Analysis Overview
Threat Level: Known bad
The file https://dreamrentalsbyowner.com/ was found to be: Known bad.
Malicious Activity Summary
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-08-25 03:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-08-25 03:46
Reported
2023-08-25 03:56
Platform
win10v2004-20230703-en
Max time kernel
599s
Max time network
530s
Command Line
Signatures
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133374088161799556" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dreamrentalsbyowner.com/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7db69758,0x7ffa7db69768,0x7ffa7db69778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1896,i,16315915213632021971,2667465914155501670,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1896,i,16315915213632021971,2667465914155501670,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1896,i,16315915213632021971,2667465914155501670,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3176 --field-trial-handle=1896,i,16315915213632021971,2667465914155501670,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=1896,i,16315915213632021971,2667465914155501670,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1896,i,16315915213632021971,2667465914155501670,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1896,i,16315915213632021971,2667465914155501670,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5272 --field-trial-handle=1896,i,16315915213632021971,2667465914155501670,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1896,i,16315915213632021971,2667465914155501670,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=1896,i,16315915213632021971,2667465914155501670,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1896,i,16315915213632021971,2667465914155501670,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 --field-trial-handle=1896,i,16315915213632021971,2667465914155501670,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dreamrentalsbyowner.com | udp |
| US | 185.160.67.68:443 | dreamrentalsbyowner.com | tcp |
| US | 8.8.8.8:53 | 138.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.67.160.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 185.160.67.68:443 | dreamrentalsbyowner.com | tcp |
| US | 8.8.8.8:53 | fatesc.com | udp |
| US | 67.223.118.104:443 | fatesc.com | tcp |
| US | 8.8.8.8:53 | 104.118.223.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.251.36.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 67.223.118.104:443 | fatesc.com | tcp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 67.223.118.104:443 | fatesc.com | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.173.189.20.in-addr.arpa | udp |
| US | 67.223.118.104:443 | fatesc.com | tcp |
| US | 67.223.118.104:443 | fatesc.com | tcp |
Files
\??\pipe\crashpad_4252_UOLFQLYTQXAFDHOZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 82c1aeb94cbad8c1a3e718f0839bc628 |
| SHA1 | 7950ba3969136214a57f6ea2e2d2eab5fafaa306 |
| SHA256 | 7c2ec3bca53a3bcf2808a63925e287bb29ce24d0affa20781f86367d487d0c89 |
| SHA512 | 3d768436eb397dd7d425d0dd76c7434ad1abca8242258313d951d0bbac7e9010fe9475375e7ebe96d816d9a9ca0f7caa54416fc37d0b2bf55e903f4cecd673bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 13d25e018050b6d9e23d902f7b51876c |
| SHA1 | c8860f7bd4ef9cfde34f26523bf6c63a11e5968a |
| SHA256 | bce48017102e6c17988d9fe2fa5cbee8f05aa638fc7c0a8847e34df438798821 |
| SHA512 | 5dd7884c795a6e7213f3f374b54ee8b8ddf1927ef235435020cf465b04ec2eb4f1eac3168080c5c0ae22e3a2b657ee31f3fcbf7cb24679f3730bbc54d7b21899 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 86fae23ceca08177144ed5f0e5715ef5 |
| SHA1 | 7206263253b825c3eab168f5b2c69cdc1eb0fcf7 |
| SHA256 | d287e3083137b95d9c5086b202eb56f99d71a66e154b8769d9c1af5d3dbc3178 |
| SHA512 | 8af762bcbf7dff073b6d62352c9773eae1082db2f6dcc284c4e9aa6f0b6d38f316e720d08dad0a0943ec10e93a4707384ad1cac216a13db8f8c70d7ed0de9d6d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e92b4e6c6884fa9ec0f86a5d557f87c3 |
| SHA1 | 484dd4fc2bdab47c50bf41e8d45e849682a2fc83 |
| SHA256 | 79e947836845d6c15270624a0ceaf238d53ce62c430dbd360c947946f76a0e23 |
| SHA512 | cad896e03771ae5b2ce2978e751cf6a9461d3b61578376b52871ad49989b8dd71a9b64d1811c25f38b5033949bb35f993c406613ee42d1b71f79a47c7bb2f305 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2e2592be89b76860f82371f65607e5ee |
| SHA1 | 148e11cae0c9c4e6b7d5f9f657fa453a600de01b |
| SHA256 | b4814dbb28b384d990dd4e63e2f4da0f1b2048865f08ac416f134d66cf56d540 |
| SHA512 | 38d6f6ca786ed20c64023a7bd1c5c65ebb22af9d71c77c134df699e1b84a73104896a19d15a847bd2e55dc39bc80377592f58671b22bdad412f210c3e74b4128 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 43661c320027a32d4d2807e00e5e935e |
| SHA1 | 0d3b05e9168440190d65a2d93c8dfdfd90f36506 |
| SHA256 | 1b2ef33423ad919d1481af1777965f031ba69273115e28296139fa721aaf6a2b |
| SHA512 | 927ad226fd92abbad63db1e26a7bf8450b945527e4660eec59104e1b4c888bd8a43071e0cfad98a026db0ce430d5bc3398cffa0f1208be1b45a6ffcef6f6dbfc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | e11e01eb58c367961b008c4f66e53f27 |
| SHA1 | 8def2763a6e327deb6c9fab85d41b4de9a7fa289 |
| SHA256 | b46560899012e64017cc02d9188fda54b6dedc5c1028af4a3319cd5df2667d8a |
| SHA512 | bc9aed35b8d2b09c0d4c84b1b52394fd89dcdd74c6250f5aeedaa44149a3121344fc0ad0e6ae6fdd7ce3363d9b8208711dbfda6f36e15b44134484399eb371c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582e7d.TMP
| MD5 | e1b36c61ff655a800c8a396123b1dada |
| SHA1 | ac3d6d6af110526c6960fa76dd8df9a3a7f7c62a |
| SHA256 | cf099c85965ebd04324fbd782857f128be5b1c2777ff88fa1e16af28669aba0b |
| SHA512 | e9ad85fd8e8e1d52b8ce79054c58dcdfacfc03a9a9cd1def8e21e3a223b35de60bfa078a5ee5c6fc1ad2e35cd32e01d71a918eb3d7bfbab0dccf1d78bdda032e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 046738c01fda620c130fa09532e9db7c |
| SHA1 | 950d995258315ed7a56cbe00b3ba0b2b06383f69 |
| SHA256 | cf31717ed691ffbfa6f16832326da0b50eeaf79a806754adffb5ccec8bdd1414 |
| SHA512 | 6e023d30da012c0c8df960260636b78f72f1ab4a642db72867a565727d18a0afe5fb29b6e99facbc4e816dee010f695bebc5c6ae3db4e58f6866ed1e749ce185 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | bfade1e8aab94c6397221e73a6865612 |
| SHA1 | 951cc2b348e11708bfe2eeab9b61d3289de162ca |
| SHA256 | 4839a10720972a8f102fce1cacc5cb3a9c2ac2daaf3e4136c616acc50ce488d6 |
| SHA512 | a60d9ffe9286066c487afc35d542c41e33d20982807b8afabf157bd89f2bbdd7d431071814f56090761245270c0987d8187e3392365cb3a139de0f03843bae82 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1eb4873bc4897398b5eca60daed6b1eb |
| SHA1 | b213a5d96825b866b4e7af1f5d33c3c8abbc4cd1 |
| SHA256 | aaf2480d3e9f83df8de805166fdde4ce815ca23cfae6e6e5b2cbe1a03bf74a05 |
| SHA512 | 0d2c81999e629dab8cb4352449bea7bdf3ab4810d9f8fee5868de0074abe57cab255bb139ff47f0c600e34ba102940cf304d85b7e1ca836f0a405fdab58b89d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 647e7b9ffe98698d8700216c05f03b41 |
| SHA1 | ec25df4d132952cacf37632ff7354d0caffde423 |
| SHA256 | 8eceb8039a5822381d7d3c12464d2645b4f980bb570d2e7ba90de678a7a7cfa2 |
| SHA512 | 292d4bcf2601a138a63a174739d30af1792850758ea3902c8ad3e2e0ea3feb5c2b0f73be0dbe85215d5a0839cf4159ea6ad38f91af7562c1fa5332f36fa21a25 |