Analysis
-
max time kernel
299s -
max time network
287s -
platform
windows10-1703_x64 -
resource
win10-20240214-es -
resource tags
arch:x64arch:x86image:win10-20240214-eslocale:es-esos:windows10-1703-x64systemwindows -
submitted
01/04/2024, 22:10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://ftp.fajasbedivine.com/
Resource
win10-20240214-es
General
-
Target
https://ftp.fajasbedivine.com/
Malware Config
Signatures
-
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 38 api.ipify.org 34 api.ipify.org 35 ipinfo.io 37 ipinfo.io -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133564830255685507" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2032 chrome.exe 2032 chrome.exe 2704 chrome.exe 2704 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe Token: SeShutdownPrivilege 2032 chrome.exe Token: SeCreatePagefilePrivilege 2032 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe 2032 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2032 wrote to memory of 5008 2032 chrome.exe 74 PID 2032 wrote to memory of 5008 2032 chrome.exe 74 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1596 2032 chrome.exe 76 PID 2032 wrote to memory of 1500 2032 chrome.exe 77 PID 2032 wrote to memory of 1500 2032 chrome.exe 77 PID 2032 wrote to memory of 4212 2032 chrome.exe 78 PID 2032 wrote to memory of 4212 2032 chrome.exe 78 PID 2032 wrote to memory of 4212 2032 chrome.exe 78 PID 2032 wrote to memory of 4212 2032 chrome.exe 78 PID 2032 wrote to memory of 4212 2032 chrome.exe 78 PID 2032 wrote to memory of 4212 2032 chrome.exe 78 PID 2032 wrote to memory of 4212 2032 chrome.exe 78 PID 2032 wrote to memory of 4212 2032 chrome.exe 78 PID 2032 wrote to memory of 4212 2032 chrome.exe 78 PID 2032 wrote to memory of 4212 2032 chrome.exe 78 PID 2032 wrote to memory of 4212 2032 chrome.exe 78 PID 2032 wrote to memory of 4212 2032 chrome.exe 78 PID 2032 wrote to memory of 4212 2032 chrome.exe 78 PID 2032 wrote to memory of 4212 2032 chrome.exe 78 PID 2032 wrote to memory of 4212 2032 chrome.exe 78 PID 2032 wrote to memory of 4212 2032 chrome.exe 78 PID 2032 wrote to memory of 4212 2032 chrome.exe 78 PID 2032 wrote to memory of 4212 2032 chrome.exe 78 PID 2032 wrote to memory of 4212 2032 chrome.exe 78 PID 2032 wrote to memory of 4212 2032 chrome.exe 78 PID 2032 wrote to memory of 4212 2032 chrome.exe 78 PID 2032 wrote to memory of 4212 2032 chrome.exe 78
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ftp.fajasbedivine.com/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2032 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8249e9758,0x7ff8249e9768,0x7ff8249e97782⤵PID:5008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1820,i,10778621838574032524,17341705002934060946,131072 /prefetch:22⤵PID:1596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1820,i,10778621838574032524,17341705002934060946,131072 /prefetch:82⤵PID:1500
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1820,i,10778621838574032524,17341705002934060946,131072 /prefetch:82⤵PID:4212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1820,i,10778621838574032524,17341705002934060946,131072 /prefetch:12⤵PID:3296
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1820,i,10778621838574032524,17341705002934060946,131072 /prefetch:12⤵PID:4136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4716 --field-trial-handle=1820,i,10778621838574032524,17341705002934060946,131072 /prefetch:12⤵PID:2964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2908 --field-trial-handle=1820,i,10778621838574032524,17341705002934060946,131072 /prefetch:82⤵PID:4200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3032 --field-trial-handle=1820,i,10778621838574032524,17341705002934060946,131072 /prefetch:82⤵PID:936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2996 --field-trial-handle=1820,i,10778621838574032524,17341705002934060946,131072 /prefetch:12⤵PID:1888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1820,i,10778621838574032524,17341705002934060946,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2704
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2724
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96B
MD555c0b115f53133d8a9c4a53752035d2b
SHA186e928dc42ce92eec0c4d1f51d28489319b02532
SHA256d1854ca3302009caf8ea9a870627f096665b678f0bf12eac255e3310e41f92ad
SHA51283312943d3844c26d23116ed94b08d7dc7b88e205d3e363d5c17a830e13c9ec5a14ebf05ac3843615c6f01da7d88cf712b210a4ecca8291bece54270fc731f77
-
Filesize
1KB
MD5a29387cf9a964e344b05711904bf9d37
SHA19b5c6025c9095eb683c5cf095d959ba1d9fa413d
SHA256cc2eb84bb4609fdf47984485fd3859651130a36740a9e9d0a9a1b9a855c61c03
SHA512ed3509a3d90a997f8028792551d1be6252f2babd152583a2f4500aee9d51e60ed43183e5a1cbc2046de3ea2c06725af1ef82467564f07a2ce9c4cdc132ad6317
-
Filesize
706B
MD54fb39b4999f754bba514ddc36b2de672
SHA1b08695c2d0568a018adf7484b66f95cc58d2e313
SHA2569c981da798422840086dee4f7db5f423df05af5c1acbc6d625545ad1493e7979
SHA512ebec9d680369da1569ee84c63da2031a23fd17a41b865177de64a204180bcf5347deaf279472ac6da555122461898f56ca266811cc2802c95b54e45ae4791249
-
Filesize
6KB
MD5b8fd43fb88e171dd01f5ea9f339d411c
SHA138e15cc0ab05bf17f67bb8a23f35bdc9a7e8beb2
SHA256dd00a8e5cb785f0c5a54499a49cacbe5ae0300784a26d24a461c2d3052c88d28
SHA51205a584f7e44daf4e495eac3925667f82e030f31401bc00d3dc90a3f57428b0f63ac1cde51e81dd9c7148c5401346be44f73ada1a2fcaf82d4102d81cc6b84111
-
Filesize
6KB
MD51dace868bfcc0e605ab23869a9c59982
SHA1da97ab0d8afd771748c53d70ba6b04b4e5dfe6a0
SHA256b203f12d8a83f1b26675c01ea948c20601377195d7583581b196f7d9061dc11c
SHA512eaa63ae09de639746a8ab5eaace12b93a9251f28c290bf9f0b86767ad42c0b19a0d289148fadf1ac43d91530c637077a3de7b15c863209afe2fd9d7699e3df0b
-
Filesize
6KB
MD520ddf8d8a854800a726632a1ce9a75bc
SHA19a5d75e0708cacf0639430a1d485a4ce2e6f7c96
SHA256d0d9fb2e5dadce82730110c44919933f6e1c3b5719e4e248f1177eec224984ea
SHA512f565fe448d34bb9df0fd358b7978c1368b7c98920115f2b584f8bcd150d14fb4d825869fec7236672881950b5df8da864069f3339202cda99a0c018a9621b1b6
-
Filesize
254KB
MD5cd492e9f0c1e6142cf4a66e6d068a1a1
SHA1bb0b6c5e1d466f6f99d6ad11ca9128b0e85315d8
SHA256c96f7ec9c1241d161df6399dafa5231589d7287fdd89bae2537d2c4f3ba0047f
SHA5124e6c7c8fec3993075082d4001bb99c0c124534050e65120dc538ceb4bf8d722fcb3287279b0ea1c1833e1eeb00bf28def1860fcadaa50d4c711e5f5b0a96bf30
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd