hxxp://pdf2doconvert[.]com

Resubmissions

10-01-2024 14:25

240110-rrf8lahagq 1

10-01-2024 14:22

240110-rptqxahhd7 1

Analysis

max time kernel
9s
max time network
115s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10-01-2024 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://pdf2doconvert.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 1984	2932	chrome.exe	14
PID 2932 wrote to memory of 1984	2932	chrome.exe	14
PID 2932 wrote to memory of 1984	2932	chrome.exe	14
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2976	2932	chrome.exe	23
PID 2932 wrote to memory of 2860	2932	chrome.exe	22
PID 2932 wrote to memory of 2860	2932	chrome.exe	22
PID 2932 wrote to memory of 2860	2932	chrome.exe	22
PID 2932 wrote to memory of 2292	2932	chrome.exe	21
PID 2932 wrote to memory of 2292	2932	chrome.exe	21
PID 2932 wrote to memory of 2292	2932	chrome.exe	21
PID 2932 wrote to memory of 2292	2932	chrome.exe	21
PID 2932 wrote to memory of 2292	2932	chrome.exe	21
PID 2932 wrote to memory of 2292	2932	chrome.exe	21
PID 2932 wrote to memory of 2292	2932	chrome.exe	21
PID 2932 wrote to memory of 2292	2932	chrome.exe	21
PID 2932 wrote to memory of 2292	2932	chrome.exe	21
PID 2932 wrote to memory of 2292	2932	chrome.exe	21
PID 2932 wrote to memory of 2292	2932	chrome.exe	21
PID 2932 wrote to memory of 2292	2932	chrome.exe	21
PID 2932 wrote to memory of 2292	2932	chrome.exe	21
PID 2932 wrote to memory of 2292	2932	chrome.exe	21
PID 2932 wrote to memory of 2292	2932	chrome.exe	21
PID 2932 wrote to memory of 2292	2932	chrome.exe	21
PID 2932 wrote to memory of 2292	2932	chrome.exe	21
PID 2932 wrote to memory of 2292	2932	chrome.exe	21
PID 2932 wrote to memory of 2292	2932	chrome.exe	21

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7269758,0x7fef7269768,0x7fef7269778
1⤵
PID:1984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://pdf2doconvert.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2060 --field-trial-handle=1468,i,7175735720057808832,7493188099500808394,131072 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2052 --field-trial-handle=1468,i,7175735720057808832,7493188099500808394,131072 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1468,i,7175735720057808832,7493188099500808394,131072 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1324 --field-trial-handle=1468,i,7175735720057808832,7493188099500808394,131072 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1468,i,7175735720057808832,7493188099500808394,131072 /prefetch:2
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1180 --field-trial-handle=1468,i,7175735720057808832,7493188099500808394,131072 /prefetch:2
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3164 --field-trial-handle=1468,i,7175735720057808832,7493188099500808394,131072 /prefetch:1
  2⤵
  PID:488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 --field-trial-handle=1468,i,7175735720057808832,7493188099500808394,131072 /prefetch:8
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2544 --field-trial-handle=1468,i,7175735720057808832,7493188099500808394,131072 /prefetch:1
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1160 --field-trial-handle=1468,i,7175735720057808832,7493188099500808394,131072 /prefetch:1
  2⤵
  PID:540

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
910c97a88f2255288af7d4b60c0daa6b

SHA1
53da8c16fc8356c47d0df74807bc0003b902c474

SHA256
339482fa0e37ff50103821348a6b643f1ac88e0e70fc26686ed76e0675e18ee3

SHA512
de32ac5db91349449aa3f85c80632c9e8bec6c471b72189e20146caed80baa54916811573e980fd41616777777e2507ab6a40586ef445176a282f24ca685c2c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b74e68cf63eaf2a3421b445e565e2214

SHA1
d853890902a3a4a79ef42214730442739377af49

SHA256
8e549370ab11c09d1ad837fee6ce6ab71a87be077da74a99aaced8ab094f0840

SHA512
b8e5b53038364e5f7140d7c41106336f09f0d21e210bfc342d3a82088098656172e2e6d2c4fa5e292cbc640cd740a89806fc97135514401ad2d29bab02e15c99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0773dc72851477cd6c7188ba88cfbf50

SHA1
18c35dc81cedf30feb136f4512b03c53305fa243

SHA256
8afb7cc2b28b0624ae761bcbf29910a6a0869eba0ebcfb7b7011d5d50e2f4bd4

SHA512
259368b07d6b99b8a4357a2305b4c15a3702b0bd48f6f91a27e0aacb4d5bd0622fae7696976418b18ea14967e5ac98f6becfc0410ab73d5e96770898daa96e9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
ee9d34972360ab29473cc5cd7c9a5ec5

SHA1
36dd1d53016c1349bb43da5ba4be62f0385dc784

SHA256
f79c8cc39e2733f5c36c77641a123bf88ae61ff205496d4ad27fdb12b1088b14

SHA512
218646891749658ab0beca4cc8861a1259ecf669f3421a82659fdd8e3d948e8fa001668c3a020bf029f19d2b8296bce0432819e9e79984a626d81f94e46e6bb1

Download Submit