hxxp://DROGARIAGAMAVIDA[.]COM[.]BR

Analysis

max time kernel
161s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 07:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://DROGARIAGAMAVIDA.COM.BR

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133492579686057868"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1744	chrome.exe
1744	chrome.exe
4480	chrome.exe
4480	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1744	chrome.exe
1744	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 3480	1744	chrome.exe	43
PID 1744 wrote to memory of 3480	1744	chrome.exe	43
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 4052	1744	chrome.exe	94
PID 1744 wrote to memory of 2424	1744	chrome.exe	92
PID 1744 wrote to memory of 2424	1744	chrome.exe	92
PID 1744 wrote to memory of 2852	1744	chrome.exe	93
PID 1744 wrote to memory of 2852	1744	chrome.exe	93
PID 1744 wrote to memory of 2852	1744	chrome.exe	93
PID 1744 wrote to memory of 2852	1744	chrome.exe	93
PID 1744 wrote to memory of 2852	1744	chrome.exe	93
PID 1744 wrote to memory of 2852	1744	chrome.exe	93
PID 1744 wrote to memory of 2852	1744	chrome.exe	93
PID 1744 wrote to memory of 2852	1744	chrome.exe	93
PID 1744 wrote to memory of 2852	1744	chrome.exe	93
PID 1744 wrote to memory of 2852	1744	chrome.exe	93
PID 1744 wrote to memory of 2852	1744	chrome.exe	93
PID 1744 wrote to memory of 2852	1744	chrome.exe	93
PID 1744 wrote to memory of 2852	1744	chrome.exe	93
PID 1744 wrote to memory of 2852	1744	chrome.exe	93
PID 1744 wrote to memory of 2852	1744	chrome.exe	93
PID 1744 wrote to memory of 2852	1744	chrome.exe	93
PID 1744 wrote to memory of 2852	1744	chrome.exe	93
PID 1744 wrote to memory of 2852	1744	chrome.exe	93
PID 1744 wrote to memory of 2852	1744	chrome.exe	93
PID 1744 wrote to memory of 2852	1744	chrome.exe	93
PID 1744 wrote to memory of 2852	1744	chrome.exe	93
PID 1744 wrote to memory of 2852	1744	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://DROGARIAGAMAVIDA.COM.BR
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe18509758,0x7ffe18509768,0x7ffe18509778
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=1872,i,7622124510979378744,7051822904706964180,131072 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1232 --field-trial-handle=1872,i,7622124510979378744,7051822904706964180,131072 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1872,i,7622124510979378744,7051822904706964180,131072 /prefetch:2
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1872,i,7622124510979378744,7051822904706964180,131072 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1872,i,7622124510979378744,7051822904706964180,131072 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1872,i,7622124510979378744,7051822904706964180,131072 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1872,i,7622124510979378744,7051822904706964180,131072 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2768 --field-trial-handle=1872,i,7622124510979378744,7051822904706964180,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4480

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
dd28ef9d3962e1e1387a25e0afb82b64

SHA1
7b8952c166d911f3f9b17740956c68d6a4d24d86

SHA256
6946972719ff0f043fac3d961a1faeb7c02a36745cbe903aee66e68b03b6dc36

SHA512
0acf9ad6e1487207b478c7b99c5e29c97a2cc5ddd9fd53cf198c34418ae86d36c7a10edeb63509598c25b96712bd8f9b1135cfd831f2dae065db8f9c21806103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9a89196bfe41ffc3f2c10513ac6065db

SHA1
db12249215e880db321eb3aeeaa824de9ca833ed

SHA256
e0b8ade153fd6ac34b0ab60917602a38bb0e220284b15be9babf8c76bac4a75b

SHA512
29b7142d3be41585195bb92a1c657749cbffdaa4a084f8b028cbd0f46083f5dcb849bcfc651cd9fd12f5e0923d0003ad9a29c558e6eb4b2c97b634774486a4e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
03fe27eda0254172f45d2d6211124c5e

SHA1
85876070ec817edcd48facc80d2acb46d9599780

SHA256
c2e889d4e23e68b41ebb8be1f6d4398561f4fb9302629554b89ec9701ba1ea64

SHA512
31cb44a747803fc03739efe3de9a45d9d12bbb06cb009a0319da00b82e42f208233e18637f008a61b7d32bdf5fcc51dbdff85299346be576602ced6178c31181

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e5740b5aa4308c3532be3d9c5dbca2fa

SHA1
9f16d7d426dea84acccb0482264dff2a57a19c06

SHA256
17b76f958c12d98133b88e8d84a11e599ddc00010904b662c5d588a9146805fd

SHA512
f4a58fde839d1db0491db32c2540b81560774d03da9760ac94a4dd461e432a5c4c9516d29370d8d892f2057a34ff824457d77d6f92b4ffcefb0ca8f7601f2dde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e59da4b39f49ef69de50bba52f3ec66e

SHA1
8c2332cb9a71d797cb4fd206d0e155447331b6d2

SHA256
7f3ac927f0caadd73c472d26d0f9fa5c0feb18764e2b12e40f6a142d187d8943

SHA512
e005f5af5e65a17c65705dbaa0251cb52469c7fbe5d68e61b3c00f49b168612d583aac84cf7053af92b041a860787c4b81dd5f478cbd71ad8beaef43451bc95c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6192584c554b495d418ec8566b12317e

SHA1
7d9c207cbe37494452a944b2bb9dce97f6771ea2

SHA256
fa128ec1f198794065ba5e782f7e587c0a7ea4d1eb43e6be86dcc499b54d8a5f

SHA512
bce745d8b2b3d050dd9e5f35278ec35abd99d2baee9f27674daae96d293155670fd77cc94a76bdd18f3409ac8b039ae94618ea8236fec97bf57a0261a02705c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
d472fe291022cae4cdd6007e4938ed3d

SHA1
72154fb8864d93cb80d0f34dcdb5eb338c3f8b04

SHA256
c7388948d767381fdcb49a40fb49dde6a04a3de7c663d07cd19c349893e1e75e

SHA512
806254fd0c2959fd2a72aef51fb3700db0f5fdb031ab421dafc145b9ce9f35bada882c63cb4bbe8d3556d300ff2745f4036708c82170551d39cea07f1b2e2aa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit