,6645687587065335326,131072 /prefetch:8
  2⤵
  PID:1216

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
2f7b965eb174094a36d08806e233aec2

SHA1
35ff36ceadf9d6cb05303e3f3df5ac761ee87d89

SHA256
f6af4a5fe1670a7ad59081aea11bacffe00e7a57715536822a7ab7a76af8ae13

SHA512
2ffda838ecaa2228b7a8d24f3b9e3f89f5da17f1335a978bfc2759c725c2b9897ef78897e7b3806a7577282357895320b3e7d2f4f0e83ae9196d51e5427b8536

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
db1f8c7a67f71b7f82c3dcf57c8b15db

SHA1
e91afbce153437cc01e5bab554b4083b0504eb85

SHA256
a5f10a299c59f4b00545a5a1c534a0fe917290a9d25840b86cc9047bcd08fa95

SHA512
ea4641bd0779cce5ad92ee3e43a689e299bc34dd0a5dbab9f062237780775a933a4ce457070e98f0bf1da32fa84753c0a3ae5f42511fb5957a05e28521f1812f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2f7d40bc04fc49bff02cdbbd1da6a38c

SHA1
1e5f8ea3266f0e5cf51745f5297804528d82ad4a

SHA256
8e989497ae71ed193a2cd3e846d350c740d2b5d3b567b47178c25dd8f6fe801e

SHA512
570aaf289a99cdb4d28853f986ab77545ced747d2ce51b1fe134ba61a054f42dce43391545fb0495cc9b21f64a13afd2713a556a5f3888a22ed8b7da195dba97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
13badd027c84ae7cbd9ba6958f0c93af

SHA1
ca6dc48c72b425d5585089baa363cd0b8b432e70

SHA256
545a55cfeceba6472cf1bcc68382ce06c3dfaef877439b70c215eb363dcc7370

SHA512
36dbadb22d8514819fc693feb1ce51271a229b5d350e46d08f0d5f77bb2c2ba0871030fae5271e8563a76f9bd46a8fdbc97b8c012bc77e3d92db33357002211d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
d6064fb6cfbc195f1ad995e18ce9b892

SHA1
cc85c25ca7afd3c5f76b848eb8ddd6fa91487abc

SHA256
169c746bad1377307f36458d72fb9240b566133134f79b379d39ab1f690ace18

SHA512
e95970f3cc93d6de422ba10526ad0f6118780ec12e5d6ee98b0a6ce7dcb2f232159b972e71c41333fd432fdc929d7d9ce04523cb4e626bebe1c45f53c85478c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
7697c4abdd6a1846c3a48eeee56f5432

SHA1
3b10e950269bfca5f71595619bea486286a061e1

SHA256
847e5059ec740a06e07b2cea53c09086b4477dea37a985e7046f1c97a061c3c0

SHA512
638ca79795ed55898a74252296da47c8acd5c18d4d9c775bad42a4309c255a1d6585ed6815f090d361d9c804050906742180a0ac3de0de6c6efafedac328b8c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57df44.TMP

Filesize
88KB

MD5
0267b3b4d8c306be4700b69b462693ee

SHA1
223e6bbdc3fa930884091ce23e088bc58b911846

SHA256
f5aa88055a805dd302837a54f5674c898ec22c2c2a541b2068d10186e4bf5611

SHA512
7c0b30ecead8722847e6146758f017d8909ded6b4e5fc1fd0090896099e4a581af3ee1d7562db75499bf1d96a7033cae4104a83a148b6543926878f89e9c1cd8

Download Submit