hxxps://www[.]terabox[.]app/spanish/sharing/link?surl=V5vnCHDVo9MA7YQoEPt-5g

Analysis

max time kernel
151s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231023-es
resource tags

arch:x64arch:x86image:win10v2004-20231023-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
19-11-2023 00:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.terabox.app/spanish/sharing/link?surl=V5vnCHDVo9MA7YQoEPt-5g

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133448274191870709"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2188	chrome.exe
2188	chrome.exe
2616	chrome.exe
2616	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2188	chrome.exe
2188	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeCreatePagefilePrivilege	2188	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2412	2188	chrome.exe	42
PID 2188 wrote to memory of 2412	2188	chrome.exe	42
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4152	2188	chrome.exe	87
PID 2188 wrote to memory of 4704	2188	chrome.exe	86
PID 2188 wrote to memory of 4704	2188	chrome.exe	86
PID 2188 wrote to memory of 2612	2188	chrome.exe	88
PID 2188 wrote to memory of 2612	2188	chrome.exe	88
PID 2188 wrote to memory of 2612	2188	chrome.exe	88
PID 2188 wrote to memory of 2612	2188	chrome.exe	88
PID 2188 wrote to memory of 2612	2188	chrome.exe	88
PID 2188 wrote to memory of 2612	2188	chrome.exe	88
PID 2188 wrote to memory of 2612	2188	chrome.exe	88
PID 2188 wrote to memory of 2612	2188	chrome.exe	88
PID 2188 wrote to memory of 2612	2188	chrome.exe	88
PID 2188 wrote to memory of 2612	2188	chrome.exe	88
PID 2188 wrote to memory of 2612	2188	chrome.exe	88
PID 2188 wrote to memory of 2612	2188	chrome.exe	88
PID 2188 wrote to memory of 2612	2188	chrome.exe	88
PID 2188 wrote to memory of 2612	2188	chrome.exe	88
PID 2188 wrote to memory of 2612	2188	chrome.exe	88
PID 2188 wrote to memory of 2612	2188	chrome.exe	88
PID 2188 wrote to memory of 2612	2188	chrome.exe	88
PID 2188 wrote to memory of 2612	2188	chrome.exe	88
PID 2188 wrote to memory of 2612	2188	chrome.exe	88
PID 2188 wrote to memory of 2612	2188	chrome.exe	88
PID 2188 wrote to memory of 2612	2188	chrome.exe	88
PID 2188 wrote to memory of 2612	2188	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.terabox.app/spanish/sharing/link?surl=V5vnCHDVo9MA7YQoEPt-5g
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeedb39758,0x7ffeedb39768,0x7ffeedb39778
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=1956,i,6741550295770095209,8671534192991284450,131072 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1956,i,6741550295770095209,8671534192991284450,131072 /prefetch:2
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1956,i,6741550295770095209,8671534192991284450,131072 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1956,i,6741550295770095209,8671534192991284450,131072 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1956,i,6741550295770095209,8671534192991284450,131072 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1956,i,6741550295770095209,8671534192991284450,131072 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1956,i,6741550295770095209,8671534192991284450,131072 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4700 --field-trial-handle=1956,i,6741550295770095209,8671534192991284450,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2616

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
a71cd6d0ef2091eeb65894ad9f6e0b7b

SHA1
56d664b1aedfcff47a350f5448edf20b10b651c0

SHA256
95c30fd56011277d3132480a0551e76ee9490482afde27a3618f9010091cfe5b

SHA512
9eaf930752f3121adfa981cf038367f30603911713f920f1c48639995eeed4a5374acfe9f3ae67cab56ff591bfd626247e24e4721689d7bc6a759340750d31ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
68d08dad8b193fac66a6183e2019b7c7

SHA1
0a7282dcab52ff048a59196c79c9823b36c6f14a

SHA256
6c7c2defb958b94d4e36cea6ee93a285aa49bb5b29f409bb44c9f60bdb6c1896

SHA512
096ae572e3f946ea8cd0b4031607166c7f6f54451689722ed32bef3d6233ff56adbb5d8bee1d557bc0b3c7322e0a45062593de7ca070549a97e147db1c44b063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2588bd381f3bc0f6df21b4e90c020648

SHA1
34ba290b7097c854f4b415a4314990fbb1dc540f

SHA256
7b75566df76d7e57038c83a9778eee260d8f83f8c5f55c7cf291335d64261080

SHA512
ef4460c01285d654bba3dab764d2ad9b74711cba1b6a6b0debef0af052e0724a620ce3da135739cbc296738e3cf52ed019f173d60675535104d24a40ca8b3b69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b3d0ae4a396a720ed40f595ac2bcb6f4

SHA1
337f5715a82c955ce163be6c6e447aa7a53f44d8

SHA256
8f56f2deb52c307e4318df12509d79527c00cff341ce43ca980b456607ab489d

SHA512
33d80bd47cd241bc198cf966a1512c08e04c73b4ea8c7d2c75b3ba8922f72f5425e9b0c010df742e531ecd83a97f1fe9875aad9dc1a1d40ff45231482c4c98f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e6f78b29da54cf5184f1428bcd41dbd2

SHA1
3e879fa9b3f159432cce7857f744b7be040ec825

SHA256
0b0daafcc1b7dd89e83f72fcd3eed56d4075f2f76c89adaed3d1a6354ffac873

SHA512
ed54211cfc6fa36a3195037888e3cde46426ff11616ee175bf5f135218e093135979fd76f2ec2078cdd0bb188cc7fa92100970b0e503a8146e98ef9b609805b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3e651c249cbfbfcf5ec900671a33caf8

SHA1
872b66a85b9eac5f72b1792149278781a6ff5ac8

SHA256
d1816ec7530b3bbab0b5ec16b924843e4718564f283f0683dd91ad1508cbc87d

SHA512
8bc51b5cbc00a4078315ce95b8721db671e4f24c9ab9483f5b0c34a305c2a047d73f5567d5d1ce0bff072a9c26368662bc5a19c8df33e83151791f2371244316

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
18b5b30b56aff434c45e396732f9eefe

SHA1
2df00ea48589b8ebc3a918e01864d2a1c63ba831

SHA256
68a8340a2f2a717e87e47fcbddb52d05e91d7f9e287cc841b496d20c39a945c0

SHA512
394c6805d74600485f2a785a82a97e4aef6bc5fb27e7ba38b2f2c51854261eac679476d4b6d708da8470e3e5e9f437f188a56daef3e4bed9b199ae4d6b869447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
bb42e8af4d226d8d5251d9c8c200684c

SHA1
f2f271cc6daf0d9afb3a5f11aeb78cd2d5b132ae

SHA256
a472c1c08b8e7179acaa74c5c9712131853972445785e7465f84fe29a59bc033

SHA512
e82863a5da8ec2a1bec8ba170ff62c14bc85b231c3217e7fe5860982321d4f40ab6529f38ccf6c7d3fc8bb4afdbb75befb9aa6de293ad0c62f8f21eb9dc634f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit