hxxps://www[.]innk[.]cl/?utm_medium=&utm_source=email&utm_campaign=Outbound&utm_term=

Analysis

max time kernel
300s
max time network
303s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.innk.cl/?utm_medium=&utm_source=email&utm_campaign=Outbound&utm_term=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133415121723263594"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2632	chrome.exe
2632	chrome.exe
552	chrome.exe
552	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 5040	2632	chrome.exe	69
PID 2632 wrote to memory of 5040	2632	chrome.exe	69
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 2868	2632	chrome.exe	88
PID 2632 wrote to memory of 3608	2632	chrome.exe	89
PID 2632 wrote to memory of 3608	2632	chrome.exe	89
PID 2632 wrote to memory of 1632	2632	chrome.exe	90
PID 2632 wrote to memory of 1632	2632	chrome.exe	90
PID 2632 wrote to memory of 1632	2632	chrome.exe	90
PID 2632 wrote to memory of 1632	2632	chrome.exe	90
PID 2632 wrote to memory of 1632	2632	chrome.exe	90
PID 2632 wrote to memory of 1632	2632	chrome.exe	90
PID 2632 wrote to memory of 1632	2632	chrome.exe	90
PID 2632 wrote to memory of 1632	2632	chrome.exe	90
PID 2632 wrote to memory of 1632	2632	chrome.exe	90
PID 2632 wrote to memory of 1632	2632	chrome.exe	90
PID 2632 wrote to memory of 1632	2632	chrome.exe	90
PID 2632 wrote to memory of 1632	2632	chrome.exe	90
PID 2632 wrote to memory of 1632	2632	chrome.exe	90
PID 2632 wrote to memory of 1632	2632	chrome.exe	90
PID 2632 wrote to memory of 1632	2632	chrome.exe	90
PID 2632 wrote to memory of 1632	2632	chrome.exe	90
PID 2632 wrote to memory of 1632	2632	chrome.exe	90
PID 2632 wrote to memory of 1632	2632	chrome.exe	90
PID 2632 wrote to memory of 1632	2632	chrome.exe	90
PID 2632 wrote to memory of 1632	2632	chrome.exe	90
PID 2632 wrote to memory of 1632	2632	chrome.exe	90
PID 2632 wrote to memory of 1632	2632	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.innk.cl/?utm_medium=&utm_source=email&utm_campaign=Outbound&utm_term=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa622b9758,0x7ffa622b9768,0x7ffa622b9778
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1844,i,563747849886188931,7198237685587139016,131072 /prefetch:2
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1844,i,563747849886188931,7198237685587139016,131072 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1844,i,563747849886188931,7198237685587139016,131072 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1844,i,563747849886188931,7198237685587139016,131072 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1844,i,563747849886188931,7198237685587139016,131072 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4856 --field-trial-handle=1844,i,563747849886188931,7198237685587139016,131072 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 --field-trial-handle=1844,i,563747849886188931,7198237685587139016,131072 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 --field-trial-handle=1844,i,563747849886188931,7198237685587139016,131072 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5148 --field-trial-handle=1844,i,563747849886188931,7198237685587139016,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:552

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
185KB

MD5
a9673bd087b4e5e2cd21862f8b7d8054

SHA1
0854f56b37b3c7c3938ebdd75a79be32c94b281d

SHA256
d4226b650de255fdc92e6ba1b89181c445fa23e82e86a1de62059ffde35081b2

SHA512
3e919945421b284915da26cd49d55db1e4c5b0530cfafec936982e2b6f400e372b98df78d1f07813a473cf9f26699e9c1ffa555904d6d2b4fc819b2c202afaba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
3de4191b26eede0dfe65da0e3e40ade5

SHA1
b44cbc90867c941564049ee40578b80f8819b52f

SHA256
15428fda0d280e109f4327a66f4b08668c8f6d5c01c5f3c1442c32da5122c8eb

SHA512
584ff40cbdd969107ddb38d8b2967573865c75a94677b4c68a6789695788bd997f00807913ebda058e6399ea120e3397c3eaa2871fe280e210c22cdde5a86662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
75f60eb1f99a1520848950fe8e44b8cf

SHA1
6c28edca7eaf4c7c5b6e686769d1649dfcf8bc73

SHA256
b0decf019b862bf54c3a41a6a8e050006ea46a824193c64a0e1f1ceb256954ca

SHA512
df31e789aeb87dbd62e7322b94f9828756952067f01df8c3128301c6f89fc58e3772879f2732cf51e24ad57bd4734c3f7ed5e42cee0aa2068ccb420f8790347f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
55ade1e1dda2874efb9cded2efb456c1

SHA1
cb00d76dcd5a67359a6728b4c0b37a81ff34438f

SHA256
7d6b885e73952846d008917a8cc6ecb744a66435067e01f3bafec69612a1ed25

SHA512
c5950f53ca73d2f24b749fcb052f9da3c719b31e25d7cb10d9f3c674a9dd1f56fc9858cdb7e95e005a96df5006684bb48e9634450054491e362b822a97e29e6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3eb25561a0ef7c3bb5becfbfa8d0fead

SHA1
56392317e0d15103e0fb0bec38a11c0ea01bf69e

SHA256
2e3fce81d3fa24b61869bebafe6eb021db70c82221ce80d1aad0e6e1a04378d7

SHA512
b570eebf68bec1dbe292da7c78fc61ae29a4882f0353abee1ae9256f4b9d2b02e90f649995cb92ce47dab8751809074dd934cbfd54294b776aaeb48ab1aaa952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a8a8c43818c178c8677cac08a22af727

SHA1
ebedf43d3554273aa38e02e0eb602b254fc20d78

SHA256
571f71fa0b14e2d2c9a4baccef26d84942c9c23f3194df890103ffaace88e2ea

SHA512
ab5ef2d4ff547edbd455253899a6f1a65a116ca154ad7d70ccc4d4d0654fece0ba6880f9a86505723a9ba788ef12eea0ce0e4c464929043551fcb71714d30674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
9db2c49be5539a5db4d2d3a5cf1317d8

SHA1
e6655f785cef3c3e52966111cc1cd980db1ef410

SHA256
58e580dbbda7f15951da8570e58b8390100ef7659ae842a0b7c61e5414f13d21

SHA512
7610f603a4f14769a00d6fe139072f4e32d085c562cb69f24f03565126c992d09d3ed9894da7bd4178e84a95e48ebb47bb3c09616e694e66fc6b21c922c58593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit