hxxps://ivlv[.]me/jiJdS

Resubmissions

23/07/2023, 13:02

230723-p9tkjaeb36 1

23/07/2023, 13:00

230723-p8zedseg4w 1

Analysis

max time kernel
59s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2023, 13:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ivlv.me/jiJdS

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133345908552509201"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4032	chrome.exe
4032	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4032 wrote to memory of 1792	4032	chrome.exe	37
PID 4032 wrote to memory of 1792	4032	chrome.exe	37
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 2144	4032	chrome.exe	87
PID 4032 wrote to memory of 5032	4032	chrome.exe	88
PID 4032 wrote to memory of 5032	4032	chrome.exe	88
PID 4032 wrote to memory of 1444	4032	chrome.exe	89
PID 4032 wrote to memory of 1444	4032	chrome.exe	89
PID 4032 wrote to memory of 1444	4032	chrome.exe	89
PID 4032 wrote to memory of 1444	4032	chrome.exe	89
PID 4032 wrote to memory of 1444	4032	chrome.exe	89
PID 4032 wrote to memory of 1444	4032	chrome.exe	89
PID 4032 wrote to memory of 1444	4032	chrome.exe	89
PID 4032 wrote to memory of 1444	4032	chrome.exe	89
PID 4032 wrote to memory of 1444	4032	chrome.exe	89
PID 4032 wrote to memory of 1444	4032	chrome.exe	89
PID 4032 wrote to memory of 1444	4032	chrome.exe	89
PID 4032 wrote to memory of 1444	4032	chrome.exe	89
PID 4032 wrote to memory of 1444	4032	chrome.exe	89
PID 4032 wrote to memory of 1444	4032	chrome.exe	89
PID 4032 wrote to memory of 1444	4032	chrome.exe	89
PID 4032 wrote to memory of 1444	4032	chrome.exe	89
PID 4032 wrote to memory of 1444	4032	chrome.exe	89
PID 4032 wrote to memory of 1444	4032	chrome.exe	89
PID 4032 wrote to memory of 1444	4032	chrome.exe	89
PID 4032 wrote to memory of 1444	4032	chrome.exe	89
PID 4032 wrote to memory of 1444	4032	chrome.exe	89
PID 4032 wrote to memory of 1444	4032	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ivlv.me/jiJdS
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffca5779758,0x7ffca5779768,0x7ffca5779778
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1840,i,3583264393926107239,13818983649981328715,131072 /prefetch:2
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1840,i,3583264393926107239,13818983649981328715,131072 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1840,i,3583264393926107239,13818983649981328715,131072 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1840,i,3583264393926107239,13818983649981328715,131072 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1840,i,3583264393926107239,13818983649981328715,131072 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4568 --field-trial-handle=1840,i,3583264393926107239,13818983649981328715,131072 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 --field-trial-handle=1840,i,3583264393926107239,13818983649981328715,131072 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1840,i,3583264393926107239,13818983649981328715,131072 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5328 --field-trial-handle=1840,i,3583264393926107239,13818983649981328715,131072 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3956 --field-trial-handle=1840,i,3583264393926107239,13818983649981328715,131072 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1840,i,3583264393926107239,13818983649981328715,131072 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1840,i,3583264393926107239,13818983649981328715,131072 /prefetch:8
  2⤵
  PID:4116

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
415f3c20b31644178f06c86417419446

SHA1
235c686ab8822df990cd5c6ae305207e1bc9e41b

SHA256
01b4cbdbe6f57b7765e1142b61d1f6ee05867b3ed226b49275734b1aaab02987

SHA512
2d8ebf78d6fa40369896b3d8de1748b1bc9d8f553dc29d1ba9281cdd4662325c5a9922a6a73b7e343d0b12fa09868de9e2a700245a736c90807d9824da7e6398

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
1dee8f324ba7b9b3ffb40ba785a6e69d

SHA1
3eeec36b820256604edf8154dba2fc5c3a81928a

SHA256
750dfa9ab79aacb7162e24b25ae552b563eac47eada547dbb089a97a24ec6f38

SHA512
5f9a1bad7b64fb242647fcc3ce4dbea7fa825c13c58041bab5cde3730553bf6703e1a9b7b65f1e4d9ffb34248fd39b3eb057ef335c2a394a260648303e5d15eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c1c790b4f7698d313a49e20d0b13e5c5

SHA1
779cf8f971960670fb15da5a50d303f367e202a1

SHA256
f19c1e1f44b58cf9f20fdbfe8ab1911b163ddddf1ec54275028303fe72a0f93e

SHA512
ec340230d2465cad7ad8c4be805f97a61516e7aa5ad7255241a820592f44fc5e124a593808fae2dffc26ce54ce3c1c72fd4f2b8715d050a8030c30cce9939464

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
7676cbf446d2bb836e195ddf718cd8e5

SHA1
1c8e4b0e42da5363176090bb19f7f9542eecb631

SHA256
b060df7d520ee99f9e380f6e49755f712f023c5f65cbddd6fb8952bede125f87

SHA512
b91cee61fbc2d938034cf45e77aebb781c7344bae15052ac8dc3a48c7dd80b3c9168fdc7f85a875904dfd2a4552ae78e331fdcedb34c99110cc87188a3a8648d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
0b4c25acff9a777e788e07a0ae82add9

SHA1
8c86242e616a6ae0017a6b533fab467e4b63efcc

SHA256
9a87f0db62abfaa854ccb9db3434686163916ca4bc89ffb165417bc69df48c21

SHA512
7370cfbd97e2bd35d345c043c919dd50b440f9dd26022e635d73d69ba8b9e2c1de7d9386546e694601f83f8629eea013c843e31a7ce7a472e813ab4b4570ef60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
532bcf0fc89725f9d68dadb47719cd17

SHA1
e93add6dd499a0a69048c4cd45ca1ebdf6b7b801

SHA256
18aa7a711af6cc71730cfb4224a0aa7f0f1ac8b95f29528a0b6b573d492f21dc

SHA512
dc22405ca4825be5080681499c355abc28b5302374e66bc5b4aeea4d47710f3d17900e4206355947ee6643b2afb8421d17f429d3edad81def605a380c83a605a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit