Analysis
-
max time kernel
150s -
max time network
137s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system -
submitted
25-05-2023 12:21
Static task
static1
Behavioral task
behavioral1
Sample
Visualizar_Certidao_de_Protesto71260251494.html
Resource
win10-20230220-en
windows10-1703-x64
8 signatures
150 seconds
General
-
Target
Visualizar_Certidao_de_Protesto71260251494.html
-
Size
640B
-
MD5
b41664793d748ccae5995aadb6a7151b
-
SHA1
c1144867d4a2995e7f69c02f788a7ec2d9fd1405
-
SHA256
5b56329c1446d0ea7a6b706f6b5e8aea6a06ab934b66eeb365227655540ca2b9
-
SHA512
142dddebe9f294e96ce2d1dbc5770e2fb46fb55b317175dd4c0c9d3afcdf1abf8c143c31fff5012f6797319d1cee0c86a2dddf4abe12dd5e2a196f4a15a6c77f
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133294909436652560" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 708 chrome.exe 708 chrome.exe 1692 chrome.exe 1692 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 708 chrome.exe 708 chrome.exe 708 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe Token: SeShutdownPrivilege 708 chrome.exe Token: SeCreatePagefilePrivilege 708 chrome.exe -
Suspicious use of FindShellTrayWindow 35 IoCs
pid Process 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe 708 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 708 wrote to memory of 1068 708 chrome.exe 66 PID 708 wrote to memory of 1068 708 chrome.exe 66 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4204 708 chrome.exe 69 PID 708 wrote to memory of 4184 708 chrome.exe 68 PID 708 wrote to memory of 4184 708 chrome.exe 68 PID 708 wrote to memory of 4208 708 chrome.exe 70 PID 708 wrote to memory of 4208 708 chrome.exe 70 PID 708 wrote to memory of 4208 708 chrome.exe 70 PID 708 wrote to memory of 4208 708 chrome.exe 70 PID 708 wrote to memory of 4208 708 chrome.exe 70 PID 708 wrote to memory of 4208 708 chrome.exe 70 PID 708 wrote to memory of 4208 708 chrome.exe 70 PID 708 wrote to memory of 4208 708 chrome.exe 70 PID 708 wrote to memory of 4208 708 chrome.exe 70 PID 708 wrote to memory of 4208 708 chrome.exe 70 PID 708 wrote to memory of 4208 708 chrome.exe 70 PID 708 wrote to memory of 4208 708 chrome.exe 70 PID 708 wrote to memory of 4208 708 chrome.exe 70 PID 708 wrote to memory of 4208 708 chrome.exe 70 PID 708 wrote to memory of 4208 708 chrome.exe 70 PID 708 wrote to memory of 4208 708 chrome.exe 70 PID 708 wrote to memory of 4208 708 chrome.exe 70 PID 708 wrote to memory of 4208 708 chrome.exe 70 PID 708 wrote to memory of 4208 708 chrome.exe 70 PID 708 wrote to memory of 4208 708 chrome.exe 70 PID 708 wrote to memory of 4208 708 chrome.exe 70 PID 708 wrote to memory of 4208 708 chrome.exe 70
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\Visualizar_Certidao_de_Protesto71260251494.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:708 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9b7ac9758,0x7ff9b7ac9768,0x7ff9b7ac97782⤵PID:1068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 --field-trial-handle=1804,i,577169388765365745,646702896757733592,131072 /prefetch:82⤵PID:4184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1804,i,577169388765365745,646702896757733592,131072 /prefetch:22⤵PID:4204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 --field-trial-handle=1804,i,577169388765365745,646702896757733592,131072 /prefetch:82⤵PID:4208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1804,i,577169388765365745,646702896757733592,131072 /prefetch:12⤵PID:3712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1804,i,577169388765365745,646702896757733592,131072 /prefetch:12⤵PID:3004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=852 --field-trial-handle=1804,i,577169388765365745,646702896757733592,131072 /prefetch:12⤵PID:704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1804,i,577169388765365745,646702896757733592,131072 /prefetch:82⤵PID:4800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1804,i,577169388765365745,646702896757733592,131072 /prefetch:82⤵PID:5044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4660 --field-trial-handle=1804,i,577169388765365745,646702896757733592,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1692
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4156
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD547a71fdecfea448261504afe6a1e7646
SHA1ec366733c5acead0dc7925cdf624a3f8649b4c5b
SHA2566a566099266df5af24e549933ede0b82e2e8e0d2fe5477501ac2551acd7d5dda
SHA51243b066a6ac6727e71b85af47e459655dc6daa6b4c356eee3c0ab0d4c2773696266c55c04813c2eaefd8662c56da288a2241fc3b06c6cfc3cf404ecea59328c79
-
Filesize
1KB
MD56163a7376a17a8a1322bc70a1065e258
SHA152b51578cfbc50b98e4a513db0d322766c478811
SHA2561f7e5dbe3f8a188c1fddd992884191f858fa03821b9801443ac2dfaae051e976
SHA51203e3f8cca7814cb088012a7f0439fb5a650e2db350ebea1a8bf29704c8ed3857984bbf8db1ec99904668c53ae760145f4430c7a97aa5a788569887afba3157cd
-
Filesize
5KB
MD524239587cf9f7aa7866895f05ba084ad
SHA187a491faa91091a805d32c83eb47800c6c410f77
SHA256f5cf8ae8f173fcc95ab829ec4a5563688f6035f04fb1e240fa7b28afcfb8b9ae
SHA512f793d06c1c3fb4fe07e211c1effb69d06538f5375a11abb59c29e615a960a74123b8d18ce5c15c456433cf938d9dd50d39c2a192e47e4ed4d1b5659072516200
-
Filesize
5KB
MD5bd13ed5cbf059ecdba38b9a83c8b1a27
SHA1e8a2985d3a54bfa2f9e8330001dad81684a1e4e1
SHA256698ecf44b249f816a1c76ac74c88dc1bf6239be168c05be8205f67bd6568c7ac
SHA51268ac57dd788ce859e91e8c52fb85e2b0963487b328be248e2c4788fcf9deaf39c0e053be3d244dbdbb0b0546cad37625039c84b944f3f8e3c4469259d06f6cae
-
Filesize
5KB
MD5c5ffe346911d28507c79b0715575cf1c
SHA12992bcbac14b835369c14090fee4f2f9b3d0ce07
SHA25694b62f82c63634813261a78fdec86f3a3a16ef4c17fa73b547cd66d7de180002
SHA512fcbf4550a659d4503c01b46535847d3a032c0894c845a57d2d5d164a51671bc997ed9310b2335ce7f73958daa1c6cbc5ebdc93130495498dd5fcaa9a2290daea
-
Filesize
5KB
MD5076ada32a551f8e9bacfa4d45767900c
SHA16c37a0b07e0de9e5fa8df6de6b176da6977035e1
SHA2567dedd3d3116068b58405eb3fc11000cc08dfc4b6494a6c771428bdc60647e4a5
SHA512d6c43ec2aaf0b88f1c5d8eece9693dce5a03a0ab750e79f51de96402da17f4c206a0a049c409d58f5fca4381549f1f72bb5269acafb2f55527cdf20d499d89bf
-
Filesize
153KB
MD5bf3ef9556b3784587cc5f3b3b64b0823
SHA1dbdb375756178c0653286056aa7d1fa8bae2bbf3
SHA256ccd65db745493a4191c3cdad4e510422dbfa48206bf982bc352f54fb7ecfb811
SHA512a0ce3a78df65fa47c25a181d4d14d2eeab2e895dea6a9f8fae08a7b19f447beca1a3b425d1641692867aad21ccbecc88dada6d20da0678084ca844d9deab724d
-
Filesize
153KB
MD5355cb56d986f7afddcbd7293afdd5b22
SHA1bd643792001d78bddc5c2c5fbba0cd847779caec
SHA2566428f68853af54d626c2b51699aa41ae6d8a60c63eb95c7c3a765b74e7961ddf
SHA5128383767e07d5962f1f0ccbbbbf07d274a1e1fa83cca5ae48f25f5180447b9a7f1c0111e954004d94e85b9eaeed1b99af6ec1936b60fd278c9109c1da615d9ed9
-
Filesize
153KB
MD579d4489d3fab015d72275aa521930939
SHA109bacfb07f9a705adb7271ad11a355f90b2ebc2f
SHA256fd7caa2010b8f30f71bfc3f7d6251d29a0809e09c91211e9faa12eb54fb6f215
SHA5127d88337609fd1754210152291628e09ea42773c92fa67a2cde84720348c68f930897c1acb3cf30d463bc91dde831a4818c34a2f3e979f2ccc2acc63eb81d7034
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd