hxxps://dfrfgre[.]page[.]link/naxz

Analysis

max time kernel
210s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2023 06:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dfrfgre.page.link/naxz

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133368150061904960"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2628	chrome.exe
2628	chrome.exe
1320	chrome.exe
1320	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeCreatePagefilePrivilege	2628	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2628 wrote to memory of 2428	2628	chrome.exe	80
PID 2628 wrote to memory of 2428	2628	chrome.exe	80
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 4952	2628	chrome.exe	85
PID 2628 wrote to memory of 3436	2628	chrome.exe	83
PID 2628 wrote to memory of 3436	2628	chrome.exe	83
PID 2628 wrote to memory of 4100	2628	chrome.exe	84
PID 2628 wrote to memory of 4100	2628	chrome.exe	84
PID 2628 wrote to memory of 4100	2628	chrome.exe	84
PID 2628 wrote to memory of 4100	2628	chrome.exe	84
PID 2628 wrote to memory of 4100	2628	chrome.exe	84
PID 2628 wrote to memory of 4100	2628	chrome.exe	84
PID 2628 wrote to memory of 4100	2628	chrome.exe	84
PID 2628 wrote to memory of 4100	2628	chrome.exe	84
PID 2628 wrote to memory of 4100	2628	chrome.exe	84
PID 2628 wrote to memory of 4100	2628	chrome.exe	84
PID 2628 wrote to memory of 4100	2628	chrome.exe	84
PID 2628 wrote to memory of 4100	2628	chrome.exe	84
PID 2628 wrote to memory of 4100	2628	chrome.exe	84
PID 2628 wrote to memory of 4100	2628	chrome.exe	84
PID 2628 wrote to memory of 4100	2628	chrome.exe	84
PID 2628 wrote to memory of 4100	2628	chrome.exe	84
PID 2628 wrote to memory of 4100	2628	chrome.exe	84
PID 2628 wrote to memory of 4100	2628	chrome.exe	84
PID 2628 wrote to memory of 4100	2628	chrome.exe	84
PID 2628 wrote to memory of 4100	2628	chrome.exe	84
PID 2628 wrote to memory of 4100	2628	chrome.exe	84
PID 2628 wrote to memory of 4100	2628	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffacdb19758,0x7ffacdb19768,0x7ffacdb19778
1⤵
PID:2428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dfrfgre.page.link/naxz
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 --field-trial-handle=1648,i,16365617204677044204,11691732095323587838,131072 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1648,i,16365617204677044204,11691732095323587838,131072 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1648,i,16365617204677044204,11691732095323587838,131072 /prefetch:2
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1648,i,16365617204677044204,11691732095323587838,131072 /prefetch:1
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1648,i,16365617204677044204,11691732095323587838,131072 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4812 --field-trial-handle=1648,i,16365617204677044204,11691732095323587838,131072 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1648,i,16365617204677044204,11691732095323587838,131072 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1648,i,16365617204677044204,11691732095323587838,131072 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1648,i,16365617204677044204,11691732095323587838,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1320

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
479d1fc40945218a92259165c68e6f02

SHA1
eda038973ebdcfd09817d6756d28642ef7de224b

SHA256
aead2f4ab7eb0e9d133526234724e7befeafbdc7f540ac131b8be135968b0741

SHA512
2adeb9ade4b77c9ee54f155064968e05e6c8f098c704ff53d6f533289de94ed5f85f0eb7e7fcb87682e1a3608ecec34cf67c2ffa1b86bb64890a585b6edd7cba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
bc1469308f9a4bb1dba01d6d1f7d3b4a

SHA1
f40ac30e7a9036d3a581c7653f21de30ff59f13d

SHA256
92481748b83bed5d1e7b07721fb81a1f3be88794f20bab8908c00bf8f62b2a7c

SHA512
998f54b3031d087c98f81680b9b949146e3923781fabc6f04fb51bdbbe23c8a1bc62e297d4eac5c81701d344401673d807cfdb8daa1bdb4d77caaddedea0992a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
568a0e8eae73844fd2f801ad8b328a8e

SHA1
b83c56a33753f94f698e27b3608d1849ffeac7f4

SHA256
476561db89f2305514eb5741ae57dc7aeef7d4f4bcf9205dbae546e0988b989a

SHA512
d83c8d27708ae5471a03bc25e5c5bc4543be0d1ec79df1d2b8efff7d3006c1773fb204aa1d21261beb1131cb63ed2f084b29492234fd518234c12646f31bc8ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0bce9e493545d910ac9f2ce970efb2c8

SHA1
8ee82cde4d3a30be0c58367084bcd9f7bc65f81c

SHA256
c1f9ec967354d7b7fb3c626353394363f4a828154a238f8ba238755bdc0d4f7c

SHA512
a3c3df1116ba27e3f65bca6d280eaf10494468c882d2e9eaa5547dbb5b71e8ea45c87b1bc5ff983c12e9df721ec851af310b98f174110b9e6bf69e1c8eef461b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
63b971d21223f68394a9f7b3663ef6a0

SHA1
7383fecb78b66a7342f8cce7e413997cd4faacad

SHA256
17b739bd88cca4417c2ed148afbe2e02643167996bbda57c38fe9b3e2ffbc394

SHA512
716cc3b3e76ac542a8479322de32abc662543abea879e001ffbb6bb0b1aee9a72c204f50985bcc416a91bbdcdb79c2d2f58487bc708f74425e8bd9d43a462067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit