hxxps://cancelar-compranoautorizad4[.]webnode[.]com[.]co/

Analysis

max time kernel
599s
max time network
596s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23/02/2024, 21:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cancelar-compranoautorizad4.webnode.com.co/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531966199281572"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3592	chrome.exe
3592	chrome.exe
344	chrome.exe
344	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3592 wrote to memory of 4808	3592	chrome.exe	84
PID 3592 wrote to memory of 4808	3592	chrome.exe	84
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 228	3592	chrome.exe	88
PID 3592 wrote to memory of 1700	3592	chrome.exe	92
PID 3592 wrote to memory of 1700	3592	chrome.exe	92
PID 3592 wrote to memory of 2100	3592	chrome.exe	89
PID 3592 wrote to memory of 2100	3592	chrome.exe	89
PID 3592 wrote to memory of 2100	3592	chrome.exe	89
PID 3592 wrote to memory of 2100	3592	chrome.exe	89
PID 3592 wrote to memory of 2100	3592	chrome.exe	89
PID 3592 wrote to memory of 2100	3592	chrome.exe	89
PID 3592 wrote to memory of 2100	3592	chrome.exe	89
PID 3592 wrote to memory of 2100	3592	chrome.exe	89
PID 3592 wrote to memory of 2100	3592	chrome.exe	89
PID 3592 wrote to memory of 2100	3592	chrome.exe	89
PID 3592 wrote to memory of 2100	3592	chrome.exe	89
PID 3592 wrote to memory of 2100	3592	chrome.exe	89
PID 3592 wrote to memory of 2100	3592	chrome.exe	89
PID 3592 wrote to memory of 2100	3592	chrome.exe	89
PID 3592 wrote to memory of 2100	3592	chrome.exe	89
PID 3592 wrote to memory of 2100	3592	chrome.exe	89
PID 3592 wrote to memory of 2100	3592	chrome.exe	89
PID 3592 wrote to memory of 2100	3592	chrome.exe	89
PID 3592 wrote to memory of 2100	3592	chrome.exe	89
PID 3592 wrote to memory of 2100	3592	chrome.exe	89
PID 3592 wrote to memory of 2100	3592	chrome.exe	89
PID 3592 wrote to memory of 2100	3592	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cancelar-compranoautorizad4.webnode.com.co/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0ae59758,0x7fff0ae59768,0x7fff0ae59778
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1860,i,6824035431640125912,13891958925701468543,131072 /prefetch:2
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1860,i,6824035431640125912,13891958925701468543,131072 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1860,i,6824035431640125912,13891958925701468543,131072 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1860,i,6824035431640125912,13891958925701468543,131072 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1860,i,6824035431640125912,13891958925701468543,131072 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1860,i,6824035431640125912,13891958925701468543,131072 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1860,i,6824035431640125912,13891958925701468543,131072 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5104 --field-trial-handle=1860,i,6824035431640125912,13891958925701468543,131072 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5508 --field-trial-handle=1860,i,6824035431640125912,13891958925701468543,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:344

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
11f9ad8a9edd6f7889c0992a586adb3e

SHA1
4b79676731be9741e6d701ec93c7ad11736e1a8e

SHA256
051bfa14446a43cd584f41985d6c8897d32c5f9757dbdd4a4db7153d7b9b7912

SHA512
7badf369356c0755c8dc7441aa55e65a476ab47c8a9b53f06da3c2a46e8d91e1c2efcc7155a73a24dcc8ed96d8b283b39f6bc3e90e27826b2bc3c23ec5844f17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b85ec417453057848383d7bbea5795b3

SHA1
156c6cd275bd107f443e8c6eac4523626f9a25ef

SHA256
e197515adae89db697a95316fa95a93024afd66d90dfcf742e8e3073bb92e8c6

SHA512
786b7261a3ce3ce775a2c2f8f5a7843751ecb59107fc2f1a5f22441ad4e5feba80a03098a987ca0f6490e53ed10f5614b9ff982c518d96f6f2924b3884b1de14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8692f1102484bf44678e47d47c790d11

SHA1
97b1e6c935766bd0fae416e633054403987a67bd

SHA256
45e436a6914860aec8f51f171b5d2a247950ebaf62a7e645d1d5c162bbc3f7d4

SHA512
097aab1c9ebbd644d4e91c8e59966243d4c22076a237f4210f7cdf33a4e9765acf7f32ab8e8d9119175abead63ab1206891ca9004d4766e9367418d542d30135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
afce3cddfcf152016f003d50c9fea9ad

SHA1
1c967e340a519a7b5fc193d3ed7112c3d897fdf4

SHA256
1c779f82e56554c994ac07b945889b713cc93a9952cf6348f46cd919d86d1ede

SHA512
b40e695c1f6c0faf2077bb7cc193b58456f5086a5a16d2d48988ae55d57d7919881417e65695fd1f51827096adde93404ce233e0d1e724b84f71f37cd9179375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
51d1fec976c8b843f0bc9daad12add13

SHA1
9da1138db4685ad8fec2894743ee8150d440c883

SHA256
f64bee0b43951ee36430437582d7e3843b5fbaf6e75b6e1704f063853dada44f

SHA512
1dd6213744315e2e00b0c5ee012be795340ee43227ada770569f56f19f289840b63f993ce2fc67020a848891fe1989aa7c7d7fe81daf412101ff17a21de12468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
72b999c624d2ad26424e02dceeb89ccd

SHA1
94df2f66912a526e98ecfce1330b6ef96b7b2bad

SHA256
02b9650918db6454ecfb229fb758c3e979e04f0eb26eb82fb8d80df2866800c0

SHA512
74529a28eca4e9028416d99249b1137055693b1324f5ee17272e3f76dceb05e67051fa1fe93198f21fbca7d2b221665e74c79dbbb60b7f9311b3e7daf36dd88e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit