hxxp://corpocredit[.]com

Analysis

max time kernel
49s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20231023-es
resource tags

arch:x64arch:x86image:win10v2004-20231023-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
14-11-2023 17:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://corpocredit.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133444553641704312"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3660	chrome.exe
3660	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3660 wrote to memory of 4540	3660	chrome.exe	83
PID 3660 wrote to memory of 4540	3660	chrome.exe	83
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 1892	3660	chrome.exe	87
PID 3660 wrote to memory of 3984	3660	chrome.exe	88
PID 3660 wrote to memory of 3984	3660	chrome.exe	88
PID 3660 wrote to memory of 3656	3660	chrome.exe	89
PID 3660 wrote to memory of 3656	3660	chrome.exe	89
PID 3660 wrote to memory of 3656	3660	chrome.exe	89
PID 3660 wrote to memory of 3656	3660	chrome.exe	89
PID 3660 wrote to memory of 3656	3660	chrome.exe	89
PID 3660 wrote to memory of 3656	3660	chrome.exe	89
PID 3660 wrote to memory of 3656	3660	chrome.exe	89
PID 3660 wrote to memory of 3656	3660	chrome.exe	89
PID 3660 wrote to memory of 3656	3660	chrome.exe	89
PID 3660 wrote to memory of 3656	3660	chrome.exe	89
PID 3660 wrote to memory of 3656	3660	chrome.exe	89
PID 3660 wrote to memory of 3656	3660	chrome.exe	89
PID 3660 wrote to memory of 3656	3660	chrome.exe	89
PID 3660 wrote to memory of 3656	3660	chrome.exe	89
PID 3660 wrote to memory of 3656	3660	chrome.exe	89
PID 3660 wrote to memory of 3656	3660	chrome.exe	89
PID 3660 wrote to memory of 3656	3660	chrome.exe	89
PID 3660 wrote to memory of 3656	3660	chrome.exe	89
PID 3660 wrote to memory of 3656	3660	chrome.exe	89
PID 3660 wrote to memory of 3656	3660	chrome.exe	89
PID 3660 wrote to memory of 3656	3660	chrome.exe	89
PID 3660 wrote to memory of 3656	3660	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://corpocredit.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc41f49758,0x7ffc41f49768,0x7ffc41f49778
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1892,i,4270666151032275305,8470939281955456578,131072 /prefetch:2
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1892,i,4270666151032275305,8470939281955456578,131072 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1892,i,4270666151032275305,8470939281955456578,131072 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1892,i,4270666151032275305,8470939281955456578,131072 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1892,i,4270666151032275305,8470939281955456578,131072 /prefetch:1
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4440 --field-trial-handle=1892,i,4270666151032275305,8470939281955456578,131072 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=1892,i,4270666151032275305,8470939281955456578,131072 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1892,i,4270666151032275305,8470939281955456578,131072 /prefetch:8
  2⤵
  PID:3556

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
a8fd709314c3c03302fb365b9dd92755

SHA1
af3736f8b3045bbda81885e45e4492fd385583dc

SHA256
22be4c21e875033e9a4a343cb51da5e8d5950002d910f31230b50a85f0855f7a

SHA512
98676315cf08e389ac5fe3df9e20ba04919543caafdcba759eb66d0db886113907de6d08461eb03f0139c88ed1fc91d1864003d177c7ba9a0cefeaecfce8cdf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4a72566e37b09dedfcd166e02366e55e

SHA1
694134327cfb32176d9f496bf88d9f130ae7c0a4

SHA256
d3723b3eb1261b09e8dd59b12a4167b7e5d001f5a333fd38887fff6d52bcd66d

SHA512
37a403add776e060f46dc394d40f4b31315b56f55ed43989c81274f595af015fedc3021c24cd0ed9700bc480adfdff4de65a0e2609ef650e80cd3033b66866c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a24d78e22697ed5c41f5e8bd1ccf15bf

SHA1
e9cd551f8bf8896e46cca351ac44b756cc6ef717

SHA256
e7b4c90e49463c4860eb9bdcce7c33bc06b10ed50b6ad35a8b8903f7f3d5bfa4

SHA512
fc3ca27d6c52fadfde2f8abccc346aa179b0f380c10471f1722bc9c10a8492d9ecda372da49264f4f668eb87268042d7e2e94c5a051bddeac6144431bffd09c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8a9019a627db5c23baabe0f4d68657f5

SHA1
31c59030210cbe9882ff82aa616d395f88bad5d2

SHA256
f913529f576da75255843b525d8d19c00094ee0a003d9dc5f24a4ec24b52b877

SHA512
142ed476f345e19168b46615775f8325ec4853bccb066df0e7344d0779de202ea41acf312102f2112020a308d9c4f82ff8434e355fdb69cf362dac8b5cd6f6a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8f7590bbaa136161e944a9b59f32251f

SHA1
f34ab18294c5e912992e3643688828f32f5bd2fb

SHA256
dc79bc7ef02e3e467847aac7741d01348da9c78601738b2952718d6a308ef49b

SHA512
ed372b125a743b8ff592482057c0d4e5a36cae71339a8a02f42d66a5783ec33f1039256cb9ef91768fbb60fe706b38c4a3b1e7cdbe01ae7af8ff2802d8dd5b50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0b60b7bdba87283c732248d3189208a0

SHA1
c80e4b765ce53b83f8ff7e2121b8ecd5a6c37943

SHA256
ae3bca856b2abfa14b627486fb3ba0abae816b74e1624746eb095b54c4151135

SHA512
c7c0fbbfa1ca6ed79a50402bb258e1855c2e692cb7badf23786e96dbe0e2a8eab3dbd922905b531d5e3abe3b21a7a4b299a488f550668615c6810a74644039f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
641cd136c39ff15b7ede13487969b1ec

SHA1
0212979054c333ceddf68f42b7d3327622774ceb

SHA256
aa9528734df2e700a9a6f105ecd796112416a6dc5742db29d3d161fd0baeb4e4

SHA512
bfc95be834bbea10895a39deb7c3f4738907b53ba98d0c65d959abf31b571c87aba43d1235d0797342d45fd42a45e44b79bf2e510b270660ee001b0522ef3b21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
af17bb14e57bfb1ba1df4cd001e36e2d

SHA1
1ddd26c1d58e4574102708ba16fe743f7061c12f

SHA256
ce9c33a5d50b2a6a26809233f981d04f0499937a3af0d50c2f021d73a88f97e0

SHA512
ce8ec3a89b4d56297e35d753ba39a615e37489d229b4382cabc4e1739f5378f23f5679de6c0ad0e84e9583b4635ecbd5e53675bc60bb45748e1e45f9d0ad437f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit