hxxps://portalprofesional[.]cantabria[.]es

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17-08-2023 14:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://portalprofesional.cantabria.es

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133367573458691322"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1324	chrome.exe
1324	chrome.exe
2876	chrome.exe
2876	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1324	chrome.exe
1324	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 5056	1324	chrome.exe	84
PID 1324 wrote to memory of 5056	1324	chrome.exe	84
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 1260	1324	chrome.exe	86
PID 1324 wrote to memory of 3216	1324	chrome.exe	87
PID 1324 wrote to memory of 3216	1324	chrome.exe	87
PID 1324 wrote to memory of 2568	1324	chrome.exe	88
PID 1324 wrote to memory of 2568	1324	chrome.exe	88
PID 1324 wrote to memory of 2568	1324	chrome.exe	88
PID 1324 wrote to memory of 2568	1324	chrome.exe	88
PID 1324 wrote to memory of 2568	1324	chrome.exe	88
PID 1324 wrote to memory of 2568	1324	chrome.exe	88
PID 1324 wrote to memory of 2568	1324	chrome.exe	88
PID 1324 wrote to memory of 2568	1324	chrome.exe	88
PID 1324 wrote to memory of 2568	1324	chrome.exe	88
PID 1324 wrote to memory of 2568	1324	chrome.exe	88
PID 1324 wrote to memory of 2568	1324	chrome.exe	88
PID 1324 wrote to memory of 2568	1324	chrome.exe	88
PID 1324 wrote to memory of 2568	1324	chrome.exe	88
PID 1324 wrote to memory of 2568	1324	chrome.exe	88
PID 1324 wrote to memory of 2568	1324	chrome.exe	88
PID 1324 wrote to memory of 2568	1324	chrome.exe	88
PID 1324 wrote to memory of 2568	1324	chrome.exe	88
PID 1324 wrote to memory of 2568	1324	chrome.exe	88
PID 1324 wrote to memory of 2568	1324	chrome.exe	88
PID 1324 wrote to memory of 2568	1324	chrome.exe	88
PID 1324 wrote to memory of 2568	1324	chrome.exe	88
PID 1324 wrote to memory of 2568	1324	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://portalprofesional.cantabria.es
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7fff5bbd9758,0x7fff5bbd9768,0x7fff5bbd9778
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1856,i,13307472635156291069,15842896515476150578,131072 /prefetch:2
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1856,i,13307472635156291069,15842896515476150578,131072 /prefetch:8
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1856,i,13307472635156291069,15842896515476150578,131072 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1856,i,13307472635156291069,15842896515476150578,131072 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1856,i,13307472635156291069,15842896515476150578,131072 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1856,i,13307472635156291069,15842896515476150578,131072 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1856,i,13307472635156291069,15842896515476150578,131072 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3844 --field-trial-handle=1856,i,13307472635156291069,15842896515476150578,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2876

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
989B

MD5
2ead93b3c5082d6c8046567eca93e8e2

SHA1
c10b9efbbfe36a5655f43b6e120152ec7426935f

SHA256
559aab57509dd4abaeab6cf5fa9a21cd678e433be1da04c9c7e396e9b0ceb1ef

SHA512
752a6fcb0f791c4af6d16ce2b2d673e78ec110b56fece05a2b4d84bbaa32e6751e50bab33209c3d848767e819876cb0a76ba06e6e476b9a521b3a5305e0fab38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
39d58a1d65b338b7cac6550638f8adbd

SHA1
625130567c51dc13167bcd4baa9d39ec16b564da

SHA256
b02b1b6136c9ae43b81cf4d4cf9e735f07bafc0d95a5cfd009323f2fb037437b

SHA512
e477b8e932153f0da390ffc0d6fe21e523789a080cfe00ee8fa720ad46996faf55199c4ee2da04d00348ca7f3dcd31899844f7855a9dbf6b6aca033d330f6af9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0f422647b43e02ae47c57a35004f5c9a

SHA1
d1ec1e7f213ad111b6a74d11daf2ad2b4039772b

SHA256
f3f6cf47a141b070273cf587ceff8884d3a27351c07ebec6a2277344108c27e9

SHA512
f6ed3ec5bd50a1e6fda56ab77d09cc24aa557760f6ca4ceecf9e0d638e9d44f7c3b61a43901a5c0a247846b900f8d1d31dcc9538cd4c23b3ea7ca22bc93b540f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
ad3449cdcd55d63e5170b499606335dc

SHA1
3a6885cf77537d58f7db8a94a75c0efab2e7049a

SHA256
b700302262130647de5fae7ab6b1014412de7f168fb999e37e8efef08ebedb8e

SHA512
6eb3f2c29e53090a822fc6294e62ad1ec5538b8c3d688a38f2064cba7b5251a26805a4d3f2376455292143968c2d7f65b30aa8e09bc8b87c6c3d5a32944b8af9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit