hxxps://54evuwhv[.]forms[.]app/solicitud-informe-reclamos-internacionales-midinero-

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 15:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://54evuwhv.forms.app/solicitud-informe-reclamos-internacionales-midinero-

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133547323384655147"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3252	chrome.exe
3252	chrome.exe
4836	chrome.exe
4836	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe
Token: SeShutdownPrivilege	3252	chrome.exe
Token: SeCreatePagefilePrivilege	3252	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3252 wrote to memory of 1424	3252	chrome.exe	87
PID 3252 wrote to memory of 1424	3252	chrome.exe	87
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 4516	3252	chrome.exe	89
PID 3252 wrote to memory of 780	3252	chrome.exe	90
PID 3252 wrote to memory of 780	3252	chrome.exe	90
PID 3252 wrote to memory of 2308	3252	chrome.exe	91
PID 3252 wrote to memory of 2308	3252	chrome.exe	91
PID 3252 wrote to memory of 2308	3252	chrome.exe	91
PID 3252 wrote to memory of 2308	3252	chrome.exe	91
PID 3252 wrote to memory of 2308	3252	chrome.exe	91
PID 3252 wrote to memory of 2308	3252	chrome.exe	91
PID 3252 wrote to memory of 2308	3252	chrome.exe	91
PID 3252 wrote to memory of 2308	3252	chrome.exe	91
PID 3252 wrote to memory of 2308	3252	chrome.exe	91
PID 3252 wrote to memory of 2308	3252	chrome.exe	91
PID 3252 wrote to memory of 2308	3252	chrome.exe	91
PID 3252 wrote to memory of 2308	3252	chrome.exe	91
PID 3252 wrote to memory of 2308	3252	chrome.exe	91
PID 3252 wrote to memory of 2308	3252	chrome.exe	91
PID 3252 wrote to memory of 2308	3252	chrome.exe	91
PID 3252 wrote to memory of 2308	3252	chrome.exe	91
PID 3252 wrote to memory of 2308	3252	chrome.exe	91
PID 3252 wrote to memory of 2308	3252	chrome.exe	91
PID 3252 wrote to memory of 2308	3252	chrome.exe	91
PID 3252 wrote to memory of 2308	3252	chrome.exe	91
PID 3252 wrote to memory of 2308	3252	chrome.exe	91
PID 3252 wrote to memory of 2308	3252	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://54evuwhv.forms.app/solicitud-informe-reclamos-internacionales-midinero-
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3dee9758,0x7ffd3dee9768,0x7ffd3dee9778
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1848,i,1936289028985747832,840025253641441053,131072 /prefetch:2
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1848,i,1936289028985747832,840025253641441053,131072 /prefetch:8
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1848,i,1936289028985747832,840025253641441053,131072 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1848,i,1936289028985747832,840025253641441053,131072 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1848,i,1936289028985747832,840025253641441053,131072 /prefetch:1
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4872 --field-trial-handle=1848,i,1936289028985747832,840025253641441053,131072 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 --field-trial-handle=1848,i,1936289028985747832,840025253641441053,131072 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1848,i,1936289028985747832,840025253641441053,131072 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5256 --field-trial-handle=1848,i,1936289028985747832,840025253641441053,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4836

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a20072bbd3fac2f126e44ac58b0750c6

SHA1
0a8fa9515ce2d204ca8c3c95deccbf7aabff1366

SHA256
0dbdea5210dd9e22e453c9ee436c453e7b0758c9bdba8402d513b5e66ff2c83e

SHA512
43e3ce5ecbe7520096989c0bca54b718b6b2e560f8387d1875781f77179240745385f13f7115f875a21986708aaf6a14889c63a8848b53ad500918cffef159da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3500f3577ed87d459903ef762d735915

SHA1
6577d9e9322cf42e8fa873ba03f5006c91465fee

SHA256
d801a8a9b51858a769376ceda2d93cf55dd647294d7d47cd659c11672d6c744d

SHA512
1f8871557d1c64b9c1031eeed110360cc5f56a1c1b6295ef968cb5cdef02ea52594302e14114b691bb6648f67fdcde7a01f1d2b18be9e188a94a15baccd7fefb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5e05d6d112c8c76def4dba61361462f9

SHA1
97fa73505bde3aa6c375a9ddc78892e6d15e16be

SHA256
25159c61a98a975da654eb0e0af087b7f90433f7b812b1acbb6267414a67fef0

SHA512
486e155df7bc75b5df8d215011ab4964eb3ebbe33331cffde07ec453628722bdf7519801027205ed83fc0076cb1fe005df220da564f277ab1dc3b4843904ae6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ab74d122e63f7e06ed1e03fddb5ea8fc

SHA1
d29aad3e781f89f15a33c152d3c1a90460288f85

SHA256
fc19869ca414ca64e3965606d9a457afe3f910037ab8f037b983e666b6f8ec13

SHA512
4b3993ea8f78127b6ce93cc3d4062e1c1315196b8f027d700256267a8e8291254bcb6bc651794f64b4c203c4f79f74445fae64ebc0d4bb287cec729dcae7ec92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a11836c76e5e0969d9258307ae7ba636

SHA1
7792027aa8eedf38a2673df06fb907c5831101f7

SHA256
0904df5d3b86c8a8bc74f9a7f3308263d78cfff78df94a33c246ec3f78761e2a

SHA512
d8b93b5217054977534297b8a86187aec64c03e9e7be8c59b5f128e8bfdfc8d3d6b3ee1e06caab8be771cf4f02bc1c9e54b6a5caa4530514e7018c9b432b140c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7e381c642d1b892e3f6ae41d95bfc057

SHA1
6a86bdd0ed5b4713ea5a4fd2fbd9d120136207a9

SHA256
f0ae9536f597954922514f869110548e26e67cfb10e5a30a55fa921e96a43a9d

SHA512
d1149139cfe1b1f49321ab5732344035b1ab52bbf7f12c9f9f63b193bb2304e9354ae36877bad5d6faff2b94bfaf9c8c77928baebe91a36641addfd94b9545d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
d46032ccd192ee4145031560c2992f0f

SHA1
18dc683e40baa57525b9e0e224d8f2a24ecce92a

SHA256
399f6d15e4e69f837ebb7a26459d86f78c752a78b1316aec0d53b11894425a4b

SHA512
098de953933cbf03f0952cf137d554a4aa1c89cae3177f08cf3ccdc05e38154a690aad5b7c96988cbeca8dc0ea6bc0a7694e612c5521daf44d312209ce71bd8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit