hxxps://dioz[.]info

Analysis

max time kernel
299s
max time network
294s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 22:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dioz.info

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609782128937518"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2876 chrome.exe
2876 chrome.exe
6064 chrome.exe
6064 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

2876 chrome.exe
2876 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2876 wrote to memory of 3620	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3620	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3004	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3472	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 3472	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe
PID 2876 wrote to memory of 5796	2876	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dioz.info
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d517ab58,0x7ff8d517ab68,0x7ff8d517ab78
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1912,i,521990874296200155,13138756294532628088,131072 /prefetch:2
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1912,i,521990874296200155,13138756294532628088,131072 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1912,i,521990874296200155,13138756294532628088,131072 /prefetch:8
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1912,i,521990874296200155,13138756294532628088,131072 /prefetch:1
  2⤵
  PID:712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1912,i,521990874296200155,13138756294532628088,131072 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1912,i,521990874296200155,13138756294532628088,131072 /prefetch:8
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1912,i,521990874296200155,13138756294532628088,131072 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1912,i,521990874296200155,13138756294532628088,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6064

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
fc6be190b0a10e3f9e9ce71ff44f388c

SHA1
c3f35b1f9aff510009764f076aecaed85d02f726

SHA256
621afda1f28082938740e59f451cadb396d81b631fe7f676ea0f4666120b2308

SHA512
e24b41f608f59e9aa5fc1d31678d517a8a578c13030b8abf0fb9c8d588241dc7f76bb03d895aba9131d7bbe8459b27aca5384adf7e456776ac56f9d593fa6e47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
12ebf5cd847c961856b217679e7c9f2e

SHA1
45efe7bad9dbfe14db998418a79da60786849fd8

SHA256
b761535a46fef57e08f87fc13dcc28e43fb4bf181f904f3b24b77d1c460d7e04

SHA512
9ed357b66c793179f97fe3e5329d7f2c58bc3a93f7f52186569ac8be1bc035e8fe9de11ad7514be4e89d89460cec68aed3093bdfbb35d6f067fccb6dfc1a1d81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
586094c0c8407178f735004366a0c6a1

SHA1
49a94e419317ecafd1c1db6a0fbef6076b14f7a2

SHA256
d86fcd0dcc98bf91c1a0d2d6d5f4d1fdc6856a158be9a8c7679f9192899f6e28

SHA512
62c517bfd3545ca4df034b27b57bd6f6c898ed61f691018860806ef574a63b3b74fb28c50ff955d231f153d0ccb728fb728d3780e837532856422febc2631d4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6e47b406035e52b8ae6aed62c87bbb67

SHA1
c3dedd24647fc4008bf52dcb88417276c164145a

SHA256
330df9b40dc2178d33a074bfbb28cd135fbd1e0dabb44a0a51f42541324ca6bd

SHA512
3e31ebdcfe280a650b5727e13b5efd7217a9b670993d06ed780326b50383b0ba133a521a9166fd97ff9846b5b3ae04f882ec665e48b3bcc5382630eb75a6ef67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2623b3012f36852e79f6060c43da6bab

SHA1
841564d25b4f8002da618e97eab2738902458bd6

SHA256
6eed19a360890fb9ef16c8c3958e96ebe6f76fc5a8f6947fd2cebcb9d21fc33e

SHA512
4f64503bc84a8233e37fc9e44fdc1987afa20a9d3e23a16712d143da82256679ff8056f23890ffb016ce28117bddc9eb212e42ef1ad9c38c61249e1ca4c33568

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
183ef65aa489229f410c118d8bc7795b

SHA1
4f7ea2d71fdf318bdd2ad458b624dc4689008a95

SHA256
6be5eba6fcf34aedd48ded30a840df8f66fdeb92b309aec11c307a571f2d261a

SHA512
49109f9c7e690155aa0fdca7777bf79b15d2be8c56e6721af457ac6131edc225ef2c499aa4c58150810282be4619bc5c716b458abb261f61da554cf30758e5e7

Download Submit
\??\pipe\crashpad_2876_MSWWZIDNEHGOOISD

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit