hxxps://dvrep[.]com/dv/0c97cf7f64fe1f9dc7f796af32890fa51ac39e7f

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2024 13:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dvrep.com/dv/0c97cf7f64fe1f9dc7f796af32890fa51ac39e7f

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133553295360920852"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1404	chrome.exe
1404	chrome.exe
4064	chrome.exe
4064	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1404	chrome.exe
1404	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 3276	1404	chrome.exe	86
PID 1404 wrote to memory of 3276	1404	chrome.exe	86
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4772	1404	chrome.exe	89
PID 1404 wrote to memory of 4956	1404	chrome.exe	90
PID 1404 wrote to memory of 4956	1404	chrome.exe	90
PID 1404 wrote to memory of 3964	1404	chrome.exe	91
PID 1404 wrote to memory of 3964	1404	chrome.exe	91
PID 1404 wrote to memory of 3964	1404	chrome.exe	91
PID 1404 wrote to memory of 3964	1404	chrome.exe	91
PID 1404 wrote to memory of 3964	1404	chrome.exe	91
PID 1404 wrote to memory of 3964	1404	chrome.exe	91
PID 1404 wrote to memory of 3964	1404	chrome.exe	91
PID 1404 wrote to memory of 3964	1404	chrome.exe	91
PID 1404 wrote to memory of 3964	1404	chrome.exe	91
PID 1404 wrote to memory of 3964	1404	chrome.exe	91
PID 1404 wrote to memory of 3964	1404	chrome.exe	91
PID 1404 wrote to memory of 3964	1404	chrome.exe	91
PID 1404 wrote to memory of 3964	1404	chrome.exe	91
PID 1404 wrote to memory of 3964	1404	chrome.exe	91
PID 1404 wrote to memory of 3964	1404	chrome.exe	91
PID 1404 wrote to memory of 3964	1404	chrome.exe	91
PID 1404 wrote to memory of 3964	1404	chrome.exe	91
PID 1404 wrote to memory of 3964	1404	chrome.exe	91
PID 1404 wrote to memory of 3964	1404	chrome.exe	91
PID 1404 wrote to memory of 3964	1404	chrome.exe	91
PID 1404 wrote to memory of 3964	1404	chrome.exe	91
PID 1404 wrote to memory of 3964	1404	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dvrep.com/dv/0c97cf7f64fe1f9dc7f796af32890fa51ac39e7f
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb88f9758,0x7ffdb88f9768,0x7ffdb88f9778
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1884,i,12631843416720732363,16250357181705746774,131072 /prefetch:2
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1884,i,12631843416720732363,16250357181705746774,131072 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1884,i,12631843416720732363,16250357181705746774,131072 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1884,i,12631843416720732363,16250357181705746774,131072 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1884,i,12631843416720732363,16250357181705746774,131072 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1884,i,12631843416720732363,16250357181705746774,131072 /prefetch:8
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1884,i,12631843416720732363,16250357181705746774,131072 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 --field-trial-handle=1884,i,12631843416720732363,16250357181705746774,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4064

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
b2a9e27cff316905b3120eb07348b342

SHA1
6ec107c2db5a4af22d2c84c928d6b0ce703f78b4

SHA256
afbb60af03588f26d98b261b43728e6763f5e65a2bafe88c1b8b77cf72230f63

SHA512
9bd6c335a7a1597da8dff3c8280e402e5f8de25fe5b508c8d89134e41fa80b763399930c487be6efffcf02f4b26fd60305a17b3ffab07c4ce90862ea68c0a869

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d891937715c824b89d21946806d420ef

SHA1
d4bda61e3e9899a168c39004884d3492eb484d59

SHA256
1228b4ef95bcfe9e89257544a7cb543a650f942c483f4d89b1ba25fe38bf9f85

SHA512
4a6058be5f0758182388f2ec11d9172327e3396ed8995b15e24ada98640f98fd16f7b690434333231de0263e9632faf81e9b6cb1c966749b8d03c24666d3e6a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
b802604ea2e23b81a25de2313335c930

SHA1
4d10fdc512881171b3672d810b0305ec160b60a4

SHA256
c712e09442f3fca68d874bc41ace4baf88403a431fc52264407f595117fd547c

SHA512
f189b09d165b2497ffaa95a0b683c47307b35d969532f403cd5636160166062ef158fc6376f522980da7851c1867b9d9f00ec13d513950c8582f650a85eff7c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bd78d479c8838b18fddb990cf710c4e6

SHA1
738debd2b8936035be748f949f89db9cf78d438a

SHA256
c62a17dbf8aea23f7f9080e47464848dbcc2d6f623df8107be3ba0bc5439418d

SHA512
0520ab3a3d44733e699dac61f4b978bfa075c6bf8b8088b4fe71b2fa4ef2651968f98785d1d673a4b48ddd8b0220c6a510fdf8deb334cfb2bb05f0b0bf1b8624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
2f357ed8eab5746e2b0e6aee391a1395

SHA1
dd5e96326181eb42920f4edaff5febadbff60e5e

SHA256
0cc168d301316b50d1130e843a27f4dc17d4b463191d9ca1fd796f699e753229

SHA512
eef329f4ef511fdf2a16810258e747936468d732496c71d00ffae3360aa89e4f410566e20cc1c0bc9c5866ab926a7fa50fbfce6de09f3289b0a8f164e85125f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit