hxxps://www[.]deltanueve[.]com[.]gt/

Analysis

max time kernel
103s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20230703-es
resource tags

arch:x64arch:x86image:win10v2004-20230703-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
28/08/2023, 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.deltanueve.com.gt/

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133377191289263468"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2640	chrome.exe
2640	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2640 wrote to memory of 2196	2640	chrome.exe	82
PID 2640 wrote to memory of 2196	2640	chrome.exe	82
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 2972	2640	chrome.exe	84
PID 2640 wrote to memory of 4568	2640	chrome.exe	86
PID 2640 wrote to memory of 4568	2640	chrome.exe	86
PID 2640 wrote to memory of 1312	2640	chrome.exe	85
PID 2640 wrote to memory of 1312	2640	chrome.exe	85
PID 2640 wrote to memory of 1312	2640	chrome.exe	85
PID 2640 wrote to memory of 1312	2640	chrome.exe	85
PID 2640 wrote to memory of 1312	2640	chrome.exe	85
PID 2640 wrote to memory of 1312	2640	chrome.exe	85
PID 2640 wrote to memory of 1312	2640	chrome.exe	85
PID 2640 wrote to memory of 1312	2640	chrome.exe	85
PID 2640 wrote to memory of 1312	2640	chrome.exe	85
PID 2640 wrote to memory of 1312	2640	chrome.exe	85
PID 2640 wrote to memory of 1312	2640	chrome.exe	85
PID 2640 wrote to memory of 1312	2640	chrome.exe	85
PID 2640 wrote to memory of 1312	2640	chrome.exe	85
PID 2640 wrote to memory of 1312	2640	chrome.exe	85
PID 2640 wrote to memory of 1312	2640	chrome.exe	85
PID 2640 wrote to memory of 1312	2640	chrome.exe	85
PID 2640 wrote to memory of 1312	2640	chrome.exe	85
PID 2640 wrote to memory of 1312	2640	chrome.exe	85
PID 2640 wrote to memory of 1312	2640	chrome.exe	85
PID 2640 wrote to memory of 1312	2640	chrome.exe	85
PID 2640 wrote to memory of 1312	2640	chrome.exe	85
PID 2640 wrote to memory of 1312	2640	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.deltanueve.com.gt/
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbb229758,0x7ffdbb229768,0x7ffdbb229778
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1836,i,2561962624081962153,16208348021627540760,131072 /prefetch:2
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1836,i,2561962624081962153,16208348021627540760,131072 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1836,i,2561962624081962153,16208348021627540760,131072 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1836,i,2561962624081962153,16208348021627540760,131072 /prefetch:1
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1836,i,2561962624081962153,16208348021627540760,131072 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1836,i,2561962624081962153,16208348021627540760,131072 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1836,i,2561962624081962153,16208348021627540760,131072 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3952 --field-trial-handle=1836,i,2561962624081962153,16208348021627540760,131072 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1836,i,2561962624081962153,16208348021627540760,131072 /prefetch:8
  2⤵
  PID:4328

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
843fcb0a3900ac9a55c02e5efe5869eb

SHA1
0bac82b5912cda0bf815afe8a7f62d160cbd830d

SHA256
3f98dba9cc3c603f649f8743b7ccc5bfb734f838101f38f3874e4341b900cfdb

SHA512
e1b0a70aad5cc9975e5d65f2881c426a37066c7a42f70f32f719929aa3d3787cae94b9283927c426ede6eda42c67526aac63a130e8aed32c755645efe6211b48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
60eee3d2cde904628af1fef9b2696795

SHA1
2162ec5b623d452b41b282040d5ea7b1634957ed

SHA256
25155aeb1ff77e1a2a828a46f3815d71cfaace0a047deed7667fa7071ad52288

SHA512
a4b9905b6390d0cd931ff39c622759a3fe8e429b9bd4914b4f1b425eddc17654188f104a5c58cf376d9cac830d712c7b6c8efe1fc6eca8a3fb4dc1885613dd2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
516047227e12702efe135444eb730225

SHA1
2628049be9065d338d37e2f6ac5dd940adbfcd1b

SHA256
c5ac309456e40332f5e88fb27cb0dba36a978c8b221a31dbcc22d7e80e10fb89

SHA512
ccbf838469423609905eacb19371f45aeeb6922b13ad8fec028ea8bd8c69f8d14a29bdfb1f3ab8d9997269cffe42439dace57f59d5c768ef2445383c089de5c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e156608e3a8aa96ea62617e1ecd68839

SHA1
2f9f266b2799398d2dc29611dbea7f50dbb83d1b

SHA256
8a8c82e9a80a07f97a05980fd78b2a92d8a8312118cdbdfc8366ee540be0536a

SHA512
47ffeb9e06b2449d2272aace691967afc7ab27d44fd1c30bc1688645f38b4fb234cb4ce0be6f90a646c8f27dee0983d328c4705bd92b74c35ea1bc9b4614262e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
108KB

MD5
ddd79178fea7944ad000ba9ba91723c2

SHA1
6785e2ffd370f8cb8995c76becc5fe28c0932ef8

SHA256
66a880ddc89e165dbe533359942dc64f1ae2f85040faaee82477bd0e932e6cd0

SHA512
b5d2b0ee708a3087b2949e6feac453f619ef1ac568600f6fa29d16d6087a1c5ca8e353b01e2db01604e7b91dcb4d1c7797990a0722ba35ac31ffad604b3053ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
188ccb13a0713eb9628604380d4f73ec

SHA1
1bda02d91d2930babeb9079f96d043955fc85874

SHA256
2231a8a24c09710c9f12c999c68cc426ceb192a9b22108459f2111ade8c29033

SHA512
f39e59d809e9c2092ab0aff05f761c58b8634c98109b6a10a5be68c13e5a8875312aef8e965ad7f6082b59dc3350cbf42b9d71b1021bef52b86dafa74958e3c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
41a616a03190e6c928454c23fe4a84da

SHA1
833b06c21e3fc54b5227ecc090a4c41407de44db

SHA256
72a1f8a4d69d21622f8d8d449f43279279cb2065b10458e2e80d19f45d91c297

SHA512
42c16f4be80f5728a3330d525227d02ccf6c800bb39f9ed51a4f6cbf14181db524b35d0235af30ec5998f9488224d57757833bdf609e7b39c9beb683765071c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
c61b2778a39c556dc91aab397e5054ad

SHA1
4495d324dcd47f348a07afdaf389f0bec08e527a

SHA256
4ded2fbf48d3a56ff3b421d20535c27bf7f8fff692fed32fe31b97a68bcac606

SHA512
43c117afb506252b61662c139f568a9ba35cdd493e186797486eb97e34c55ca25d587d626887779b67c01e7308e71602cbefc80da0303acb1a2d730e09bb524d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit