hxxps://e-services[.]tmf-group[.]cl/document/s003/public/report/recibo_pago/report[.]aspx?s=645E&e=665B57505F5E5B560E79&f1=665D545058585C5C&f2=665D5450585C5E50&f3=665D5450585C5E50&t=665D575B

Analysis

max time kernel
93s
max time network
95s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
05-06-2023 20:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://e-services.tmf-group.cl/document/s003/public/report/recibo_pago/report.aspx?s=645E&e=665B57505F5E5B560E79&f1=665D545058585C5C&f2=665D5450585C5E50&f3=665D5450585C5E50&t=665D575B

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133304715056708516"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3704	chrome.exe
3704	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3704	chrome.exe
3704	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3704 wrote to memory of 3756	3704	chrome.exe	66
PID 3704 wrote to memory of 3756	3704	chrome.exe	66
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4156	3704	chrome.exe	68
PID 3704 wrote to memory of 4160	3704	chrome.exe	69
PID 3704 wrote to memory of 4160	3704	chrome.exe	69
PID 3704 wrote to memory of 4000	3704	chrome.exe	70
PID 3704 wrote to memory of 4000	3704	chrome.exe	70
PID 3704 wrote to memory of 4000	3704	chrome.exe	70
PID 3704 wrote to memory of 4000	3704	chrome.exe	70
PID 3704 wrote to memory of 4000	3704	chrome.exe	70
PID 3704 wrote to memory of 4000	3704	chrome.exe	70
PID 3704 wrote to memory of 4000	3704	chrome.exe	70
PID 3704 wrote to memory of 4000	3704	chrome.exe	70
PID 3704 wrote to memory of 4000	3704	chrome.exe	70
PID 3704 wrote to memory of 4000	3704	chrome.exe	70
PID 3704 wrote to memory of 4000	3704	chrome.exe	70
PID 3704 wrote to memory of 4000	3704	chrome.exe	70
PID 3704 wrote to memory of 4000	3704	chrome.exe	70
PID 3704 wrote to memory of 4000	3704	chrome.exe	70
PID 3704 wrote to memory of 4000	3704	chrome.exe	70
PID 3704 wrote to memory of 4000	3704	chrome.exe	70
PID 3704 wrote to memory of 4000	3704	chrome.exe	70
PID 3704 wrote to memory of 4000	3704	chrome.exe	70
PID 3704 wrote to memory of 4000	3704	chrome.exe	70
PID 3704 wrote to memory of 4000	3704	chrome.exe	70
PID 3704 wrote to memory of 4000	3704	chrome.exe	70
PID 3704 wrote to memory of 4000	3704	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://e-services.tmf-group.cl/document/s003/public/report/recibo_pago/report.aspx?s=645E&e=665B57505F5E5B560E79&f1=665D545058585C5C&f2=665D5450585C5E50&f3=665D5450585C5E50&t=665D575B
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffab6a79758,0x7ffab6a79768,0x7ffab6a79778
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1820,i,10953413576052025529,12359483986795512978,131072 /prefetch:2
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1820,i,10953413576052025529,12359483986795512978,131072 /prefetch:8
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1820,i,10953413576052025529,12359483986795512978,131072 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1820,i,10953413576052025529,12359483986795512978,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1820,i,10953413576052025529,12359483986795512978,131072 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1820,i,10953413576052025529,12359483986795512978,131072 /prefetch:8
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4968 --field-trial-handle=1820,i,10953413576052025529,12359483986795512978,131072 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1820,i,10953413576052025529,12359483986795512978,131072 /prefetch:8
  2⤵
  PID:4936

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3076

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
44bb3a1b8aad1c5cbd182a83a398fcb3

SHA1
31e05ee56a9012010c3b0c5e54633bc9351c9ea7

SHA256
0a1ed14ec2da895e218c5cfd787396dc9ec012a3be343506a3e66b5ca813198a

SHA512
2af78ca528e531ec84f9c6bf2435b3b5aa45289368530d92a835f2712783c60bff8bf1b34cc7664e92d7b9d03cb83f6ca8fe31ff6c4e462c27a1473345bcdf7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
e9256b1521551938873c2e17b118bcc5

SHA1
5b3fb109d866a94655046940cf9c4defb9397061

SHA256
69d111e0c16873af16f3a84b4e20009c5c4bb79e67c27b7be208a941c3873260

SHA512
4905bd5c53aed787cf736cb5ddd871c8063a3048d9f57c198d9ca3336bc14fadb142d465ee811d18f71f457c4858939c6529e3360511a8a8487629ee5818762a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
ca58a0a66fcd2a48fbb200c9db4bd0a2

SHA1
1b547dee6c2915da31e99d9e0f79c17de5cc2759

SHA256
4f7c733e8046fb59d874a3afa86f7f8c9aa6018c5d9b8c0275bcd79b3dad88af

SHA512
1c74f69e1ef028373077fbc803b85157aee0ce61387fb6b1eac1c9ce4c87f2026e0cc1326910f38014519df08252c96cec0877d5c6769bef67d276e5ade601ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2e1aa4f2779dd1015ac683d64641b33b

SHA1
4260fd38b31ab5e61e1bf9034992462463ad2d6a

SHA256
1bf9d273717e006bb691cac40ca1349a0bc2dcb840737a123e8afe928cd65128

SHA512
9915922c11d36ca574b8c331e23a21529b711695fbffe98938a254f272aeb365e5710b5b3b948486d77ab2fca045effbb1bd0e2c78f9e9977fec9abe48cf6f22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
65627746028f1453532b2fceb94b3b70

SHA1
257ea23b98f92ecb61afa092ae123f2039105a9f

SHA256
f90c11bc8f75b5b952fcf393d16a2bcb5d235b093825acebde77e500b9253201

SHA512
7085185d7fafd3f010ae4cc0d27c8605ff9cec596307d29b633d8bb5003797386b00173a871929c52c4e7186792cad43d619e2efdfecef7c587a2639a5ae2416

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
28c9b6a0ff87c6d4759997bf25fa59bc

SHA1
a7dee8f392eda999d335dc9c5f23726bb4feb836

SHA256
2c38e3f4c9429f25209305810ff6ca03ca0f4343029280225f8dd659f4f0d948

SHA512
4ff0117019bac6ded2cc89aa9081e39a1081068f410c4f6aca8072121ad79caa8933ab0876fd560bcf825962a1cff1b03f695de58cb992e49e6423b7e303235e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
f5ff047bdd2b4619b178e4024096fb28

SHA1
0edb9e3b57e95360c70f366a680a646e4505a40a

SHA256
f34638523ed4fe99499c5e93d0d48e0281a89d58c564c87b72ce7f373d54b118

SHA512
5d7016ca33758f714e8a3cf116e1a475ee733e99300419b83bc8399bbc42980b653def9287ad2333d86d3b514883460f09f588ae2b1296b55a557cdfd5140fc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
0909146c343abed63e54808740029178

SHA1
1dd74f2499743a4897d59b2406d9d44f9253868a

SHA256
f5a7ab38e93110384f9b360c68784f67e3173aae2ed9ff85abeb861fa5dd7bfe

SHA512
e10fa4e93272b8ea5d16f95a1008cda0333225fcab8f46cd801c3ec8a7b4436bc6c285c3d10b2214c85ca585b66e4e761261beb4468b32ba03e3223ccacf64d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit