hxxps://www[.]redesigndaily[.]com/home-design/4-ways-of-using-wood-

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
08/08/2023, 17:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.redesigndaily.com/home-design/4-ways-of-using-wood-

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133359911900752825"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2948	chrome.exe
2948	chrome.exe
4892	chrome.exe
4892	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2948	chrome.exe
2948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 800	2948	chrome.exe	83
PID 2948 wrote to memory of 800	2948	chrome.exe	83
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 3248	2948	chrome.exe	85
PID 2948 wrote to memory of 920	2948	chrome.exe	87
PID 2948 wrote to memory of 920	2948	chrome.exe	87
PID 2948 wrote to memory of 4860	2948	chrome.exe	86
PID 2948 wrote to memory of 4860	2948	chrome.exe	86
PID 2948 wrote to memory of 4860	2948	chrome.exe	86
PID 2948 wrote to memory of 4860	2948	chrome.exe	86
PID 2948 wrote to memory of 4860	2948	chrome.exe	86
PID 2948 wrote to memory of 4860	2948	chrome.exe	86
PID 2948 wrote to memory of 4860	2948	chrome.exe	86
PID 2948 wrote to memory of 4860	2948	chrome.exe	86
PID 2948 wrote to memory of 4860	2948	chrome.exe	86
PID 2948 wrote to memory of 4860	2948	chrome.exe	86
PID 2948 wrote to memory of 4860	2948	chrome.exe	86
PID 2948 wrote to memory of 4860	2948	chrome.exe	86
PID 2948 wrote to memory of 4860	2948	chrome.exe	86
PID 2948 wrote to memory of 4860	2948	chrome.exe	86
PID 2948 wrote to memory of 4860	2948	chrome.exe	86
PID 2948 wrote to memory of 4860	2948	chrome.exe	86
PID 2948 wrote to memory of 4860	2948	chrome.exe	86
PID 2948 wrote to memory of 4860	2948	chrome.exe	86
PID 2948 wrote to memory of 4860	2948	chrome.exe	86
PID 2948 wrote to memory of 4860	2948	chrome.exe	86
PID 2948 wrote to memory of 4860	2948	chrome.exe	86
PID 2948 wrote to memory of 4860	2948	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.redesigndaily.com/home-design/4-ways-of-using-wood-
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcff39758,0x7ffdcff39768,0x7ffdcff39778
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1868,i,16672699452847736864,6193878685721934550,131072 /prefetch:2
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1868,i,16672699452847736864,6193878685721934550,131072 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1868,i,16672699452847736864,6193878685721934550,131072 /prefetch:8
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1868,i,16672699452847736864,6193878685721934550,131072 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1868,i,16672699452847736864,6193878685721934550,131072 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1868,i,16672699452847736864,6193878685721934550,131072 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 --field-trial-handle=1868,i,16672699452847736864,6193878685721934550,131072 /prefetch:8
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3772 --field-trial-handle=1868,i,16672699452847736864,6193878685721934550,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4892

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
f0e2d6867f6419f3a097a0c87b6004cb

SHA1
0e44c961320ec7ddacdb4d54907dba9f0f062667

SHA256
e000f5485fd3360819f26250646fcc41cf5e7ccac547ab05b9d7f3762bb2fb9d

SHA512
67e01b635fa1645f203984a54792aaed6a876040fc0d3058c160f45de3ba509cc7595a8eec781a1bb92f4336889c54b45ff6bf2c7895a9213648188da2e49a62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a9d22e2a37e026b40b609e6a2d094045

SHA1
ededd1d3698474e7014764738a7b86bad8d783be

SHA256
3fbaf7da0bbf3a3a47bcb90ce94302506e081e5483aab5ee6c1478de5c8f761d

SHA512
2c70c70cb302acbade3f3b241a7a12732a6a8bc139c293fc610e3203be34aa03a1624c398d4360927c99226255b04b07553d97af713ad94ecd55246ea2a199c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2e9074f235dd0c67e203bc86cb081514

SHA1
0e456ef6465e9a2912ab2fecdf3b01b5aae03d35

SHA256
36b506b0eacfae35da339f6435de4e07c3a4bae38867cdd0582055cc8627f829

SHA512
b10349eb7a6cc215831d2e316707443932da74ae04a4148a6ae5de8642f5be91ffba25ab787e2303a163baabc9c6466d23a9d07ae85f762fd72794f832e9f5c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
2369e039279d6548e3e1671fa3fceec9

SHA1
ed08ac82c76b5b5900902a4d6f0e99395983a2d3

SHA256
f87ce7e829bd86b31d8894c69788634f21c47e0c6f9a4c5894e08596c93a4cc0

SHA512
f81e87a0f4563c3dca181d7d193649050af446a1312caddebd6b051499ce41dc7a366d20411a682f9967da8b96f982afdff03311ca46906a4bed7b9387ff1e8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit