hxxp://navify[.]com

Analysis

max time kernel
600s
max time network
495s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
02/11/2023, 17:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://navify.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133434207240387276"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3992	chrome.exe
3992	chrome.exe
1492	chrome.exe
1492	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3992 wrote to memory of 1572	3992	chrome.exe	71
PID 3992 wrote to memory of 1572	3992	chrome.exe	71
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 1012	3992	chrome.exe	74
PID 3992 wrote to memory of 5036	3992	chrome.exe	73
PID 3992 wrote to memory of 5036	3992	chrome.exe	73
PID 3992 wrote to memory of 4904	3992	chrome.exe	75
PID 3992 wrote to memory of 4904	3992	chrome.exe	75
PID 3992 wrote to memory of 4904	3992	chrome.exe	75
PID 3992 wrote to memory of 4904	3992	chrome.exe	75
PID 3992 wrote to memory of 4904	3992	chrome.exe	75
PID 3992 wrote to memory of 4904	3992	chrome.exe	75
PID 3992 wrote to memory of 4904	3992	chrome.exe	75
PID 3992 wrote to memory of 4904	3992	chrome.exe	75
PID 3992 wrote to memory of 4904	3992	chrome.exe	75
PID 3992 wrote to memory of 4904	3992	chrome.exe	75
PID 3992 wrote to memory of 4904	3992	chrome.exe	75
PID 3992 wrote to memory of 4904	3992	chrome.exe	75
PID 3992 wrote to memory of 4904	3992	chrome.exe	75
PID 3992 wrote to memory of 4904	3992	chrome.exe	75
PID 3992 wrote to memory of 4904	3992	chrome.exe	75
PID 3992 wrote to memory of 4904	3992	chrome.exe	75
PID 3992 wrote to memory of 4904	3992	chrome.exe	75
PID 3992 wrote to memory of 4904	3992	chrome.exe	75
PID 3992 wrote to memory of 4904	3992	chrome.exe	75
PID 3992 wrote to memory of 4904	3992	chrome.exe	75
PID 3992 wrote to memory of 4904	3992	chrome.exe	75
PID 3992 wrote to memory of 4904	3992	chrome.exe	75

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://navify.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffcb4d9758,0x7fffcb4d9768,0x7fffcb4d9778
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1824,i,9591302977748429898,17205205234794623634,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1824,i,9591302977748429898,17205205234794623634,131072 /prefetch:2
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2060 --field-trial-handle=1824,i,9591302977748429898,17205205234794623634,131072 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2784 --field-trial-handle=1824,i,9591302977748429898,17205205234794623634,131072 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2660 --field-trial-handle=1824,i,9591302977748429898,17205205234794623634,131072 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4452 --field-trial-handle=1824,i,9591302977748429898,17205205234794623634,131072 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1824,i,9591302977748429898,17205205234794623634,131072 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1824,i,9591302977748429898,17205205234794623634,131072 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1824,i,9591302977748429898,17205205234794623634,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1492

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
ba29f20addf0117490024b8c853cf708

SHA1
159c53dc058358e5f8711f5cbbcc4b7046b9563a

SHA256
f484e63ddc9e35256f4f5cb75c783c150c1ba9ca945873a38f176d643f981dc2

SHA512
6e123d1ca2497584f721ad7119f4284fddc707872f0b0b1b7fe2617180a5a41d0d53ee53f9b29bb6448d150bf789d6a9fa030c6bb6437eb1d61a36ed654cb36e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ed2129892d4279ddb3677fe64ede8c2d

SHA1
f1bfea12b6b3d85c7df5707d383ba8ad6d84a8ab

SHA256
bd8ca3ede214c786dff556740389f64fa2edb4059702fee4b3d6ed98318d313f

SHA512
3a37fec14f91a3ba1561cea66f0232f353bd283ac49ee2220776f41ab74ac8ebe2177f5cc9feac421a8f5f0d33ab0e5cefd389e7fc7a5f361ca75f769429758a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c8aff0a5abd3074ccdb0616ae43fcf0f

SHA1
55521be6dc4db4257810c7cb6a5b3f9d02d64799

SHA256
384ab5f6ca508d79e946307c76a5e6ee30fd0e87910fe12d28ec6c333388d62c

SHA512
50db55d0da388174c65efc0c8043b0106d25abd40e4be959d073e22047cd6e96ee47b9c31d7abe1088e2641e910722f85295e62f02bb28649317a996aa1d03ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d08e3aa57c07912c1d3a63ada317ae67

SHA1
2130dcc76490b5601726f608aa873de8eb74eb15

SHA256
7d5efb401f4df04713c3747fa1d316963ff40e20f3333ee6bcbeac393222c961

SHA512
ad62f8c53b96cf1283406164c1020c384c110395c8b8d969253b3bd0a548496c55138573ff6bb67192ffcbf602b330ad1289874d378aaa6bef95efb412e6481b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cbb735fc81ca8c2b0ce21c7e35a5cc94

SHA1
edafc284bf6aa0d5b3bae25d4914171acb9139af

SHA256
0ea64f94c8490df3d0565d614f91c27f97d222686f2410c42df62f881921efe8

SHA512
210bcc9c3b05953cc0aca22f8a36b5f8b61247a06976015c76343bfb1db521ae43a2ebd3995cc000dcb012ea2541c8d3f07837bcd9251b2f731e99356abebd34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fd6d82d33ad80ada438fdb6f872f8d58

SHA1
363150f0d2f3088c2063360d75485a63356eca62

SHA256
9f0a77870e4ae9d61dfd37bef30313125aec1b46a94af06f5c620e4bd370573c

SHA512
ae51d5395347eabf2eb55173a7a2e9f21d64ac92e79ba044ba53f9af143c8c742b3d165e9b64e40712a19794134553ac9eef41423d9b91e2dd01eceb0aaaa84d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4e2d8135661d00be5e0aae1f57d12c78

SHA1
25aee0a01b129aa55bbfad31f4c8a5e93a1165e4

SHA256
90bddd897afa81c98708a96398cdf76d65e106e4abdb99976575210b4563812c

SHA512
92d8217bf9ba0510505f86ccfa882591d6c007555afc46ed793d11894ca582f32d5735254d6ba872671884bb4609771ba28a5c8a00bdd2df0894b7ff5ac6355f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
106KB

MD5
80482425d43139cb4bc6c178d4f7bff7

SHA1
5a44db4cc1cde114a5b0a6b10c648007281d4f19

SHA256
c90682861cf898b8e6c6f70f032cecfd142630694cb6b7b60f4f5e12cfec1653

SHA512
a17e5d0bc3681e372bb07252caf875130a9ef86b83e1433a60692e50c60fdbc8cf35ed0e55e70604e8001334c74f0251daf311b1729de7e29b827db9205d9496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit