hxxp://MEDIOLANUM-SOPORTE[.]CO

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231023-es
resource tags

arch:x64arch:x86image:win10v2004-20231023-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
13/11/2023, 08:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://MEDIOLANUM-SOPORTE.CO

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133443395361432518"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1000	chrome.exe
1000	chrome.exe
3916	chrome.exe
3916	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1000 wrote to memory of 2268	1000	chrome.exe	84
PID 1000 wrote to memory of 2268	1000	chrome.exe	84
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 228	1000	chrome.exe	89
PID 1000 wrote to memory of 1500	1000	chrome.exe	87
PID 1000 wrote to memory of 1500	1000	chrome.exe	87
PID 1000 wrote to memory of 2180	1000	chrome.exe	88
PID 1000 wrote to memory of 2180	1000	chrome.exe	88
PID 1000 wrote to memory of 2180	1000	chrome.exe	88
PID 1000 wrote to memory of 2180	1000	chrome.exe	88
PID 1000 wrote to memory of 2180	1000	chrome.exe	88
PID 1000 wrote to memory of 2180	1000	chrome.exe	88
PID 1000 wrote to memory of 2180	1000	chrome.exe	88
PID 1000 wrote to memory of 2180	1000	chrome.exe	88
PID 1000 wrote to memory of 2180	1000	chrome.exe	88
PID 1000 wrote to memory of 2180	1000	chrome.exe	88
PID 1000 wrote to memory of 2180	1000	chrome.exe	88
PID 1000 wrote to memory of 2180	1000	chrome.exe	88
PID 1000 wrote to memory of 2180	1000	chrome.exe	88
PID 1000 wrote to memory of 2180	1000	chrome.exe	88
PID 1000 wrote to memory of 2180	1000	chrome.exe	88
PID 1000 wrote to memory of 2180	1000	chrome.exe	88
PID 1000 wrote to memory of 2180	1000	chrome.exe	88
PID 1000 wrote to memory of 2180	1000	chrome.exe	88
PID 1000 wrote to memory of 2180	1000	chrome.exe	88
PID 1000 wrote to memory of 2180	1000	chrome.exe	88
PID 1000 wrote to memory of 2180	1000	chrome.exe	88
PID 1000 wrote to memory of 2180	1000	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://MEDIOLANUM-SOPORTE.CO
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff88f3d9758,0x7ff88f3d9768,0x7ff88f3d9778
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1884,i,11140887231175320147,5005020515920430792,131072 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1884,i,11140887231175320147,5005020515920430792,131072 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1884,i,11140887231175320147,5005020515920430792,131072 /prefetch:2
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1884,i,11140887231175320147,5005020515920430792,131072 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1884,i,11140887231175320147,5005020515920430792,131072 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4068 --field-trial-handle=1884,i,11140887231175320147,5005020515920430792,131072 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3212 --field-trial-handle=1884,i,11140887231175320147,5005020515920430792,131072 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1884,i,11140887231175320147,5005020515920430792,131072 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1884,i,11140887231175320147,5005020515920430792,131072 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4120 --field-trial-handle=1884,i,11140887231175320147,5005020515920430792,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1600 --field-trial-handle=1884,i,11140887231175320147,5005020515920430792,131072 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4116 --field-trial-handle=1884,i,11140887231175320147,5005020515920430792,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3240 --field-trial-handle=1884,i,11140887231175320147,5005020515920430792,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3916

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4c565f1b7f58f6cb1140a447e3633f01

SHA1
88c427b51dfbe11c0e2c2bae43c9277d38e57d86

SHA256
e1b802969080d902688df8a2a377fdc0014989bab2f8a3664ee2c2cb85a71837

SHA512
d8d0a3dceb3f632a4aed0dfc912695dd0d4fb7ff202d270d0db510d86d3f77c166030f8d40aaae3ee28f768398a2d6c579d258d65ebb078691d93c3ccde0375e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5aa11900a4e390b06206babcd95b32c6

SHA1
acb7ee85fc3378aafdcb42e6c3b3ca56cf746823

SHA256
5bb72234aff7086dfc892fff1ba65b7a22ab0aba528d948724d54358d4f270af

SHA512
010af54094720620a6a72f443fcf79617a1cd5ed7f8bf2d067adcb0cd8adb6a005369ae6cf9f7f5a2cdc9b96ba7ed9830d0bfdbc17ef65d1edd85e1bfde91837

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6e007a04dc62d0843cc62bd39821cef0

SHA1
87b03201faaaabccdd8f701153190ef90ba687e3

SHA256
0982bf7e582a98ecb3d4aceae434d95ff647126db9c93aadaa203c84b252af98

SHA512
0c8495f46a2b42e45ed2a2eb3b73ad2e6f778ecbae5a0456bdbff887ea28b7c910e1a56536a24de90ab3d248678cf9ba7493f09dc3d38d2901c4876430a7f759

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
3b582e7480193120ce136a83f0ba4bbf

SHA1
77a448859413e36f62df608cfc9c05275f674367

SHA256
cce2c0ab49bc1e85745ef65f17467270f19b9cb0de02315e8102405693065eb3

SHA512
96e471fb6f45e38a879fbd5bac15e070f8b35eacffbd721e6984d015f4a38b2cbca746083f18e79ce07f7c1b25517cc8152a00ee3b575f5d851c32c09d44b01a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit