hxxp://WIZINK-ONLINE-INICIO-PTCOM[.]COM

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 07:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://WIZINK-ONLINE-INICIO-PTCOM.COM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133493449106388864"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1628	chrome.exe
1628	chrome.exe
2928	chrome.exe
2928	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 1552	1628	chrome.exe	87
PID 1628 wrote to memory of 1552	1628	chrome.exe	87
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2976	1628	chrome.exe	91
PID 1628 wrote to memory of 2780	1628	chrome.exe	90
PID 1628 wrote to memory of 2780	1628	chrome.exe	90
PID 1628 wrote to memory of 2348	1628	chrome.exe	89
PID 1628 wrote to memory of 2348	1628	chrome.exe	89
PID 1628 wrote to memory of 2348	1628	chrome.exe	89
PID 1628 wrote to memory of 2348	1628	chrome.exe	89
PID 1628 wrote to memory of 2348	1628	chrome.exe	89
PID 1628 wrote to memory of 2348	1628	chrome.exe	89
PID 1628 wrote to memory of 2348	1628	chrome.exe	89
PID 1628 wrote to memory of 2348	1628	chrome.exe	89
PID 1628 wrote to memory of 2348	1628	chrome.exe	89
PID 1628 wrote to memory of 2348	1628	chrome.exe	89
PID 1628 wrote to memory of 2348	1628	chrome.exe	89
PID 1628 wrote to memory of 2348	1628	chrome.exe	89
PID 1628 wrote to memory of 2348	1628	chrome.exe	89
PID 1628 wrote to memory of 2348	1628	chrome.exe	89
PID 1628 wrote to memory of 2348	1628	chrome.exe	89
PID 1628 wrote to memory of 2348	1628	chrome.exe	89
PID 1628 wrote to memory of 2348	1628	chrome.exe	89
PID 1628 wrote to memory of 2348	1628	chrome.exe	89
PID 1628 wrote to memory of 2348	1628	chrome.exe	89
PID 1628 wrote to memory of 2348	1628	chrome.exe	89
PID 1628 wrote to memory of 2348	1628	chrome.exe	89
PID 1628 wrote to memory of 2348	1628	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://WIZINK-ONLINE-INICIO-PTCOM.COM
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x38,0x108,0x7fffeeac9758,0x7fffeeac9768,0x7fffeeac9778
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1880,i,5863771622352496905,9535234575239650849,131072 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1880,i,5863771622352496905,9535234575239650849,131072 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1880,i,5863771622352496905,9535234575239650849,131072 /prefetch:2
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2904 --field-trial-handle=1880,i,5863771622352496905,9535234575239650849,131072 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1880,i,5863771622352496905,9535234575239650849,131072 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4564 --field-trial-handle=1880,i,5863771622352496905,9535234575239650849,131072 /prefetch:1
  2⤵
  PID:592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3900 --field-trial-handle=1880,i,5863771622352496905,9535234575239650849,131072 /prefetch:1
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 --field-trial-handle=1880,i,5863771622352496905,9535234575239650849,131072 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3196 --field-trial-handle=1880,i,5863771622352496905,9535234575239650849,131072 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2720 --field-trial-handle=1880,i,5863771622352496905,9535234575239650849,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
7c55f09f713e27ef4a94d34c1bb4c5f9

SHA1
60481a8adc695f865ba0a5a6d8c6b35fbad3b334

SHA256
fd4b7c81f867ff79bd707d6e674d7ae827362f17cf01378b66d0ba4a30317e62

SHA512
dcac329f799e1c5913c0998aa8c2fc82cb5d7f33f354973a92af6ab13781f677d8b1012f71bf57cbe6c1dfaa4b147710124aa680437b05a548e66e6c116bc5fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fe1a9eb6cbfa67ba5ddeab6db4ceca3a

SHA1
e8ac5107a1d09b743f99bb71231abb0e05e18923

SHA256
f3c0ebee0ae51dfb26eff9e0cb4ba4a0e98090e42c547d97651ba1e46e587d05

SHA512
7100c37a06eb3cc42026b6214b489503eeb8c7f195ad821030fe02386d5b1baffed4323ccb9aaf5562a57f1087bae955908be8ce3a1c4ae47b72c164de70d1b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ae8d1e59d5db47cd2d74b6b7d58a2eba

SHA1
29fcbed3b32ce0d41bfbfe65ad60b72f8e17b9b8

SHA256
3d017047729798ee113ff54968670fec353d612b6bf2c5a789d7d0a18874292b

SHA512
7519813e91d51cc2cb898c4e418ea76b2a2260c2d922345f1d5c5d7a3370c94f78797bd54d586c7156ccf2eeacdd6620bd1deebeb2ffa7745c22798ee510a8ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c34232cceb29b6d834e07dd9fd18facc

SHA1
2e45f21059597ddad7c528272917b2143e7c9a8d

SHA256
b6d82e399b376623c0acd181736ca83bcb9afb489fd1caa217bf6333dd39e796

SHA512
41bf5da49b3a024cfaafb21c36e19d0e02b838da89412edff255f5152772986e0cc8b66daebd8176e5de9d0cb52fa33ee4af761707a045460fd10ac39fb70f11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
20dff09213328367d462da098140bd56

SHA1
f0d9f8d4504b22bce0a8709eaff3423d39bab9f4

SHA256
d4be52c4f832e2ea3991c7e25cb35180e2e4a331336c988c2f79ef1480844615

SHA512
7aee0398b3d0d3f9767c3441e4c0bfa9804478281e23db37b21aef7639bf7401440629c21990b34f4cb62e99027d71601a81d6ef6e1f0dcc5b56144c33d3013c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit