hxxps://spainpropertyadvisor[.]com/cz/#contact

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05-05-2023 17:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://spainpropertyadvisor.com/cz/#contact

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133277825630293236"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1260	chrome.exe
1260	chrome.exe
4672	chrome.exe
4672	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1260	chrome.exe
1260	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe
Token: SeShutdownPrivilege	1260	chrome.exe
Token: SeCreatePagefilePrivilege	1260	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe
1260	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1260 wrote to memory of 648	1260	chrome.exe	85
PID 1260 wrote to memory of 648	1260	chrome.exe	85
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 1788	1260	chrome.exe	87
PID 1260 wrote to memory of 3100	1260	chrome.exe	88
PID 1260 wrote to memory of 3100	1260	chrome.exe	88
PID 1260 wrote to memory of 3412	1260	chrome.exe	89
PID 1260 wrote to memory of 3412	1260	chrome.exe	89
PID 1260 wrote to memory of 3412	1260	chrome.exe	89
PID 1260 wrote to memory of 3412	1260	chrome.exe	89
PID 1260 wrote to memory of 3412	1260	chrome.exe	89
PID 1260 wrote to memory of 3412	1260	chrome.exe	89
PID 1260 wrote to memory of 3412	1260	chrome.exe	89
PID 1260 wrote to memory of 3412	1260	chrome.exe	89
PID 1260 wrote to memory of 3412	1260	chrome.exe	89
PID 1260 wrote to memory of 3412	1260	chrome.exe	89
PID 1260 wrote to memory of 3412	1260	chrome.exe	89
PID 1260 wrote to memory of 3412	1260	chrome.exe	89
PID 1260 wrote to memory of 3412	1260	chrome.exe	89
PID 1260 wrote to memory of 3412	1260	chrome.exe	89
PID 1260 wrote to memory of 3412	1260	chrome.exe	89
PID 1260 wrote to memory of 3412	1260	chrome.exe	89
PID 1260 wrote to memory of 3412	1260	chrome.exe	89
PID 1260 wrote to memory of 3412	1260	chrome.exe	89
PID 1260 wrote to memory of 3412	1260	chrome.exe	89
PID 1260 wrote to memory of 3412	1260	chrome.exe	89
PID 1260 wrote to memory of 3412	1260	chrome.exe	89
PID 1260 wrote to memory of 3412	1260	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://spainpropertyadvisor.com/cz/#contact
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff865aa9758,0x7ff865aa9768,0x7ff865aa9778
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1812,i,4143074989676610494,9036484535656976684,131072 /prefetch:2
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,4143074989676610494,9036484535656976684,131072 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1812,i,4143074989676610494,9036484535656976684,131072 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1812,i,4143074989676610494,9036484535656976684,131072 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1812,i,4143074989676610494,9036484535656976684,131072 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1812,i,4143074989676610494,9036484535656976684,131072 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1812,i,4143074989676610494,9036484535656976684,131072 /prefetch:8
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4364 --field-trial-handle=1812,i,4143074989676610494,9036484535656976684,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4672

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4368

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7fe984ed3929a7cfc84947d7395b027c

SHA1
e8057672d9c4128f86754d9a061bf8499eed8cf3

SHA256
6d790b45b05c1ca7f6c971f64c6475c2d5de2fdd9a0f2e1250058c76ed6a6eb0

SHA512
c9d932f0eeb4afc7f67381fc5221af68d9aa8e4a58fc5bd616363ea06deaa8491182227157ea33f9be375043aced34c1cf517f70bbedf1271a8bc13a15afaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cbccc31d7524d9bccbda6bf2361210b4

SHA1
2465a8468a3e9920e43853a86104b25ad166c1c0

SHA256
30ced12358e0d534e1157913b98fd635aa14f09cf778ef606058f3d54c215cde

SHA512
aaf95b715338ff669f0e6877fad56529e96fd687db781ba6d047bd50e0490f2d1235fcee3bd9af2b2eed9fec4e3cf6e75967c668a4af28fa640451b7f8b4b1bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
706afdaa015065306a292580751f5580

SHA1
1ac6d08fb380437362e0bae426b6a135f9246eec

SHA256
e55ae629a7f8b60b940d97992d25c243502527e3f5d8f378e901b37ba23627a7

SHA512
2934d2cf619b55f1f78aec36eae2dd84edc8544c3861f70b59b24be97b45d3426e3aa474cecf2700307c462fc1a9289eb3c433ad3fc8c367b3c20c02359404b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
98090c374a7efc49112f07ac8f0325dc

SHA1
37d28b66bb8410795d71a8b91214d2c4f52b9201

SHA256
3b9b62eda9331c9022f328ebd389b517c37cfdf9cb2de2e24fb54fc569a42e0a

SHA512
ca3cdf37bece8ec3aa1b03964c7ec43505e3a2f6f9b41aacf46032afbe84cb95b6f119f72c0bcd35a1c0f7d69202aa1218065a73348d5c582c0da2afe8716fb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
427d52c1a141d712fd8dccd1b0649507

SHA1
8a37c2369b1a6506e2ce38b5cd4397ccc7a61fe9

SHA256
9f25b421bb02d1e7d15f466eefe2a39a76582a98dbb07a97a336c9455afa780e

SHA512
c2be66973c7e444a10079d0a2c1ad0bbb283bb1e903090f693f2cbff4248916d2df1d0d8fcbb4e75d56a2f80ceb69aed5a565fe06e1012ad694f35ab158ca4c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4e7c5141e682ef638a5ad0db494fb3a4

SHA1
75ffb86d7309751cefb690e152403f64d9e6a9cf

SHA256
e2318c09eb4295ff097974a602b5ee390392ec1388b9bad07778729bce27b578

SHA512
222d6804538b2f53ddb6471d337501846e4031c83c33476cd20dcae3670f5cf0b57b11444eb43dac2cff81ec5f3233911b6aedf93d01c2fd2e8027015123f01f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
148KB

MD5
9c9d74fc00626a689b7f90f3490634ac

SHA1
6883ee522e3393423d3c215531c9712852af20dd

SHA256
758ba27f9b2f63b7f25e630f9b119714ee0f14cee44c1adadb621c0d93a186d8

SHA512
7bf1b29c877e39b62f7f236a9340e66b81ce235d4ed84766a912631fe8212b9099496d84366dffd0bd8eb3b3c3f10e38907055c216fedc9063e81fc30ecb5f11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit