Analysis
-
max time kernel
302s -
max time network
304s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
15-03-2024 12:21
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://GRANHOTELQUINAMAVIDA.CL
Resource
win10v2004-20240226-en
windows10-2004-x64
8 signatures
300 seconds
General
-
Target
http://GRANHOTELQUINAMAVIDA.CL
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133549790761612643" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3196 chrome.exe 3196 chrome.exe 3228 chrome.exe 3228 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe Token: SeShutdownPrivilege 3196 chrome.exe Token: SeCreatePagefilePrivilege 3196 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe 3196 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3196 wrote to memory of 2816 3196 chrome.exe 84 PID 3196 wrote to memory of 2816 3196 chrome.exe 84 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 2956 3196 chrome.exe 90 PID 3196 wrote to memory of 3628 3196 chrome.exe 91 PID 3196 wrote to memory of 3628 3196 chrome.exe 91 PID 3196 wrote to memory of 4356 3196 chrome.exe 92 PID 3196 wrote to memory of 4356 3196 chrome.exe 92 PID 3196 wrote to memory of 4356 3196 chrome.exe 92 PID 3196 wrote to memory of 4356 3196 chrome.exe 92 PID 3196 wrote to memory of 4356 3196 chrome.exe 92 PID 3196 wrote to memory of 4356 3196 chrome.exe 92 PID 3196 wrote to memory of 4356 3196 chrome.exe 92 PID 3196 wrote to memory of 4356 3196 chrome.exe 92 PID 3196 wrote to memory of 4356 3196 chrome.exe 92 PID 3196 wrote to memory of 4356 3196 chrome.exe 92 PID 3196 wrote to memory of 4356 3196 chrome.exe 92 PID 3196 wrote to memory of 4356 3196 chrome.exe 92 PID 3196 wrote to memory of 4356 3196 chrome.exe 92 PID 3196 wrote to memory of 4356 3196 chrome.exe 92 PID 3196 wrote to memory of 4356 3196 chrome.exe 92 PID 3196 wrote to memory of 4356 3196 chrome.exe 92 PID 3196 wrote to memory of 4356 3196 chrome.exe 92 PID 3196 wrote to memory of 4356 3196 chrome.exe 92 PID 3196 wrote to memory of 4356 3196 chrome.exe 92 PID 3196 wrote to memory of 4356 3196 chrome.exe 92 PID 3196 wrote to memory of 4356 3196 chrome.exe 92 PID 3196 wrote to memory of 4356 3196 chrome.exe 92
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://GRANHOTELQUINAMAVIDA.CL1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3196 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d7dc9758,0x7ff8d7dc9768,0x7ff8d7dc97782⤵PID:2816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1256,i,197391016496115441,5874538157230021763,131072 /prefetch:22⤵PID:2956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1256,i,197391016496115441,5874538157230021763,131072 /prefetch:82⤵PID:3628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1256,i,197391016496115441,5874538157230021763,131072 /prefetch:82⤵PID:4356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1256,i,197391016496115441,5874538157230021763,131072 /prefetch:12⤵PID:4712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1256,i,197391016496115441,5874538157230021763,131072 /prefetch:12⤵PID:5096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4740 --field-trial-handle=1256,i,197391016496115441,5874538157230021763,131072 /prefetch:12⤵PID:5012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 --field-trial-handle=1256,i,197391016496115441,5874538157230021763,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1016 --field-trial-handle=1256,i,197391016496115441,5874538157230021763,131072 /prefetch:82⤵PID:1116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=976 --field-trial-handle=1256,i,197391016496115441,5874538157230021763,131072 /prefetch:82⤵PID:3804
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1420
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264B
MD5a3eb10fa392f3aae738ac81c94034bc6
SHA12d12cf5c95c36888de51607ce7dcc5c8c86357f2
SHA2569dddcf5aff89e24128ee778fe301872f1b55f196ae37003c38c94e75ef997a4a
SHA512164fac82e70996d38f6330351a14363e75f9edf87c595ed1885563ddb7545ddf70fce728038e5e826e74da1fb0ce6a719ae52d8d55d55cbcd775c28074b8a746
-
Filesize
2KB
MD57a4fe527fdc1c958a1a662f2bd1a1ad8
SHA1678fd11d236c977269c935bc1b964411c499e13d
SHA2569c034701512bd43f9fcb052fe1e2fe6127a28f0b50b13e1754d146bdd8014654
SHA5123b226f367b8d30d38e94c745b9087f439257af3211218ee2640a1a71e6e35f201b3f2d90aa9b3c6b1a6f30eb5438615b79b9cece2367a8f73d9e5d788d7109ae
-
Filesize
2KB
MD518e8cbd4a7d19a72f5aa247fc5cb7bda
SHA177364b82d1cae0ecf4513df67be0290253e653cb
SHA2561023f2380441d632420268cfae3537c736f2101f81724fd2987df3e3a4979288
SHA512a1353f2b8f86fa695ab66e845bcfc5699727d8763cc0a15c3124f3adab44790d8ef26a02524d9a7d7ab1af81509c7467d36ba563821350d26f9e9121127cb333
-
Filesize
2KB
MD5f7a5daeadb0bfc438f1edf488305af10
SHA15166091cf252d3fd479b1534efdc791bab4df407
SHA256f93efa9b6c4ee2896a1bc4b8baaca2e2251572d9e1b35214e03789e381894978
SHA5129eb3755a86ac388bb73de1f2649c631885435b8d6b024c6f7bcb95eab6fdc7f9bba103e186f9d1ddf274ae363861331fcfa2a0f0cfe4459359d7747950ba5b98
-
Filesize
1KB
MD5165e05c1e512e5cc157e5fbeccd5ea08
SHA11a1b064e938f22231c22327849dbf48ed0736446
SHA256dd99662e3cb38dd6297183b7e85ab38249454048432c774b66c8ce3f8c47195c
SHA5129fba21149d6f37c1b8233935f5e116eb3e49236e2388c5670863f706014a14612960292de2abbd7c61c475afb6d48cac58a259e3af5eaec0ab9fe39bbe07f551
-
Filesize
2KB
MD5b9ba204712ea978d6d69fe4d4f5ba254
SHA1ee5c1a07b2ad18abf4a7e5730bc26aa610120307
SHA256baa2b88618053edb87de47cbb18688a8fff88c6a89fdd0b9e0823962bf553d29
SHA512f7d4d00241b60f950bb9a7e5439099d97897d0b0a86cd9c9de71be30cdeb82ee2703bb12651635d7ac2c43ce42f4d7a63dc705cfd23b9d947f8ce0ca0df1a2d2
-
Filesize
537B
MD56cc064e3791078cbf6dd8c9a8bcecb9d
SHA16d87f76cfb9d183b1caa685a100dcc2f0e938f6c
SHA256f2cb07bebf6f62b65ec8588f08e6fea06ab9daf9fc46868adced8a87843adca1
SHA512e7f856b779aa86f48392e7f821c3359319bee72b3c758bc7388e0aa57f04ac7b46fd49de028edeba2833ba78e2aa9f51a36feb6d385f68973f71c6f2688d2576
-
Filesize
6KB
MD53cb3dc698f413c49e242ac9256e3dc1f
SHA1224f83b760835d3f433de9f12e75444db6d395f9
SHA256c753e2929123bec61babd66247696cdceca0c8f8d2f3d40ad9e49f979ffe9a50
SHA51209c1833b4441996f1e5e9b4573403205cf60164aa4e47a349187ae700ad50e4e245202249a50f23da4b4a2c60a262352b7e7007d7dd2949594f1dfffa104295d
-
Filesize
6KB
MD560eb3ea9434fbfc8e0799faff92f0d99
SHA1a7fceb2e355040034aa463ea0e8a2ad716d46c4c
SHA2566211161cd0a6b563cba99b754c955753535d55867ca7d78a3ce9a7f60595db42
SHA512aac0f08191d5b34c9ec940df0b9f212d4aa724b7c9d9d474c899015ad411088920b8f66c73fde996321d679695203c461bc270bb755334671202a0df51648e75
-
Filesize
253KB
MD595494fc2b75052817c0a22c92e6504c0
SHA1c8a2a9be0d8ccc0327c785433b05871d865fb649
SHA25658f89f55a9d81ce783eede0d113c04dcaf8e082c6adf1f6d651b4211b4a4fc60
SHA5122f79ef4688179dbe3725a0c9fe2707afeedaf5efc766948417d2f552d29ca210f9825ddb119bce498fbad62125173251b11e1c5e2eac61a8a26f1f53eb68e34f
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd