hxxp://vdrsizesuggestion[.]com/

Analysis

max time kernel
136s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
12/04/2023, 10:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://vdrsizesuggestion.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133257764968342550"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3332	chrome.exe
3332	chrome.exe
4624	chrome.exe
4624	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3332	chrome.exe
3332	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3332 wrote to memory of 688	3332	chrome.exe	84
PID 3332 wrote to memory of 688	3332	chrome.exe	84
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4788	3332	chrome.exe	85
PID 3332 wrote to memory of 4784	3332	chrome.exe	86
PID 3332 wrote to memory of 4784	3332	chrome.exe	86
PID 3332 wrote to memory of 1084	3332	chrome.exe	87
PID 3332 wrote to memory of 1084	3332	chrome.exe	87
PID 3332 wrote to memory of 1084	3332	chrome.exe	87
PID 3332 wrote to memory of 1084	3332	chrome.exe	87
PID 3332 wrote to memory of 1084	3332	chrome.exe	87
PID 3332 wrote to memory of 1084	3332	chrome.exe	87
PID 3332 wrote to memory of 1084	3332	chrome.exe	87
PID 3332 wrote to memory of 1084	3332	chrome.exe	87
PID 3332 wrote to memory of 1084	3332	chrome.exe	87
PID 3332 wrote to memory of 1084	3332	chrome.exe	87
PID 3332 wrote to memory of 1084	3332	chrome.exe	87
PID 3332 wrote to memory of 1084	3332	chrome.exe	87
PID 3332 wrote to memory of 1084	3332	chrome.exe	87
PID 3332 wrote to memory of 1084	3332	chrome.exe	87
PID 3332 wrote to memory of 1084	3332	chrome.exe	87
PID 3332 wrote to memory of 1084	3332	chrome.exe	87
PID 3332 wrote to memory of 1084	3332	chrome.exe	87
PID 3332 wrote to memory of 1084	3332	chrome.exe	87
PID 3332 wrote to memory of 1084	3332	chrome.exe	87
PID 3332 wrote to memory of 1084	3332	chrome.exe	87
PID 3332 wrote to memory of 1084	3332	chrome.exe	87
PID 3332 wrote to memory of 1084	3332	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://vdrsizesuggestion.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa27f39758,0x7ffa27f39768,0x7ffa27f39778
  2⤵
  PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1864,i,16412243038420105516,15935824786232701614,131072 /prefetch:2
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1864,i,16412243038420105516,15935824786232701614,131072 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1864,i,16412243038420105516,15935824786232701614,131072 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1864,i,16412243038420105516,15935824786232701614,131072 /prefetch:1
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1864,i,16412243038420105516,15935824786232701614,131072 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1864,i,16412243038420105516,15935824786232701614,131072 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4920 --field-trial-handle=1864,i,16412243038420105516,15935824786232701614,131072 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1864,i,16412243038420105516,15935824786232701614,131072 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1864,i,16412243038420105516,15935824786232701614,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3948

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c608f729ee13ef6dec44712618fccbc0

SHA1
af49146f17795bdc3d82c07714ca4bb3648dc72a

SHA256
692845a7b74475d51f63c03bc0dec888b531ea2d4d61a26de7c1036512490a7d

SHA512
95df60637079d3dafba7cf257940f7fcbe691b839775f935e1ab6088c0e10142f4b4116f0e1cb1262e7b5efbbcfcb12623a35130ae7bdcc708c7dfc27ae68a5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3b68abf08a8e4e72ed56e608e091c7b6

SHA1
68805475092afb2371b54de618efb67bfc3ae463

SHA256
62815a1bf154207fd50bc7e3f47add275a28135cfa05e7685d5f35901a3a7a7d

SHA512
0cd38110495a10c800d561b0ca74399ce75402f52ea7ec6062e5f4a77fa8437e049acaa724ae8c5a860aeae7440ca04133a25b8fc06889fdc675cbd11ff9dcba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
099dc38ef19675abdad62deda4ca6e03

SHA1
e40b67fb9a9b4c9f41f45db2f973edf677f0e3f5

SHA256
026e3d98c7c7f23230fba339d51a98aaa8052d6d40e2ea25e565a4d14b6c0770

SHA512
8a4dd92e1381f30547ad3263d0e0ca68b8211cab75b8c00b5bea321102d4fffcd1ae93294e7773460e49d7caad542c6833d1d1d43267c196f403450e8cce6555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4622b30b4ec07d3b21c3b815f63bf3e9

SHA1
1a39e0ed3bd87581ff8d42c56aed5f3e3a4489ee

SHA256
d4de4c02a0b2616a3c3008ee5f45444dda01761a569f9455e9099e6cdec594d4

SHA512
903b08bf496d2b28929633346fc5cfde4e95ee456774fca1cd629723c1686cce5185b2f5e8dd7dd056906d2bc5aba53189d20e345d19541e9c670cd6c9645460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
276c07ee31266fc9c9b8381454a000d1

SHA1
6eea718ad25124e7b91d10cc4900e08e6d9d4bc1

SHA256
42b4541ef579ee63885a2cfd064beadb94e5cfcfafa45daa79d131f6ab87f728

SHA512
e6629c5f9d3edf243e6d77956812a1a1a44b61bd7696421fc2b2e5b0c6e297bf3c22b789bd5ebdfec9a2e09e1a835b9bf54c4dbbddb11a90fe393d10f5e37e7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
80d56c4bd71d43ef46d8e458eb7398ee

SHA1
e9f83c234493a63f90ee1f95a4afc8c19a265e1f

SHA256
fae260a56b7bb573420637b23a12b5aed4087a904a0a2b4390d2195e4e378506

SHA512
c71a65b584816a0d73565c37e68c330df0a3e4ae40116d83d1244e9335c66238a4a2c5d975fe9f1bb90a236fec256e839628c0ed922ebdff897d0ec92db85dd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
2f559d28f0db653d5fed460e9b752b20

SHA1
082b04ad0e25378f4df9fcfcca4ba02e17fcffae

SHA256
be85c8edb7b7040950bf1d0b374748899c1463eacaf2139121fcac2d48b9ee8a

SHA512
fe62ef67fd2878b16f1358961e6683942e91982018580d2de7ed7c43beadabd726cb8d04bc91011ec64c75e73116452a1bdcf75dda2f2b83a002924b156cd5b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit