hxxp://www[.]diamantespacover[.]com/newDocument/3242342332/23423432/33233e[.]html

General

Target

http://www.diamantespacover.com/newDocument/3242342332/23423432/33233e.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133249941962528077"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

3712 chrome.exe
3712 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

3712 chrome.exe
3712 chrome.exe
3712 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3712 wrote to memory of 4900	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 4900	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 5112	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3108	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3108	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3888	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3888	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3888	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3888	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3888	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3888	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3888	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3888	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3888	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3888	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3888	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3888	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3888	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3888	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3888	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3888	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3888	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3888	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3888	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3888	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3888	3712	chrome.exe	chrome.exe
PID 3712 wrote to memory of 3888	3712	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://www.diamantespacover.com/newDocument/3242342332/23423432/33233e.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffab769758,0x7fffab769768,0x7fffab769778
2⤵
PID:4900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1812,i,8736595404872581745,18373876963741287309,131072 /prefetch:2
2⤵
PID:5112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,8736595404872581745,18373876963741287309,131072 /prefetch:8
2⤵
PID:3108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1812,i,8736595404872581745,18373876963741287309,131072 /prefetch:8
2⤵
PID:3888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=1812,i,8736595404872581745,18373876963741287309,131072 /prefetch:1
2⤵
PID:4312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1812,i,8736595404872581745,18373876963741287309,131072 /prefetch:1
2⤵
PID:3216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1812,i,8736595404872581745,18373876963741287309,131072 /prefetch:8
2⤵
PID:1380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5404 --field-trial-handle=1812,i,8736595404872581745,18373876963741287309,131072 /prefetch:8
2⤵
PID:1616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1812,i,8736595404872581745,18373876963741287309,131072 /prefetch:8
2⤵
PID:4648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4876 --field-trial-handle=1812,i,8736595404872581745,18373876963741287309,131072 /prefetch:1
2⤵
PID:4208

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1244

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
018a4cede3a83de98bd1d932c10c637c

SHA1
7cbd245a4ed73a4e2f97ef785298d1db94531f9e

SHA256
320f626fc13cbc2bd916c1df6b38c59655806d6d98ab027631238199167ca899

SHA512
e4b3ebeae6b5bcc1ae46af28c5939d76b81bb4ea800bce47f9b181dc7a08ab6eb833ba7dad1d307df9a5c8854fe929f2b3a82312cfc6632127f00d6b4e4cf6f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
a36f3b31da53005e93534c21904873e1

SHA1
cd28e948fb60dcae1250b716767fd5cd5bca271a

SHA256
a91360b2c55eea63f9deeb574aef0eeb78a13a47fc8de1d1cbc97c32a8a1306a

SHA512
e2065cd63f73f20c7de878976462cb8a9417bf23d313fc6815e598e57fcabcef9e11c08dc8dbf4b983f7a2d73129b8a03bda4a869351afc4e684c3ff8724c0f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
7d8e23cc78063cac0f0c9bd099bab8f6

SHA1
713d9bf2fa462b2ef810df66934898a8dc041a28

SHA256
984fd2af9b051d5b0c4a7867c9cc092f748494e0f34a024566fb7d4fd5db3544

SHA512
4cfea6d3bd5a542c71523067de974e6301448c2d7bd20cde00594edb7903beb729b53c11fec9070d4059525b91f9fdcc401dc616efed3f74d46a11c80a15868d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
4c740afbde438d54fa3f6a1b5fa1159a

SHA1
0f602f99ff372ae599789d45339c522a2a589379

SHA256
977b71756c259ae47a95bb37eb33632cf42656311a2ed76809e53a9d2276b0d7

SHA512
a35e1d2fc6254d90e048f444df5879668851811e0ef813e647e466c82c82879ed24d8005a653bb8546ffbe81dfbd7d306adefac5769ed78ea33b6e0a1cb49875

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
ca8d2bc63e0b8ad1412965b2c90718df

SHA1
56e660b91c0e6f117377c267f043b668e5072c3e

SHA256
15eb89c15f202aec6dc54c43edeb655eedc180b66bc23ae50cf95817346c52f3

SHA512
c3e23671dbc69e7eaa2ed8b9476d0908682f17b3a1bc4747cdd2c3ec6d40a80f338b6afe80055b12b5a4c58b0215606ddb159f9d6979f458c2858e2defa7a2aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
174KB

MD5
c8103da78d7224581f0cf4f584a89624

SHA1
901af86358e6b99929bf50b51ae9f8b024f6c816

SHA256
ae3baa41c9c4f192dd2871475e4568c4e45c81d69e2f6c33ad9fa22f2a39fd71

SHA512
45224c989a596ea5dfef2d579ae05447139ba3a1c6317508d29bdccfcb293d44642c657f30be8f79ea22cd577185899f4764f20831a92fb6d4ca3485317444bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_3712_IFZPGTRKCBQRSGTZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads