hxxps://soporte-bpd[.]com/Personas/Paginas

General

Target

https://soporte-bpd.com/Personas/Paginas
Sample

211012-w95q5adbb8

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exe

pid	process
4456	chrome.exe
4456	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
3668	chrome.exe
3668	chrome.exe
3160	chrome.exe
3160	chrome.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

chrome.exechrmstp.exe

description	pid	process	target process
PID 4220 wrote to memory of 4512	4220	chrome.exe	chrome.exe
PID 4220 wrote to memory of 4512	4220	chrome.exe	chrome.exe
PID 1368 wrote to memory of 1660	1368	chrmstp.exe	chrmstp.exe
PID 1368 wrote to memory of 1660	1368	chrmstp.exe	chrmstp.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://soporte-bpd.com/Personas/Paginas
1⤵
- Suspicious use of WriteProcessMemory
PID:4220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa25b24f50,0x7ffa25b24f60,0x7ffa25b24f70
2⤵
PID:4512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1484,16727521882374144888,12966747602065408025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 /prefetch:8
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1484,16727521882374144888,12966747602065408025,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4944 /prefetch:2
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1484,16727521882374144888,12966747602065408025,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
1⤵
PID:4632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1484,16727521882374144888,12966747602065408025,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6308 /prefetch:8
1⤵
PID:4684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1484,16727521882374144888,12966747602065408025,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6320 /prefetch:8
1⤵
PID:4692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1484,16727521882374144888,12966747602065408025,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
1⤵
PID:944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1484,16727521882374144888,12966747602065408025,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4016 /prefetch:8
1⤵
PID:2560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1484,16727521882374144888,12966747602065408025,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3912 /prefetch:8
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1484,16727521882374144888,12966747602065408025,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
1⤵
PID:1696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1484,16727521882374144888,12966747602065408025,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
1⤵
PID:2324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1484,16727521882374144888,12966747602065408025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 /prefetch:8
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3160

C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --channel --force-configure-user-settings
1⤵
- Suspicious use of WriteProcessMemory
PID:1368

C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff7bed3a890,0x7ff7bed3a8a0,0x7ff7bed3a8b0
2⤵
PID:1660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1484,16727521882374144888,12966747602065408025,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6064 /prefetch:8
1⤵
PID:1428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1484,16727521882374144888,12966747602065408025,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6024 /prefetch:8
1⤵
PID:1840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1484,16727521882374144888,12966747602065408025,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4920 /prefetch:8
1⤵
PID:4472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1484,16727521882374144888,12966747602065408025,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4956 /prefetch:8
1⤵
PID:4452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1484,16727521882374144888,12966747602065408025,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5964 /prefetch:8
1⤵
PID:4736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1484,16727521882374144888,12966747602065408025,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4080 /prefetch:8
1⤵
PID:5088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1368-114-0x000001A0A3580000-0x000001A0A3582000-memory.dmp

Filesize
8KB

Download
memory/1368-115-0x000001A0A3580000-0x000001A0A3582000-memory.dmp

Filesize
8KB

Download
memory/1660-116-0x0000000000000000-mapping.dmp

Download
memory/1660-117-0x000001C0D3FF0000-0x000001C0D3FF2000-memory.dmp

Filesize
8KB

Download
memory/1660-118-0x000001C0D3FF0000-0x000001C0D3FF2000-memory.dmp

Filesize
8KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads