hxxps://divinehut[.]com

Analysis

max time kernel
71s
max time network
76s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-06-2024 14:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://divinehut.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133620717017690375"	chrome.exe

Modifies registry class 58 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Documents"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe1100000066078fe0bd68da01bdcb2be7bd68da01d4098fe8bd68da0114000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3868	chrome.exe
3868	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3196	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe
Token: SeShutdownPrivilege	3868	chrome.exe
Token: SeCreatePagefilePrivilege	3868	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe
3868	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3196	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3868 wrote to memory of 4908	3868	chrome.exe	89
PID 3868 wrote to memory of 4908	3868	chrome.exe	89
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 932	3868	chrome.exe	91
PID 3868 wrote to memory of 2828	3868	chrome.exe	92
PID 3868 wrote to memory of 2828	3868	chrome.exe	92
PID 3868 wrote to memory of 1176	3868	chrome.exe	93
PID 3868 wrote to memory of 1176	3868	chrome.exe	93
PID 3868 wrote to memory of 1176	3868	chrome.exe	93
PID 3868 wrote to memory of 1176	3868	chrome.exe	93
PID 3868 wrote to memory of 1176	3868	chrome.exe	93
PID 3868 wrote to memory of 1176	3868	chrome.exe	93
PID 3868 wrote to memory of 1176	3868	chrome.exe	93
PID 3868 wrote to memory of 1176	3868	chrome.exe	93
PID 3868 wrote to memory of 1176	3868	chrome.exe	93
PID 3868 wrote to memory of 1176	3868	chrome.exe	93
PID 3868 wrote to memory of 1176	3868	chrome.exe	93
PID 3868 wrote to memory of 1176	3868	chrome.exe	93
PID 3868 wrote to memory of 1176	3868	chrome.exe	93
PID 3868 wrote to memory of 1176	3868	chrome.exe	93
PID 3868 wrote to memory of 1176	3868	chrome.exe	93
PID 3868 wrote to memory of 1176	3868	chrome.exe	93
PID 3868 wrote to memory of 1176	3868	chrome.exe	93
PID 3868 wrote to memory of 1176	3868	chrome.exe	93
PID 3868 wrote to memory of 1176	3868	chrome.exe	93
PID 3868 wrote to memory of 1176	3868	chrome.exe	93
PID 3868 wrote to memory of 1176	3868	chrome.exe	93
PID 3868 wrote to memory of 1176	3868	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://divinehut.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd77f59758,0x7ffd77f59768,0x7ffd77f59778
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1872,i,12060786218024722975,1990394047439318977,131072 /prefetch:2
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1872,i,12060786218024722975,1990394047439318977,131072 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1872,i,12060786218024722975,1990394047439318977,131072 /prefetch:8
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1872,i,12060786218024722975,1990394047439318977,131072 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1872,i,12060786218024722975,1990394047439318977,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4508 --field-trial-handle=1872,i,12060786218024722975,1990394047439318977,131072 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5064 --field-trial-handle=1872,i,12060786218024722975,1990394047439318977,131072 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5272 --field-trial-handle=1872,i,12060786218024722975,1990394047439318977,131072 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5216 --field-trial-handle=1872,i,12060786218024722975,1990394047439318977,131072 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3796 --field-trial-handle=1872,i,12060786218024722975,1990394047439318977,131072 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 --field-trial-handle=1872,i,12060786218024722975,1990394047439318977,131072 /prefetch:8
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5580 --field-trial-handle=1872,i,12060786218024722975,1990394047439318977,131072 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 --field-trial-handle=1872,i,12060786218024722975,1990394047439318977,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1872,i,12060786218024722975,1990394047439318977,131072 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1872,i,12060786218024722975,1990394047439318977,131072 /prefetch:8
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1872,i,12060786218024722975,1990394047439318977,131072 /prefetch:8
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 --field-trial-handle=1872,i,12060786218024722975,1990394047439318977,131072 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 --field-trial-handle=1872,i,12060786218024722975,1990394047439318977,131072 /prefetch:8
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 --field-trial-handle=1872,i,12060786218024722975,1990394047439318977,131072 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1872,i,12060786218024722975,1990394047439318977,131072 /prefetch:8
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 --field-trial-handle=1872,i,12060786218024722975,1990394047439318977,131072 /prefetch:8
  2⤵
  PID:696

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3820 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
1⤵
PID:4660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
a1d6bba65ec3cf74b0eab9504cbeaf3a

SHA1
6fa603c209a4e38e86bb5b910fec16b32fde48c9

SHA256
ef4b0494eb73ec3f64479e1f8d17e21d756291797eb45dbc97ea0204b6165b75

SHA512
d01fb58054740fd31b2d0e95600a54894e2b9bb0d11f8c53a9655fda248494acfee1cb4069bc137e7e9ea44eb90821b5320c5694a408cc2b682a45361996132d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
c8848c7742052b74a78429a321f7a335

SHA1
3ff7b0b4cdb9a880a2b1061e866784c6f791956a

SHA256
de78a261ffe6f5da83bf4c75de704d56e179b5c458a9d2ab8795ac30e05d53c1

SHA512
92b6a81be34aad45e56e1f615f01ed847f643d2ac50216492f17530edfd5e40e497e7217ee97618ffe172c9002e46ad8de1e140f731d4c3717e2e1010b5856b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5f4c08b0df886f2bd8e1bdf7d7ed58ca

SHA1
2dd3d2ea1712a0b25ffbeab44c37cd449d4aca8a

SHA256
af8ade3435b3d5a7c3eb536bcdaeb0104952663eec0c0a78ef4876612ff0f35e

SHA512
063b335d5d0dd0847a612c6f30a67268134b1ee2dbdf258dd6dd5476c8f9296d82fb10814ecc93847a4f5e81bdcb2e911076c5641c6ca55c9916dc317b7b8aec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
45123632268df8fb812869f342640797

SHA1
5cd3b99c947b0e17df4114d96b27b12c423c87c1

SHA256
2c6fe658e43c5b447a300817508668ae9da6a0b6ed11a75f95b3e76329b33a60

SHA512
19d164e183417cb99bfe995db034e60512fbec86588b37b3e18e57d916453a3e19b106db3fc4c996bb145faa17d9a6f0311e631b4f4505ac21b6f060d9b16151

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f41dda4e46e667e559f6b422ab7224a6

SHA1
9869d98b736a0e6b3712b24409cdf925d3657506

SHA256
6833c40d458da831203abfbda8d0c4bcab47efb2967306e825210b27ddd60241

SHA512
a9d45c6e01338d31e63935741861931b385ad8f4f24b40ab7110ec4a90ab6406a30b06e73e2f732259d85ed28acc99bc85968f13eaf8fd3d33c3da45ab5109be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
4985cd81cadff9e26ccc7a0f5b771fb5

SHA1
88d14eb15d82f826f4c3219b5f4172d019de67a0

SHA256
eb7c696f17ad62d4e8bc92d242785f3d3b3668d1a836ba09bffa719dc0688c6b

SHA512
097aa55e14a9aae9c5ca842745ac5882496c186af7b46f68a300983aed91bbf1e7c3bbbe3cd96bb06948a3a2f5232c40f69b22ed4b3f4e9271788d2e32247aaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
a07696285d0c44c4c602f533dc4e6f5f

SHA1
8dcb449d1935d3265d539655b70a7d11b6b9c436

SHA256
e297dab7bf3675338475cdb3f26e46b450fb0c6ae6350c88285248fff401e9f6

SHA512
1643fc9134360eec49567420da4d4dea0297dcf5ba6b108100334c2825b5b1f4dc494b61490c33e0627c4a1ce6af835ad03f3882632ac9322cc6eaa5093d7843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58c06d.TMP

Filesize
103KB

MD5
b78c47faa5c6277b132a71963dba389f

SHA1
50cb65d1c2ba67781bf44ec8e4ea0273e45fb2e8

SHA256
87cb4f508c5d16ce3beca7e63df080fba3820841de40ce9f7c2827ae271112bd

SHA512
498aabda1d19a89418370b71472856d1ab574d55b29696b3a86e91c402df3bb4d4f8fe8e45a94a064fee29244bce69f5c42af161c5777617e9bf4107d628612a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit