hxxps://docdro[.]id/dfhssaz

Analysis

max time kernel
119s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 11:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://docdro.id/dfhssaz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133617132694334375"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
340	chrome.exe
340	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 340 wrote to memory of 220	340	chrome.exe	83
PID 340 wrote to memory of 220	340	chrome.exe	83
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1672	340	chrome.exe	84
PID 340 wrote to memory of 1696	340	chrome.exe	85
PID 340 wrote to memory of 1696	340	chrome.exe	85
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86
PID 340 wrote to memory of 3200	340	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://docdro.id/dfhssaz
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9aba4ab58,0x7ff9aba4ab68,0x7ff9aba4ab78
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1732,i,18148895243857109716,8606250569121656804,131072 /prefetch:2
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1732,i,18148895243857109716,8606250569121656804,131072 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1732,i,18148895243857109716,8606250569121656804,131072 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1732,i,18148895243857109716,8606250569121656804,131072 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1732,i,18148895243857109716,8606250569121656804,131072 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4320 --field-trial-handle=1732,i,18148895243857109716,8606250569121656804,131072 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3096 --field-trial-handle=1732,i,18148895243857109716,8606250569121656804,131072 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3368 --field-trial-handle=1732,i,18148895243857109716,8606250569121656804,131072 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4792 --field-trial-handle=1732,i,18148895243857109716,8606250569121656804,131072 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4912 --field-trial-handle=1732,i,18148895243857109716,8606250569121656804,131072 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4380 --field-trial-handle=1732,i,18148895243857109716,8606250569121656804,131072 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4892 --field-trial-handle=1732,i,18148895243857109716,8606250569121656804,131072 /prefetch:1
  2⤵
  PID:4016

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
b049070e4f030809fba289e1fadd8747

SHA1
9fbe83ff5c5271b08b32ef57e1e7717825ccec20

SHA256
b3e094854fe41ed5f49c8f3a756a562622225518bb0f0f518a0ae1a28946d605

SHA512
a871f560e7a11e58e1cc57b5151f9ec0d5164884f650c564baee464d42620e067cfe830bc5c756e21a2d8977ce032c0a458d78767383c2cace64834313cf4132

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
3aefdfa50cc800da7367d48a10c4c008

SHA1
ee3f5714b54afb611cff3dc8b5bf2a8b3582eeb4

SHA256
97c3fada0371515cc7e53f0abbd64329aa4d5fd61bf9a7308a21aa706e36e162

SHA512
e279212f321dfc2f200932b0d458f647e6944a98f26091972ebc72dff3f4588e63343b01d7661f2adb09eeeec463acb258045a397e2abf15627ef2ff2a511953

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6a7386a78668c88f2e389a2e9f8f7922

SHA1
43f0f396c8aadb030dd83081d9c92538e55f5e9b

SHA256
fb2230689f67606ef7f76b0033094be54b2f09cda92d1c7f1d099c49e25d3b37

SHA512
eda72b4fb8d710f05f9c9f2b56c69d435613dba9f9c63bc10da7061491dda92893e1e1e1941bd0c8fbee41f55e823b04c30da7b6a9f56eed049c0de89bbf086e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d13a37db3d32fbb83b1e75c44f2aa9a8

SHA1
587f1e2f3b0784913cfc2789d6c3b752f7651e52

SHA256
3cf6c127000b8e516fab97f29d468e232a85e2bf46ce512e2e6c1450e04ef0f9

SHA512
54c1e232b179752c2320baacfeec460b86b479f8a7710a1bbcddaa7d43f28388b9b205d206e17e2800acee43e4bced37f518e54432cc0ad709d66f816e68ebd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d7aec632059184f58d46e09e997e6398

SHA1
0b841aaf704524ec0b7a1d7a64d12c17a7ddd4d9

SHA256
728729d3ebbdc0f88056307199d4146039093fcb625563302bc5091e041fbdc4

SHA512
405a86a50a0f772ba84b3777bad0d54f4d9148879724642f4c5bbd63441ca03e855aa6f626e4b2eac6d22bb8d669edea00ebde81679e25ff2c489803c00f692c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
234f8481797fdcd8d2922483e0ff06d3

SHA1
f6ae207043557d019dcd1055784e854b4b7d7db3

SHA256
e5635a6c75963026082433fa08cab1ba8e1b87631c3726edc972dde9d2b082be

SHA512
53d9d9c0324ffde1cb2457c01f3b2f6d39030605bf07128554c3bbd6bc32824f50f198a2557c28b60ec691718444def4c8bae49dce671d2e39a3c4df95ca28e6

Download Submit