hxxp://ingresodeusuarios[.]mobi

Analysis

max time kernel
1s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2024 14:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://ingresodeusuarios.mobi

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4336	chrome.exe
4336	chrome.exe

Suspicious use of FindShellTrayWindow 17 IoCs

pid	Process
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe
4336	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4336 wrote to memory of 720	4336	chrome.exe	14
PID 4336 wrote to memory of 720	4336	chrome.exe	14
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 3752	4336	chrome.exe	33
PID 4336 wrote to memory of 4464	4336	chrome.exe	32
PID 4336 wrote to memory of 4464	4336	chrome.exe	32
PID 4336 wrote to memory of 4928	4336	chrome.exe	28
PID 4336 wrote to memory of 4928	4336	chrome.exe	28
PID 4336 wrote to memory of 4928	4336	chrome.exe	28
PID 4336 wrote to memory of 4928	4336	chrome.exe	28
PID 4336 wrote to memory of 4928	4336	chrome.exe	28
PID 4336 wrote to memory of 4928	4336	chrome.exe	28
PID 4336 wrote to memory of 4928	4336	chrome.exe	28
PID 4336 wrote to memory of 4928	4336	chrome.exe	28
PID 4336 wrote to memory of 4928	4336	chrome.exe	28
PID 4336 wrote to memory of 4928	4336	chrome.exe	28
PID 4336 wrote to memory of 4928	4336	chrome.exe	28
PID 4336 wrote to memory of 4928	4336	chrome.exe	28
PID 4336 wrote to memory of 4928	4336	chrome.exe	28
PID 4336 wrote to memory of 4928	4336	chrome.exe	28
PID 4336 wrote to memory of 4928	4336	chrome.exe	28
PID 4336 wrote to memory of 4928	4336	chrome.exe	28
PID 4336 wrote to memory of 4928	4336	chrome.exe	28
PID 4336 wrote to memory of 4928	4336	chrome.exe	28
PID 4336 wrote to memory of 4928	4336	chrome.exe	28
PID 4336 wrote to memory of 4928	4336	chrome.exe	28
PID 4336 wrote to memory of 4928	4336	chrome.exe	28
PID 4336 wrote to memory of 4928	4336	chrome.exe	28

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd67a49758,0x7ffd67a49768,0x7ffd67a49778
1⤵
PID:720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://ingresodeusuarios.mobi
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1884,i,5134836166363326222,11756142790408098615,131072 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1884,i,5134836166363326222,11756142790408098615,131072 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1884,i,5134836166363326222,11756142790408098615,131072 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1884,i,5134836166363326222,11756142790408098615,131072 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1884,i,5134836166363326222,11756142790408098615,131072 /prefetch:2
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4964 --field-trial-handle=1884,i,5134836166363326222,11756142790408098615,131072 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3288 --field-trial-handle=1884,i,5134836166363326222,11756142790408098615,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1884,i,5134836166363326222,11756142790408098615,131072 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 --field-trial-handle=1884,i,5134836166363326222,11756142790408098615,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3792 --field-trial-handle=1884,i,5134836166363326222,11756142790408098615,131072 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4620 --field-trial-handle=1884,i,5134836166363326222,11756142790408098615,131072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3956 --field-trial-handle=1884,i,5134836166363326222,11756142790408098615,131072 /prefetch:1
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1884,i,5134836166363326222,11756142790408098615,131072 /prefetch:2
  2⤵
  PID:1264

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
584f1b015bb4458e9a497130669a8334

SHA1
d4128d2e83caf780faff6dfde176f3212b89b6fc

SHA256
6e06ba432550638dbecc875256c8cf4b1dfabab26ee006fd9dd7e2652c2d1a27

SHA512
81e298ba08170bfe721109c13be0bf13d5cf2f1483fe5efa120ffa83ee5e2308b557cf14805f4ce67fb059eacd77002d84265fcf66325736160b02f9bc495088

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
638928d7a62da2bec860a65ea8e5427b

SHA1
0fa4c926cb540a123da4ac837589fca9c8f9abb3

SHA256
f5010b6142adac4e137728d817c401d22415a53722696dfdc0e4dcd46eb8b478

SHA512
40d67802421edb1006f8db3652c574d115fcbbffe32da80431847a01d31d4a2ccd0d75a7c33dea06e35e9c64d53a796ef3fb13c0cdc69405ccf1bb4418f05ac8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2de6bde4c83c08c7b55d36e5c348e1ec

SHA1
4a9091d380cc9cce8993c8e924144021b709576f

SHA256
71f6d53b9cd7e7ee2fb7e2707e696d90d5ea044465cff2d9d2cc351afb42f459

SHA512
b33641cb0c9445c5885620d6488b7e77b06d7ef0d1a22010a8b345ba80eb75e5997195ce4c52ea8f3283507e66d452c817faf39ddc14c811dcf2e979d6dc76f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
9KB

MD5
6f96c9926db579f13dcac6cd8d1c2ba6

SHA1
0e67dbc85617a881cc5dc8253f18de2903a0905d

SHA256
f12ba2691a6d50018aaec105d7a653ad870755043d0c33b1072a52e30fcb3e7a

SHA512
df49becdd85f4ea2d145ae67ddbe50150c4a84c65a16bfe8faca3a4b8c975bb0647f1648c0e1a42dcc2fa96156f3c43064d0e4780948937dca0b6a6a7abb68fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit