hxxps://www[.]dropbox[.]com/l/scl/AABAz7V6TbgEfajitM1qfh43SOKxfQn-oVg

Analysis

max time kernel
59s
max time network
49s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
05-04-2024 07:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/l/scl/AABAz7V6TbgEfajitM1qfh43SOKxfQn-oVg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2828	chrome.exe
2828	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2828	chrome.exe
2828	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 4772	2828	chrome.exe	73
PID 2828 wrote to memory of 4772	2828	chrome.exe	73
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 2316	2828	chrome.exe	75
PID 2828 wrote to memory of 4888	2828	chrome.exe	76
PID 2828 wrote to memory of 4888	2828	chrome.exe	76
PID 2828 wrote to memory of 1180	2828	chrome.exe	77
PID 2828 wrote to memory of 1180	2828	chrome.exe	77
PID 2828 wrote to memory of 1180	2828	chrome.exe	77
PID 2828 wrote to memory of 1180	2828	chrome.exe	77
PID 2828 wrote to memory of 1180	2828	chrome.exe	77
PID 2828 wrote to memory of 1180	2828	chrome.exe	77
PID 2828 wrote to memory of 1180	2828	chrome.exe	77
PID 2828 wrote to memory of 1180	2828	chrome.exe	77
PID 2828 wrote to memory of 1180	2828	chrome.exe	77
PID 2828 wrote to memory of 1180	2828	chrome.exe	77
PID 2828 wrote to memory of 1180	2828	chrome.exe	77
PID 2828 wrote to memory of 1180	2828	chrome.exe	77
PID 2828 wrote to memory of 1180	2828	chrome.exe	77
PID 2828 wrote to memory of 1180	2828	chrome.exe	77
PID 2828 wrote to memory of 1180	2828	chrome.exe	77
PID 2828 wrote to memory of 1180	2828	chrome.exe	77
PID 2828 wrote to memory of 1180	2828	chrome.exe	77
PID 2828 wrote to memory of 1180	2828	chrome.exe	77
PID 2828 wrote to memory of 1180	2828	chrome.exe	77
PID 2828 wrote to memory of 1180	2828	chrome.exe	77
PID 2828 wrote to memory of 1180	2828	chrome.exe	77
PID 2828 wrote to memory of 1180	2828	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.dropbox.com/l/scl/AABAz7V6TbgEfajitM1qfh43SOKxfQn-oVg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa8db89758,0x7ffa8db89768,0x7ffa8db89778
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1712,i,3696490404934999588,15871346580058670619,131072 /prefetch:2
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1712,i,3696490404934999588,15871346580058670619,131072 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1712,i,3696490404934999588,15871346580058670619,131072 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1712,i,3696490404934999588,15871346580058670619,131072 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1712,i,3696490404934999588,15871346580058670619,131072 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1712,i,3696490404934999588,15871346580058670619,131072 /prefetch:8
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1712,i,3696490404934999588,15871346580058670619,131072 /prefetch:8
  2⤵
  PID:3668

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3c0ef9f4792a7a1c8f29af8090d4412c

SHA1
23289144ed82e05c1e2feae8ea31a8266ac53f2a

SHA256
d7d8dd7a71bfd76beb573093a94cb87a396dfb07a1e66cc9adc4917fb4f109c6

SHA512
ca77ec5bf85c6e2a8905652d9c952b74a3811d296b7b0d9372da0781c6d41a07baebac4ae6b14eae7517aa3f5c853b029502c1cb865b631c283897db48936227

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
532B

MD5
e871127ecf9b1370b7e6d25517cb6090

SHA1
4c711db186c1acfda315356c1e515f2aea1ff989

SHA256
c9caf03f92f8c79a753fe763c83cd3202f41e2778cd6ca9b73b929247a441294

SHA512
c35d24f35ecb1b2fcceaef92fb9bbab45c5069644b5a275ce9c272c4878947f95d8a92a9d2c8bf86c0dfdd799222f80be73208233fb3b177c528f53042a2c5d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
532B

MD5
f20b7ac03fca78d54c5cb9ebf6863836

SHA1
6a61bcba6ccc61b8fa8d66a2e541a9aa24fbc524

SHA256
81a7c169c356101b5a04a5b2990fe42de3c5882aeb3a4342f6db7b75dd49a9e7

SHA512
ea1ed43f22ed4db54023a0cf329c8a21f438ceb3f7f95f1f6fc45da0e9cff35d22bb3191c5f60a7e3098c3c7cc14127f8bdd12040680354d6cd475297b269c60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
532B

MD5
df953a3f223849af6adb472c7f524f6a

SHA1
d0d1bde139fa74f162dfc24f8db2c2147ae9fb09

SHA256
ec42144ebf464169de03a757988c5a2b437a383b904d58fbee9eefa38ac09c0c

SHA512
8c5604c538d79a4f04d471dfa78a06237dfc21981d629f653accf4e76e1dddae7bc57a8173e11c51fc354afa133bbd8c0ccf736ef3f8449458994392907eeda0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
532B

MD5
aca4032713930f63350eae7aff30611e

SHA1
2fc60c4ff9602510810614fbba2e2679dd2254f9

SHA256
9ac83cc368b6cdd44ed2e753b3f7fba79afc1def9c27c1253c72efd2e7d09614

SHA512
3aeb000d24e7e120c0db219a058963188d780b302873749f89f18d297967ab13b327c6fadd7e825739e6eac51e60a8c48847922098f5f1f88f545cf0882e36f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cd2978a772be5fd99d9bd8d27c76cec7

SHA1
27979bce116565edd5b04fdfa0fd449a8dc6e297

SHA256
d9796a1c5f70fa8b01ba621682c31b3a32356e948935d1473d581dde0aef09fa

SHA512
094f524128f19b418f7664fe03d5c20914c1fe8a669ea2832c43bcbbf25dce00037a6cc5a60b39fbb6b40f42e0e7613a12744491519065984dfa0333ebbda78b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ff3f6895d82c676f0bd48d43f19a44e6

SHA1
dba76501c98ee02c2fe43cbc3bbd23d8c53bbae6

SHA256
82e86c3bdbf1dfbafaf841b723701de52f0419596ec8b4b252a33333b67db44d

SHA512
f8264c4280d557a5f17cb88a6ad65e1ac943d1343286016850896fd2b4368faf2290cbbd044ef6ab93dcd0dc555f47b6b217a1098bd5ed3695dbc98e56d63c56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
cca1c01276032cfd4edf00a7c6df92ff

SHA1
7ee4d4b9d353ce6376c5a23c358516fb3f5d97bf

SHA256
f2a4bd526131d5f1e0d571d64e98a4bce7f9c2b6831ff8bdf1fb07e8e8b48d5c

SHA512
bbecc17333b5f911f1def7cc09c23e21cf89fa295bf2f93d28426d7462b4c2f45e51c4e21cec2fb393eaff9ee534fdfda6944662da102ea76ecd55964c44b30f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit