hxxps://facish[.]cl/cart/tw/DH23ASIA/

Analysis

max time kernel
119s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
19-10-2023 09:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://facish.cl/cart/tw/DH23ASIA/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133421824841362023"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4576 chrome.exe
4576 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

4576 chrome.exe
4576 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4576 wrote to memory of 1096	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 1096	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 3516	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 5008	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 5008	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2740	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2740	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2740	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2740	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2740	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2740	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2740	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2740	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2740	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2740	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2740	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2740	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2740	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2740	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2740	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2740	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2740	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2740	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2740	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2740	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2740	4576	chrome.exe	chrome.exe
PID 4576 wrote to memory of 2740	4576	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://facish.cl/cart/tw/DH23ASIA/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6c449758,0x7ffa6c449768,0x7ffa6c449778
2⤵
PID:1096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1888,i,7408985787027383187,3729607782325122631,131072 /prefetch:2
2⤵
PID:3516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1888,i,7408985787027383187,3729607782325122631,131072 /prefetch:8
2⤵
PID:5008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1888,i,7408985787027383187,3729607782325122631,131072 /prefetch:8
2⤵
PID:2740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1888,i,7408985787027383187,3729607782325122631,131072 /prefetch:1
2⤵
PID:3228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2228 --field-trial-handle=1888,i,7408985787027383187,3729607782325122631,131072 /prefetch:1
2⤵
PID:3856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1888,i,7408985787027383187,3729607782325122631,131072 /prefetch:8
2⤵
PID:3020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1888,i,7408985787027383187,3729607782325122631,131072 /prefetch:8
2⤵
PID:3844

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3344

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
b126e544ab71f144929f5b386c7b7a61

SHA1
000a5d1db9cf3ac5daf163f29088fc18b3fe47bb

SHA256
390dd1b76be4f7fc1898544c8dc6fc75287f4b432d0766dfc00cbcb6dede2cd7

SHA512
95dfdb825b45d56140055c89995522ab477c742441389f8d0f7195fdb4771371a9cef70d004769e08d10410b4cbf582bd3c90c4367215a131430825069fcf38e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
49c33607355c9b1f7abf316128959be6

SHA1
36294d7d5ab1c488ba41df39985c39218ce30c1d

SHA256
1153ae7b0c7d0c2043d66b706cf067e134fd617e391684ac734391575edb7564

SHA512
0cf411665a1891e3e6d1f2e259738a772feaf459af1f2186c1ca7792655b95817ade10c942f54b336f63c025a873a03d9bf9c5e83ddcca5bba7248d46d5d0dc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
252efd0fb12294f2c0fe0b8c6e96b4ea

SHA1
67624329bc34aa8f9ee0f580fb3737570128afff

SHA256
df3efc535efe5216001a811f919381d1faa9fd2a540bbb74661a63eb057b855f

SHA512
b985a1904bb2364e9bedc5de74d34ba763d23c6fe84053832fbb750548bdfaed983fc36669baea39138621f8a6ad985ad24e912a0f8e07982805457f11e92005

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
1140f9ab129cd22e400ddf74be82b540

SHA1
5551f7f82a96dd7af092bb7106e5a9c33bede3a4

SHA256
fdd000c66055dfb961053ea7b845f4da5bb605800d4e977579472875d6619803

SHA512
4e59001edca45355c8fc1ba54578dfb029c8be59c2eec4ad900252765e7cc258988cd48b9c8d655d9142c296e4b37500210d26a29a52c183580376b5379b005b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
706B

MD5
d7b5ac7f3aa19a9753fdcef2e483a0c0

SHA1
16aa522e97a555d4b33a572bfc4cc6589bc25b19

SHA256
796451042e7f68b96e2272eb64418103c2f74aaa19573584d880917c8ea6ab19

SHA512
ada63fe2078f041b1ba2788c190b507ec0fe69754d59c5cf44e212d66568a8e83938d1acaa6896296328e78aa1c4e2394d8e8d59802f51559f32f3fd474ec4c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
5b604e88aabd1da13f86e6a36d66036d

SHA1
40bf5c7885edcf1c47c2238249743c98bbc36cbe

SHA256
1f4ebbd4aeaba5d4d1580103b686b0af570adc690653f2bfbff70a1ff38e2eba

SHA512
e44fa3d2b796b34f02be96fda200f8f908c8178563337e765be24dd1775b9de831e429398106a1bd5803f144feced843962331b79ce713e5ae2255c75aaa18ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e2cd3d116f090c1f81717249a470f299

SHA1
de59906b3d5acae4ee5fb54727dc204465322b2b

SHA256
9940a7002ff476c312981c19164ae62351bc514c3ed980b66f4f66bc31c15e90

SHA512
24040a65760af45c24dddad3c24273a05ae815bb51b1157f6e6b45791c91c54dc80f60345c295b7bf14116da1abb4bae46e6899056b9413151fa681d7fb94013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
101KB

MD5
c8033037c642627fb542e844f9680c63

SHA1
4232462dac8d4282488e60da61ec5a6a9b09b95e

SHA256
7f7a90e8584c970030dfe7d3bb43643e3db30f3f8991b2622d22efbe34bee19d

SHA512
d51053652776e780e6d7c87309a3e9769cfe22e1cdba7e3df99d228fcd83702486c6a74e769246aaf1af6799de3614eac3879e2637c5ef65368ad2409dc06a33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4576_ZCHGYTQINAMVDEVG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit