hxxps://vericar-cuenta[.]jimdosite[.]com/

Analysis

max time kernel
116s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03/04/2023, 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://vericar-cuenta.jimdosite.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133250325509585953"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4132	chrome.exe
4132	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4132 wrote to memory of 3296	4132	chrome.exe	85
PID 4132 wrote to memory of 3296	4132	chrome.exe	85
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 1740	4132	chrome.exe	86
PID 4132 wrote to memory of 4524	4132	chrome.exe	87
PID 4132 wrote to memory of 4524	4132	chrome.exe	87
PID 4132 wrote to memory of 3116	4132	chrome.exe	88
PID 4132 wrote to memory of 3116	4132	chrome.exe	88
PID 4132 wrote to memory of 3116	4132	chrome.exe	88
PID 4132 wrote to memory of 3116	4132	chrome.exe	88
PID 4132 wrote to memory of 3116	4132	chrome.exe	88
PID 4132 wrote to memory of 3116	4132	chrome.exe	88
PID 4132 wrote to memory of 3116	4132	chrome.exe	88
PID 4132 wrote to memory of 3116	4132	chrome.exe	88
PID 4132 wrote to memory of 3116	4132	chrome.exe	88
PID 4132 wrote to memory of 3116	4132	chrome.exe	88
PID 4132 wrote to memory of 3116	4132	chrome.exe	88
PID 4132 wrote to memory of 3116	4132	chrome.exe	88
PID 4132 wrote to memory of 3116	4132	chrome.exe	88
PID 4132 wrote to memory of 3116	4132	chrome.exe	88
PID 4132 wrote to memory of 3116	4132	chrome.exe	88
PID 4132 wrote to memory of 3116	4132	chrome.exe	88
PID 4132 wrote to memory of 3116	4132	chrome.exe	88
PID 4132 wrote to memory of 3116	4132	chrome.exe	88
PID 4132 wrote to memory of 3116	4132	chrome.exe	88
PID 4132 wrote to memory of 3116	4132	chrome.exe	88
PID 4132 wrote to memory of 3116	4132	chrome.exe	88
PID 4132 wrote to memory of 3116	4132	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://vericar-cuenta.jimdosite.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb64bb9758,0x7ffb64bb9768,0x7ffb64bb9778
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1792,i,12073342471637427870,12606878435824401140,131072 /prefetch:2
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1792,i,12073342471637427870,12606878435824401140,131072 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1792,i,12073342471637427870,12606878435824401140,131072 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1792,i,12073342471637427870,12606878435824401140,131072 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1792,i,12073342471637427870,12606878435824401140,131072 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1792,i,12073342471637427870,12606878435824401140,131072 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5408 --field-trial-handle=1792,i,12073342471637427870,12606878435824401140,131072 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 --field-trial-handle=1792,i,12073342471637427870,12606878435824401140,131072 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1656 --field-trial-handle=1792,i,12073342471637427870,12606878435824401140,131072 /prefetch:1
  2⤵
  PID:4240

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2204

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
25ff0b5bcf46f29d41de32a3d39bccc5

SHA1
c57e7b6b830894c5539b4038a90af31b23d29607

SHA256
228fd5d17093c9dbbece49721aaefdf267ef7b2e04ef783c43727ffbc1f67a2f

SHA512
c14b692c5e2a19532efe065363772771c45d77e4580b864add775d7e325560d2a41675db4a398fbafb6fff1863290a70f5be577bf7146a2b752065d33e3b1503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\0bcbc432-f23c-453e-9cad-fb634268f5b7.tmp

Filesize
1KB

MD5
47934a704fcd5e3154a60d3840ba6f43

SHA1
5b8a81c3801dea4987b53b2223dc285d45678f01

SHA256
735a719398908bd04bdc7690d91cebff54905f30adfe458ffc30c426b26763b0

SHA512
c46b876b33b0e1656bb9f493ed2250e1e97f7ba13e9cb43e195218e80b5a00e14cee072f0310f25dd853104987ba5d135d596fbdf82c30ef548a7a3dcfb0d598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
69c1dcf0b6e9bb276de70dc9a1b0b9ea

SHA1
0750493a410010a2700d2b6435f1abd015c97d7c

SHA256
dfe41ac95c216dce04e190f1594a1dbcab970f6ed4fb2f4e92290aa76dcfe828

SHA512
e35179883a010d47c60ced7d57792e24003c96a58d6d97efae396cefd9cc3fbdc8320cd5a1f418a8a1f65a6084b9dda2e4822ceed45da2af53134ebbafb08bed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
0ad63bb632cde0d1c90ca994f6a4de19

SHA1
2dc3f5e991bfab5a2333598e9578ef907971c723

SHA256
ba293d2668789fd725a3f441c8221f75a8a02070f54dc421d16153e9b6fd5562

SHA512
7870006f3a6fd0f2619c227b54bd102d27cee7e5c1654fc166bf44d6be1254a442c28e0dd5b1abafee16b50963eb49c17d792fa0f8acf1d2fa5bf84d69d1cf10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7f08afc28babd739d7d71479c222a890

SHA1
cc2b9815a1968313f9577fb1ae12756c59403314

SHA256
d6e938fbfdd76ecf51a1aee0c9b059242639c66847d80eb964ad7802d2071dc3

SHA512
c43afa016079ae1aeec73379812b597a11071da44a3c417c3e01a57498608aa4ec9824b2cf2733a4c05e8388d2ec450447ee7b2611385ee43d2a8cc7baa48e96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
aacb617153d8d71ed72415db8d1f5391

SHA1
05f3142f675d919dba5941ea9eb81e9ca38f3253

SHA256
900249e5e897fbf3704759c61d90e103aa43fb55b5b151017cc8e05ad683f1ba

SHA512
f68af5a7ed4b9022e6d2d1baa2935ff3313041669d2e95e9bc59e6f72e8ab647e21386f2f619e8235b28b67afa152e03aea83da0095e4e6d0487b1775524a676

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ec58fdd827df1ac0552dedf179c40a44

SHA1
f8556c9e6d0b2b39c0f7dcc18cbf488a4b1e46fb

SHA256
99bf7100d4016770778bd07f828b2d22584b3ff5348bde1161ef3848cffec75d

SHA512
724c18e6e0140fd2504b4810680d421635f7dcf498462429fefd9f069eda1b5de18b7b4c71316110b0ab9bdaf3b7805959327ea71512368c5657bb21679921b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
3be30a9bd8152b8ef87719247db6b697

SHA1
5553d475156922bcbba6d5396f26dd079f316588

SHA256
75738a4fe28dae77e1ddb83e7804fa27c280a05f016d800e3a1f8da845a79f84

SHA512
b69cfbc21af6adb321732fb69f8045e4fd2b9e5426bc1eda0d43e3edb98e62c60c6dcfc8d650c1fb3ae79e762a03fa7452d9b9828da6099be7d6eca86cda30e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
fca67d73f9126e00b0f5900ed7f1e177

SHA1
f855db8c81e82200c2debcffef0d431bb2bec26a

SHA256
55b0729aee17259cd766ec64db80b8208d694948e0fd1f0fe62f2a3f62317e84

SHA512
465e996b62b4a4059dbe98d1ec71fb8dab27cd6a0eb9c2e3b74cdd5b8d71322ce6a7787d6e4d071bb0fd5982cdfcd859ea0a547ecf08587700818152599be92b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit