hxxps://verrsa88900past-due-payment[.]hosteriacostanera[.]com/waratahnzhelpdesk@waratah[.]com/due-upon-receipt

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
30/08/2023, 04:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://verrsa88900past-due-payment.hosteriacostanera.com/[email protected]/due-upon-receipt

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133378449107825164"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1708	chrome.exe
1708	chrome.exe
4376	chrome.exe
4376	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 4784	1708	chrome.exe	81
PID 1708 wrote to memory of 4784	1708	chrome.exe	81
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 960	1708	chrome.exe	84
PID 1708 wrote to memory of 4856	1708	chrome.exe	83
PID 1708 wrote to memory of 4856	1708	chrome.exe	83
PID 1708 wrote to memory of 4052	1708	chrome.exe	85
PID 1708 wrote to memory of 4052	1708	chrome.exe	85
PID 1708 wrote to memory of 4052	1708	chrome.exe	85
PID 1708 wrote to memory of 4052	1708	chrome.exe	85
PID 1708 wrote to memory of 4052	1708	chrome.exe	85
PID 1708 wrote to memory of 4052	1708	chrome.exe	85
PID 1708 wrote to memory of 4052	1708	chrome.exe	85
PID 1708 wrote to memory of 4052	1708	chrome.exe	85
PID 1708 wrote to memory of 4052	1708	chrome.exe	85
PID 1708 wrote to memory of 4052	1708	chrome.exe	85
PID 1708 wrote to memory of 4052	1708	chrome.exe	85
PID 1708 wrote to memory of 4052	1708	chrome.exe	85
PID 1708 wrote to memory of 4052	1708	chrome.exe	85
PID 1708 wrote to memory of 4052	1708	chrome.exe	85
PID 1708 wrote to memory of 4052	1708	chrome.exe	85
PID 1708 wrote to memory of 4052	1708	chrome.exe	85
PID 1708 wrote to memory of 4052	1708	chrome.exe	85
PID 1708 wrote to memory of 4052	1708	chrome.exe	85
PID 1708 wrote to memory of 4052	1708	chrome.exe	85
PID 1708 wrote to memory of 4052	1708	chrome.exe	85
PID 1708 wrote to memory of 4052	1708	chrome.exe	85
PID 1708 wrote to memory of 4052	1708	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://verrsa88900past-due-payment.hosteriacostanera.com/[email protected]/due-upon-receipt
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9dc009758,0x7ff9dc009768,0x7ff9dc009778
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1876,i,8893316877034472030,927481360671394078,131072 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1876,i,8893316877034472030,927481360671394078,131072 /prefetch:2
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1876,i,8893316877034472030,927481360671394078,131072 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1876,i,8893316877034472030,927481360671394078,131072 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1876,i,8893316877034472030,927481360671394078,131072 /prefetch:1
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3660 --field-trial-handle=1876,i,8893316877034472030,927481360671394078,131072 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3968 --field-trial-handle=1876,i,8893316877034472030,927481360671394078,131072 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 --field-trial-handle=1876,i,8893316877034472030,927481360671394078,131072 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1016 --field-trial-handle=1876,i,8893316877034472030,927481360671394078,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4376

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
180KB

MD5
497835d373e12af4cd257487dd5d3612

SHA1
425950e9427926ac0aa7940c4a18a44ab59df47a

SHA256
e11ff08dff0a884b311133e2469146b2a54319cf60094511e098df0c3677c4e0

SHA512
aa05611f56185e02289345f9c286ca98f96d5e1d24c8d152605e866e60013dc2945fc60f826e81459003ca9c2b7d439c0f6fdd173cbee57cd751ee51b18d2bf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
936752fdf2021e0be8a84924430a868b

SHA1
84bce78b269d1dbe1792fd75ba6a24133953ca26

SHA256
c9ff11b882017c31815c305fd95eed4c2c60ab11cac0ff8553bf6c72879ccaf3

SHA512
fb7e224e98618cb495c7b58802a56bd89bdefaba6a23cc1003efd5e2df7b0a7f35511a39985dc1fe1ce737a6f09286a5bc09541bfb8778b21bf2c5c93d8f8f1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
063a0e99898bb17e2a651f1f7303afbb

SHA1
8a7b798031083eb31e263d3a8a50b1c971be8cf3

SHA256
bdfc2a7717fc6b5898c1cab1829790ca3fbc23cc13fc093aa99728f2156c0d24

SHA512
723fbe33435365dec74265fdd0c529d787da88f9300d2590c3b7eb0ef490a8f7d587070592ac8923fb942f69e21cac793a12f29e8e32ea56a39be24c5d8294a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
6dbf2ba01ff84c6f37f659b2383fb24b

SHA1
3c3eb9c26707e1ff5c371700dbc02c7e7ac834fc

SHA256
6666fd5ec81b36ed333221b6b806f0c409c94b7239cac88ba6c2badc1646136d

SHA512
037fd43424622207f38d899d82c7234009ed0e96f6608481f76c6fcfebe72b3a703f96d4c078c83f64e4e5ea74b1938d991b81faf56028aa5110f232002ff7a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
e00c4ad0c6958dc85976d06202daa24a

SHA1
a92983b259614deec6d1de390a675b6882ead9e6

SHA256
7a0558141d598dbd31d1d370cdfbc38662bec37611334144913fdb3bb380fe2e

SHA512
b18fb9dab3e72f8867a7c5d70c939687d33a597d5ad717b66c3907d8268fe9af231c4e5aacb6be7c6d8eb077665657e5b06660579d00451db928cce8f67028e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ae46420f416728667826534c6ddf27c8

SHA1
0e214e6db7ce79cd85206848c53378962e7250b4

SHA256
588daaa6d9f7400e79d8711c1bc9ebb719388036790fb908e6c4c4881d145750

SHA512
b0f94b7f8072e7ae49e40dbdc2d627131dcf9a9ec5c4cfc98dbfc1eec150afb3f4d0213e1d48f58fd8eba409d6ecb17ea06b43823142c0d79f28cdc071b7ccfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b886e4b54f0914572624575d7f695582

SHA1
2d734b1201e1bd077d7bc8bf70ad837f1067983e

SHA256
ef63138078ce03c503d19029b27aad189f83f28a74dfcef0d10c283d81f93352

SHA512
9d9e9156d334cfaeb9337c3e483ff0e14b63292e9ccd15d14754afd6dbaa913f18bb049c4551ff0004a42d9ef1bbc4768abefbaedc80343f7ec2211519700e6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5887015ae62f65aad5ccf5647ed32445

SHA1
3fa335a68bfcff54e2bfaf9bd4b5367417efb1f9

SHA256
760a77f8be765514a067a6c59a7b9305719d1c90235b0bacf10e962ac1fe4f11

SHA512
a6b3f20e05a650cefcc8fa92a9a9b9c1bbf67695b7afe07a2530244fddaca3203c5201a925c895e803138aa044b67fd1151941ab520c986d34f732fe7db87ab6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
11c8f1935eafad2db16d36d8533f34ce

SHA1
540e79aa02247179d72900dca2c0f007fae8b0a0

SHA256
a79f561fb09a812f9e23e72813c8b597246ecd76e8dc4cbd4434e8bccc4e6ce3

SHA512
56b11b3e0153905d5d5eb5b5368472403612ab128aa0c8ccecdf90a20a0dbeda0b1720f7b7a2a67c1775c5f9677ece3c5dea3ab03046fc0b0a8934e62d9618f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit