hxxp://esteticatermal[.]es/#amxvbmdvYmFyZGlAZGFzaGZpbmFuY2lhbC5jb20=

Analysis

max time kernel
30s
max time network
33s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 20:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://esteticatermal.es/#amxvbmdvYmFyZGlAZGFzaGZpbmFuY2lhbC5jb20=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506036022724884"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4588	chrome.exe
4588	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe

Suspicious use of AdjustPrivilegeToken 58 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4588 wrote to memory of 468	4588	chrome.exe	14
PID 4588 wrote to memory of 468	4588	chrome.exe	14
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 1780	4588	chrome.exe	39
PID 4588 wrote to memory of 316	4588	chrome.exe	38
PID 4588 wrote to memory of 316	4588	chrome.exe	38
PID 4588 wrote to memory of 4400	4588	chrome.exe	34
PID 4588 wrote to memory of 4400	4588	chrome.exe	34
PID 4588 wrote to memory of 4400	4588	chrome.exe	34
PID 4588 wrote to memory of 4400	4588	chrome.exe	34
PID 4588 wrote to memory of 4400	4588	chrome.exe	34
PID 4588 wrote to memory of 4400	4588	chrome.exe	34
PID 4588 wrote to memory of 4400	4588	chrome.exe	34
PID 4588 wrote to memory of 4400	4588	chrome.exe	34
PID 4588 wrote to memory of 4400	4588	chrome.exe	34
PID 4588 wrote to memory of 4400	4588	chrome.exe	34
PID 4588 wrote to memory of 4400	4588	chrome.exe	34
PID 4588 wrote to memory of 4400	4588	chrome.exe	34
PID 4588 wrote to memory of 4400	4588	chrome.exe	34
PID 4588 wrote to memory of 4400	4588	chrome.exe	34
PID 4588 wrote to memory of 4400	4588	chrome.exe	34
PID 4588 wrote to memory of 4400	4588	chrome.exe	34
PID 4588 wrote to memory of 4400	4588	chrome.exe	34
PID 4588 wrote to memory of 4400	4588	chrome.exe	34
PID 4588 wrote to memory of 4400	4588	chrome.exe	34
PID 4588 wrote to memory of 4400	4588	chrome.exe	34
PID 4588 wrote to memory of 4400	4588	chrome.exe	34
PID 4588 wrote to memory of 4400	4588	chrome.exe	34

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ff8533f9758,0x7ff8533f9768,0x7ff8533f9778
1⤵
PID:468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://esteticatermal.es/#amxvbmdvYmFyZGlAZGFzaGZpbmFuY2lhbC5jb20=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1904,i,11789941145373803761,14735407978148760801,131072 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1904,i,11789941145373803761,14735407978148760801,131072 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1904,i,11789941145373803761,14735407978148760801,131072 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1904,i,11789941145373803761,14735407978148760801,131072 /prefetch:8
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1904,i,11789941145373803761,14735407978148760801,131072 /prefetch:2
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4596 --field-trial-handle=1904,i,11789941145373803761,14735407978148760801,131072 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 --field-trial-handle=1904,i,11789941145373803761,14735407978148760801,131072 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 --field-trial-handle=1904,i,11789941145373803761,14735407978148760801,131072 /prefetch:8
  2⤵
  PID:4352

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
2de44beb04759a1296c2487f33ed181e

SHA1
4f2a24cef14df2360b385813c13deb70edcd76a8

SHA256
0f282ae0670491c5497c8639fc81d7b753e9cd6f8a6a826e2f0e765d94cee0f1

SHA512
095edadc22de6a157d22469303b1b06ecc2c1c5c472ad1fab332ecd8e3505de8b2fa66be379b3748b904a9c6a46373335411d7f79cf4ab4b586db23dc1e9fedc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
11998ff5e9f2ec5b802d3e4dd1c2bbc1

SHA1
4e183a655a10fc47564d6d04f869ae12143a8fe2

SHA256
d6a86549576a3188f47c28a095acb5852ec0679f7dcdabc6368cbe3d914ef364

SHA512
7a91c17d63149e2084697bbc27418fab4a9cfba5f476eaf9a5a13a10d300bbccb2147747c7c6c23ff9bfcf3329b7620a89882d65632f18d8ada225f99608ca78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fcc10d64595ab5cc5d707b97011f391e

SHA1
e8a9cbd4907c15be3cd22804126566eac0fcf256

SHA256
6954ad12ec176e1e07d193f569bc83ef22053e69868c4874d898dc064d02ca13

SHA512
1afa6946923a4b4d432dff565f868e447d21e45e27a405e69e4a3679031a08c691cb0e2e57316b262ffdb17f97a2374066385498c86fecee1657b7afaaf3b7d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
f6e42fb631d6dd1551c167855688fb91

SHA1
3608d29da00c046fdd795cfcaa0671c89942aac3

SHA256
045bbad8938167a5f195c7efb9d29c21ca2ae4f64c521be54d395d29d83a5b93

SHA512
3e5b4cdeb474f93eaf45e5afdebd9d346a490c5351ecedd93f7489c04e617cfb51e678cfa9fcbe883128fba7fbf289a97e6e0bd1a3edfc77dc85d97b5d69d489

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
872c05057f73f4e5677fb4d5de23bb75

SHA1
9eee50db52a968fcf65080d3d9593874e600f3a5

SHA256
e8b88a8d7bdf5bce7a8733e009ed3f63e70926b6c51be3e2cd3c6e592fc08215

SHA512
6de0f34963cf3a3ac27bdc5925366e58681301fc628acd1d8554363d8f3de85e01cd5a14028a117fbfeb59076a7bb127d4cac38e357076642fee662647f673b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit