hxxps://www[.]facebook[.]com/Cajeros5B

Analysis

max time kernel
24s
max time network
26s
platform
windows10-2004_x64
resource
win10v2004-20230703-es
resource tags

arch:x64arch:x86image:win10v2004-20230703-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
16/08/2023, 15:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.facebook.com/Cajeros5B

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133366746469751234"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of AdjustPrivilegeToken 44 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 4880	4868	chrome.exe	81
PID 4868 wrote to memory of 4880	4868	chrome.exe	81
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 2220	4868	chrome.exe	83
PID 4868 wrote to memory of 1948	4868	chrome.exe	84
PID 4868 wrote to memory of 1948	4868	chrome.exe	84
PID 4868 wrote to memory of 3332	4868	chrome.exe	85
PID 4868 wrote to memory of 3332	4868	chrome.exe	85
PID 4868 wrote to memory of 3332	4868	chrome.exe	85
PID 4868 wrote to memory of 3332	4868	chrome.exe	85
PID 4868 wrote to memory of 3332	4868	chrome.exe	85
PID 4868 wrote to memory of 3332	4868	chrome.exe	85
PID 4868 wrote to memory of 3332	4868	chrome.exe	85
PID 4868 wrote to memory of 3332	4868	chrome.exe	85
PID 4868 wrote to memory of 3332	4868	chrome.exe	85
PID 4868 wrote to memory of 3332	4868	chrome.exe	85
PID 4868 wrote to memory of 3332	4868	chrome.exe	85
PID 4868 wrote to memory of 3332	4868	chrome.exe	85
PID 4868 wrote to memory of 3332	4868	chrome.exe	85
PID 4868 wrote to memory of 3332	4868	chrome.exe	85
PID 4868 wrote to memory of 3332	4868	chrome.exe	85
PID 4868 wrote to memory of 3332	4868	chrome.exe	85
PID 4868 wrote to memory of 3332	4868	chrome.exe	85
PID 4868 wrote to memory of 3332	4868	chrome.exe	85
PID 4868 wrote to memory of 3332	4868	chrome.exe	85
PID 4868 wrote to memory of 3332	4868	chrome.exe	85
PID 4868 wrote to memory of 3332	4868	chrome.exe	85
PID 4868 wrote to memory of 3332	4868	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.facebook.com/Cajeros5B
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5f519758,0x7fff5f519768,0x7fff5f519778
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1872,i,16935817553763816916,8618209067629983492,131072 /prefetch:2
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1872,i,16935817553763816916,8618209067629983492,131072 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2172 --field-trial-handle=1872,i,16935817553763816916,8618209067629983492,131072 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3188 --field-trial-handle=1872,i,16935817553763816916,8618209067629983492,131072 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1872,i,16935817553763816916,8618209067629983492,131072 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4520 --field-trial-handle=1872,i,16935817553763816916,8618209067629983492,131072 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1872,i,16935817553763816916,8618209067629983492,131072 /prefetch:8
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1872,i,16935817553763816916,8618209067629983492,131072 /prefetch:8
  2⤵
  PID:2996

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3bba82f09b83ec7793b366286d8c2eed

SHA1
15d5dfcacc47bea9ad77349aeb34b74d0c72ac05

SHA256
655bfb17ced727cf50b395d141b55f9d7a074d7bd51e3071c609fa585d0d94a1

SHA512
607dab13e0dce2551d8278cf953c51e7f5ccb2263cd34377dd62663da6fb77f8be2f55301b597ebcfb66a4d486c6d3aa25053c5c4e7e428a0c8690d27033302d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
2d1830c6e740917ef8bcaa142eb8a96e

SHA1
d089a4b5c1bd25fadfb9a21df25f4e1b9d9897c1

SHA256
aac801521afad89be78e8ebf7b28374a1ecff655bc344ca4ca89c989ae29903a

SHA512
2d1f26b9cfd150cde04257be60e8fffa4a28353da4a954a1384a3a4acc0a3355b6b4c82c7d8fb81a83d6288ee6b45373d1e36f9504664a9c4a368e6d1937c514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2db13791a6beccd45fe44ec3db7417af

SHA1
760c881704abf03c0cf4e5ccdf7c3ee3602cc870

SHA256
619ebc981aa1260988b0f04e75321303e1e67179d004e403ce219aa389da21be

SHA512
7860e98f2591169113cb7676c04a140fc82fa50a041c7960658f1055bc4114adc50f19391f360676ac3bba99eb131695d6e02874b17408d573c7215febbc952f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ccdb21bd4d73f3581a5f13384d10bbe7

SHA1
89058baf14b2dd5e7378409fa4376d9c2acf6bf3

SHA256
3dd9c5d9e2cc452c52a79fa783bad2edab927b289006abc4e265515eba45cb12

SHA512
71b242347470cba7dd923e45a12fd8309b4bb7a13bc794bf154745280192fe6e45830732cb5e51f40850215b91f8f91b520ab3ff3390f7720a13eea02ec5de58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
171KB

MD5
0e7266f24800ef12fc4fb0e37e6e8997

SHA1
5cf19c4cc5fb2e2bce23f7822429a1c1e6061302

SHA256
3685b32e12c15e34f1229e2c721f678cb587767874e067bee677cfbd5c76ca79

SHA512
46af1fd20be1c270c60ab94aa4e45152f4e13f2ddd4850adce67160daa760302ae2703fbc92b9e3d5a9ed611ffecb69e7d9e426c17b89269cf575b68ba030865

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit