hxxps://abb[.]bennercloud[.]com[.]br/Juridico/Juridico?i=JURIDICO&m=MAIN

Analysis

max time kernel
60s
max time network
62s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19-05-2023 03:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://abb.bennercloud.com.br/Juridico/Juridico?i=JURIDICO&m=MAIN

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133289472701355726"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1644	chrome.exe
1644	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 4104	1644	chrome.exe	84
PID 1644 wrote to memory of 4104	1644	chrome.exe	84
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 3592	1644	chrome.exe	85
PID 1644 wrote to memory of 216	1644	chrome.exe	86
PID 1644 wrote to memory of 216	1644	chrome.exe	86
PID 1644 wrote to memory of 4832	1644	chrome.exe	87
PID 1644 wrote to memory of 4832	1644	chrome.exe	87
PID 1644 wrote to memory of 4832	1644	chrome.exe	87
PID 1644 wrote to memory of 4832	1644	chrome.exe	87
PID 1644 wrote to memory of 4832	1644	chrome.exe	87
PID 1644 wrote to memory of 4832	1644	chrome.exe	87
PID 1644 wrote to memory of 4832	1644	chrome.exe	87
PID 1644 wrote to memory of 4832	1644	chrome.exe	87
PID 1644 wrote to memory of 4832	1644	chrome.exe	87
PID 1644 wrote to memory of 4832	1644	chrome.exe	87
PID 1644 wrote to memory of 4832	1644	chrome.exe	87
PID 1644 wrote to memory of 4832	1644	chrome.exe	87
PID 1644 wrote to memory of 4832	1644	chrome.exe	87
PID 1644 wrote to memory of 4832	1644	chrome.exe	87
PID 1644 wrote to memory of 4832	1644	chrome.exe	87
PID 1644 wrote to memory of 4832	1644	chrome.exe	87
PID 1644 wrote to memory of 4832	1644	chrome.exe	87
PID 1644 wrote to memory of 4832	1644	chrome.exe	87
PID 1644 wrote to memory of 4832	1644	chrome.exe	87
PID 1644 wrote to memory of 4832	1644	chrome.exe	87
PID 1644 wrote to memory of 4832	1644	chrome.exe	87
PID 1644 wrote to memory of 4832	1644	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://abb.bennercloud.com.br/Juridico/Juridico?i=JURIDICO&m=MAIN
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc04d69758,0x7ffc04d69768,0x7ffc04d69778
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1764,i,2385052929658042394,13591180124363297685,131072 /prefetch:2
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1764,i,2385052929658042394,13591180124363297685,131072 /prefetch:8
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1764,i,2385052929658042394,13591180124363297685,131072 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1764,i,2385052929658042394,13591180124363297685,131072 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1764,i,2385052929658042394,13591180124363297685,131072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1764,i,2385052929658042394,13591180124363297685,131072 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1764,i,2385052929658042394,13591180124363297685,131072 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5080 --field-trial-handle=1764,i,2385052929658042394,13591180124363297685,131072 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3484 --field-trial-handle=1764,i,2385052929658042394,13591180124363297685,131072 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5088 --field-trial-handle=1764,i,2385052929658042394,13591180124363297685,131072 /prefetch:1
  2⤵
  PID:4332

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3964

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4ac751c2-0184-4ff8-a183-96e818a0b5ab.tmp

Filesize
4KB

MD5
29948d6a57e0abd56a117228ee105dff

SHA1
1443ed884e92a768624116d68a59c62cd698ed4b

SHA256
9fdc8dce5c31dd5f9401677d65bad80ab4f895d6eb0969cba246cd529718f86b

SHA512
94376f4ac9d156fd9dc30ff3822e34113e3898aba3fb652f8acde99b070b11bf656861d0c62d88920a20b0aafd75da6e9971605b58d2a766a8c0b643b38d226e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
3f4a331320b39707ce472604b5d7298c

SHA1
41b3bec1ab9924c6a49359d83fc99e27eae3d8ba

SHA256
6dc8f0bb3bf1af5192b6b8954eb8d5a766b5aa62f2a1bee39be5bf6ede9c4872

SHA512
29b4987df29b4253ca0411f52acc9a5bee8c951eae492d79516437e9c4c25c5224d6cf5a036852cd5b5aca82c3aa159009f4f3de4cbb8674716949095bfdaafe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
67ab583f8e1ae05191c9dbcc8650f5e7

SHA1
8b22331c676bb03bb26d2d4de8ae036323037b74

SHA256
ec4b967c0ea62f774f957b53672a1172a14347a7f189210a9f3b8afffaa14189

SHA512
7c92cea260dd0e2805d5bc34879b78e3acfa04407ece4a9d9a07462c7e647c32822b2c6aebad9a4cf1bb38dee6e076f4ecf719bc095342ed6d89ec8dd645d05c

Download Submit