hxxps://aadcdn[.]jdviewasiaprocess[.]site

Analysis

max time kernel
152s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 05:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://aadcdn.jdviewasiaprocess.site

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133546081732910176"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2116	chrome.exe
2116	chrome.exe
3976	chrome.exe
3976	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2116	chrome.exe
2116	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 4664	2116	chrome.exe	95
PID 2116 wrote to memory of 4664	2116	chrome.exe	95
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 1332	2116	chrome.exe	98
PID 2116 wrote to memory of 3748	2116	chrome.exe	99
PID 2116 wrote to memory of 3748	2116	chrome.exe	99
PID 2116 wrote to memory of 4376	2116	chrome.exe	100
PID 2116 wrote to memory of 4376	2116	chrome.exe	100
PID 2116 wrote to memory of 4376	2116	chrome.exe	100
PID 2116 wrote to memory of 4376	2116	chrome.exe	100
PID 2116 wrote to memory of 4376	2116	chrome.exe	100
PID 2116 wrote to memory of 4376	2116	chrome.exe	100
PID 2116 wrote to memory of 4376	2116	chrome.exe	100
PID 2116 wrote to memory of 4376	2116	chrome.exe	100
PID 2116 wrote to memory of 4376	2116	chrome.exe	100
PID 2116 wrote to memory of 4376	2116	chrome.exe	100
PID 2116 wrote to memory of 4376	2116	chrome.exe	100
PID 2116 wrote to memory of 4376	2116	chrome.exe	100
PID 2116 wrote to memory of 4376	2116	chrome.exe	100
PID 2116 wrote to memory of 4376	2116	chrome.exe	100
PID 2116 wrote to memory of 4376	2116	chrome.exe	100
PID 2116 wrote to memory of 4376	2116	chrome.exe	100
PID 2116 wrote to memory of 4376	2116	chrome.exe	100
PID 2116 wrote to memory of 4376	2116	chrome.exe	100
PID 2116 wrote to memory of 4376	2116	chrome.exe	100
PID 2116 wrote to memory of 4376	2116	chrome.exe	100
PID 2116 wrote to memory of 4376	2116	chrome.exe	100
PID 2116 wrote to memory of 4376	2116	chrome.exe	100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://aadcdn.jdviewasiaprocess.site
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff97b949758,0x7ff97b949768,0x7ff97b949778
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1904,i,7036517133338335261,10131346794458422151,131072 /prefetch:2
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1904,i,7036517133338335261,10131346794458422151,131072 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1904,i,7036517133338335261,10131346794458422151,131072 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=1904,i,7036517133338335261,10131346794458422151,131072 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1904,i,7036517133338335261,10131346794458422151,131072 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1904,i,7036517133338335261,10131346794458422151,131072 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1904,i,7036517133338335261,10131346794458422151,131072 /prefetch:8
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=824 --field-trial-handle=1904,i,7036517133338335261,10131346794458422151,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3976

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4388 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
1⤵
PID:5628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
515a526cfdc2aa1f71915659bb1a5328

SHA1
185adeebf249c5cdabac6ddaf9e1908ae86094cd

SHA256
541249c2f011490fce4ae3d2ed8c0d3680f9246b0fda85b8fad79e1227a61d40

SHA512
b17a06b6731638e8e2ae70f915ab57024c6fd15b15939a852225d8cfc2fbe8f9a02d44c7c90057f9bbb0a2e049f08aafa2241624ecbe98ba04128c2cc4a859ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d05864139d01e9a8a7a53372627b9fac

SHA1
0508bb1be2a668f2c795b0a3e0bb44a9f590bc5e

SHA256
0341d62f3990b1733d0bb631418fd02ba2051502da5220512868e6ae816f0ae5

SHA512
1c7216a10f56fcd71346d501e3440e09dd29340a8a623e90ec000f071ee4bf3cd7e130198cd719ff448a756ddeb0f6da639c89d20688ca4975172f7873ea1dd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
501c3fddc28cac568fd365707cc5e119

SHA1
a8127909ad40532da5ffb9b9c6ab1349ae928663

SHA256
d494d406172aa4d50f9aa493ab4d98d0262d1f0a35307966f085993f51851716

SHA512
a5d9979f571dea07722acc38c3df0a024518a325fc4bbbc412c3df646d60f66be55a3baa6296458bdebe264a468a28169fa3566d640b8e07f3c8fb9a31b70872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b30c6ebe2917a7f7495521277db792d6

SHA1
aafaf41b91ea41b1566020cd0a2d696bb184461e

SHA256
1acb11e421c5769f8234e33bb454482da2adc771420e415045caf5e1fdee8116

SHA512
7341be5eb2a03eb323d4ccb263253fd5f17aa8f040402a47de4f697ee610191530a3820dcf00a5f03e5256adf312a0058cce860d07ecc42063c594a8456e12fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
3517daadedb673882e222de335416516

SHA1
75b52a082b179a46d4c61b417195dcf0057e0482

SHA256
8151bef9d421b063aba10e6d24b930cf8bea959ddb3631d36f3085d61d312bd1

SHA512
4fae149f199479354ebdc369eff57b5929d78b7ddbdbd08c58315bbf33e6b1884271993bf51668c9f5d74d2b9ec644e35ad4c96be19fa16ad46364e4faca834b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit