hxxp://drmyco[.]ir

Analysis

max time kernel
39s
max time network
42s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
14/03/2024, 15:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://drmyco.ir

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133549031161469633"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4260	chrome.exe
4260	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe
Token: SeShutdownPrivilege	4260	chrome.exe
Token: SeCreatePagefilePrivilege	4260	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4260 wrote to memory of 3580	4260	chrome.exe	80
PID 4260 wrote to memory of 3580	4260	chrome.exe	80
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 3160	4260	chrome.exe	83
PID 4260 wrote to memory of 1076	4260	chrome.exe	84
PID 4260 wrote to memory of 1076	4260	chrome.exe	84
PID 4260 wrote to memory of 4956	4260	chrome.exe	85
PID 4260 wrote to memory of 4956	4260	chrome.exe	85
PID 4260 wrote to memory of 4956	4260	chrome.exe	85
PID 4260 wrote to memory of 4956	4260	chrome.exe	85
PID 4260 wrote to memory of 4956	4260	chrome.exe	85
PID 4260 wrote to memory of 4956	4260	chrome.exe	85
PID 4260 wrote to memory of 4956	4260	chrome.exe	85
PID 4260 wrote to memory of 4956	4260	chrome.exe	85
PID 4260 wrote to memory of 4956	4260	chrome.exe	85
PID 4260 wrote to memory of 4956	4260	chrome.exe	85
PID 4260 wrote to memory of 4956	4260	chrome.exe	85
PID 4260 wrote to memory of 4956	4260	chrome.exe	85
PID 4260 wrote to memory of 4956	4260	chrome.exe	85
PID 4260 wrote to memory of 4956	4260	chrome.exe	85
PID 4260 wrote to memory of 4956	4260	chrome.exe	85
PID 4260 wrote to memory of 4956	4260	chrome.exe	85
PID 4260 wrote to memory of 4956	4260	chrome.exe	85
PID 4260 wrote to memory of 4956	4260	chrome.exe	85
PID 4260 wrote to memory of 4956	4260	chrome.exe	85
PID 4260 wrote to memory of 4956	4260	chrome.exe	85
PID 4260 wrote to memory of 4956	4260	chrome.exe	85
PID 4260 wrote to memory of 4956	4260	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://drmyco.ir
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcac499758,0x7ffcac499768,0x7ffcac499778
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1820,i,2987051952621669980,17244675335356815297,131072 /prefetch:2
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1820,i,2987051952621669980,17244675335356815297,131072 /prefetch:8
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1820,i,2987051952621669980,17244675335356815297,131072 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1820,i,2987051952621669980,17244675335356815297,131072 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1820,i,2987051952621669980,17244675335356815297,131072 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4828 --field-trial-handle=1820,i,2987051952621669980,17244675335356815297,131072 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1820,i,2987051952621669980,17244675335356815297,131072 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2996 --field-trial-handle=1820,i,2987051952621669980,17244675335356815297,131072 /prefetch:8
  2⤵
  PID:4084

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2ebbb20d-5989-4560-894c-93eb2755e613.tmp

Filesize
130KB

MD5
3557f91e01cc7d17e33efa7562433c01

SHA1
21bbceddbecc62cd0c08f5c7663b1e0fcfe542c4

SHA256
99bdfa5a97bf2aa244b9d758c74e8553edd1a056c13b936836061304a5803f52

SHA512
dd335e94981635b469f47ef053afccc8cb6367fc7e978cfce0c7725b6047c9e64fc38e0a3fab2f5862f16b4b51e8ecd6a781309038235dbc8603f94f6ce83cc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
a94a7152351f080620b86307ea56382d

SHA1
4b30695ee6bae99d1cd798c76ea959c696967c37

SHA256
fc16a7223986d7b7f1801274e88b3ff7a3fca40e357326f2e7b511350e3ef30e

SHA512
2f31070cc942a6530fccd153cb435770803fd2e3e03cfc9aee9c2094471d45b665fd43023c4651876f960a60a7eb00d888a251e2df629c9b54ecb63dfacf54b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f697ce8f87aa0412a393adada9ccf225

SHA1
a9611f14d5a0c636bd36b258ece416b850ab1ab7

SHA256
0f707160a4d651d8c9b14b3008a451819725478ddbe9ea6e540a75e184bae772

SHA512
52d483689048b2384e945478ef4bde52af617978189eb93108676de9acc8ffae595de4aa824e8849873d4330dae3f239ab0e422d52051babd523d18a05d51078

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1b0a5c6ae586789c7f7d66176292b673

SHA1
c270bdd8ae0fa1f7cd4fbcaf3e0c6c4d07bae6df

SHA256
af9117d61caa705ab4c0f22e5421fa9d4233b3e91e191c644d51e19d6144944a

SHA512
7ad76987df88171fdf183eb732a43f96e1589003e6a3143377e8cd5d64565b89d5e618797a4ffa931251754cb7f4e22e0f18b44c62738d60c424381f2e4397be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
866B

MD5
03fd4b7e0ce16a176d73382dea3cbaff

SHA1
2c3bab2597867c0e6b9760a95452ba83008080f8

SHA256
ffd8e52a343890dcac80e4266c5348ca201d91d9e2df6983a076b584dbfb8ada

SHA512
8133d2e8e82682e5c5817bd05305255b9bf9cce078d8d67e00ba62520499c43a320f632f2a6d24949140de27b117bba51f55a56869b1f417bcb4abb4ff84dbd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b1ed184bf51ee40b01bd7152487d3280

SHA1
de30fd18144e9043e5a5a7cbb9baef3e79ac2749

SHA256
7f0bcc5234fc32138e46524622167e71a2af2a76a766f2e9be551d4f6a56d663

SHA512
0fde7b082f7295e1cd279cbea65aa33b6f94b7ed9628929f7bd800ee1a7eabd4a9282adf3b250ac52cb1623a40c8d1e37b370dbf21a90d45ff10ed52aef93efc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6f4f0dea5903f62929f235e06c15b636

SHA1
87e486290f429b1d3597141795014503f8dae13c

SHA256
3a329d58f454d5c2a2553220dccb67f2e8b844b735ab082c25f10a8514e53f86

SHA512
06d70f1acaf6bc5a3e53517e0445a4c07b5d63be556cd0fa33eb58133aad34c53e603a33aee0cc4c1ac66d9aa9027dd9b71d7672831c5a39a1ce03a1c79f1169

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
aedfd81de3fa9dfb9e5db6bc99049ab2

SHA1
b7b2efefbddd9905a7fcbcfc21bba2ae51fb9547

SHA256
8b192371a1d9ae43124f786ec453af56747e9cf6b0aff168edbc7e31b9b78dc8

SHA512
16f6933d03277daf47a3cd8b1effd9eeb0193ff693e69cac95e9029e1c190884c3e53932e92ecbb0d39548fa7162abeb476cdd87f9bb022ea788ac34c933d365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
47a1ebb7d9f76a304bcb82cc36b86990

SHA1
bfa80ed5056bc268842c9e65f2ac951ab0907afe

SHA256
d0efb827da6f73288d616d08990f14405d1d531e98413a53c7bc846a2c1e4b59

SHA512
1a3bfe459949ba6ce28cfa5caa2e3e6bdc02fc7f64916e9c4700f10145f1e88694cff26b3a4bee73bd562e68143132420939aa6f0f8e903e18a59adb0495d224

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
556d31c6d5be094956251c62e07ab5d5

SHA1
c4026aa187849c11d149b2c76ebd6fa9923cd2a9

SHA256
16d244efa4f6410fba5d6abd54a5ab44365257401d0d456a56603240e6c5eb79

SHA512
abaa947b715c02e3b79237e033f668a3cf0721abd1976c899f51bd539f784329fd2572f2e72c38af122fc7cdc298c6903fe954458728fe95c7c55c1e4453fe66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit