Analysis
-
max time kernel
299s -
max time network
300s -
platform
windows10-1703_x64 -
resource
win10-20240221-es -
resource tags
arch:x64arch:x86image:win10-20240221-eslocale:es-esos:windows10-1703-x64systemwindows -
submitted
01/04/2024, 23:20
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://ftp.talentochocoano.com/
Resource
win10-20240221-es
General
-
Target
https://ftp.talentochocoano.com/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133564872355081651" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1280 chrome.exe 1280 chrome.exe 1516 chrome.exe 1516 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe Token: SeShutdownPrivilege 1280 chrome.exe Token: SeCreatePagefilePrivilege 1280 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe 1280 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1280 wrote to memory of 4880 1280 chrome.exe 74 PID 1280 wrote to memory of 4880 1280 chrome.exe 74 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 528 1280 chrome.exe 76 PID 1280 wrote to memory of 300 1280 chrome.exe 77 PID 1280 wrote to memory of 300 1280 chrome.exe 77 PID 1280 wrote to memory of 4796 1280 chrome.exe 78 PID 1280 wrote to memory of 4796 1280 chrome.exe 78 PID 1280 wrote to memory of 4796 1280 chrome.exe 78 PID 1280 wrote to memory of 4796 1280 chrome.exe 78 PID 1280 wrote to memory of 4796 1280 chrome.exe 78 PID 1280 wrote to memory of 4796 1280 chrome.exe 78 PID 1280 wrote to memory of 4796 1280 chrome.exe 78 PID 1280 wrote to memory of 4796 1280 chrome.exe 78 PID 1280 wrote to memory of 4796 1280 chrome.exe 78 PID 1280 wrote to memory of 4796 1280 chrome.exe 78 PID 1280 wrote to memory of 4796 1280 chrome.exe 78 PID 1280 wrote to memory of 4796 1280 chrome.exe 78 PID 1280 wrote to memory of 4796 1280 chrome.exe 78 PID 1280 wrote to memory of 4796 1280 chrome.exe 78 PID 1280 wrote to memory of 4796 1280 chrome.exe 78 PID 1280 wrote to memory of 4796 1280 chrome.exe 78 PID 1280 wrote to memory of 4796 1280 chrome.exe 78 PID 1280 wrote to memory of 4796 1280 chrome.exe 78 PID 1280 wrote to memory of 4796 1280 chrome.exe 78 PID 1280 wrote to memory of 4796 1280 chrome.exe 78 PID 1280 wrote to memory of 4796 1280 chrome.exe 78 PID 1280 wrote to memory of 4796 1280 chrome.exe 78
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ftp.talentochocoano.com/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1280 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffecbb29758,0x7ffecbb29768,0x7ffecbb297782⤵PID:4880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1764,i,15883073731821426911,16530067682259081636,131072 /prefetch:22⤵PID:528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1764,i,15883073731821426911,16530067682259081636,131072 /prefetch:82⤵PID:300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1764,i,15883073731821426911,16530067682259081636,131072 /prefetch:82⤵PID:4796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1764,i,15883073731821426911,16530067682259081636,131072 /prefetch:12⤵PID:2460
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1764,i,15883073731821426911,16530067682259081636,131072 /prefetch:12⤵PID:3424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4748 --field-trial-handle=1764,i,15883073731821426911,16530067682259081636,131072 /prefetch:12⤵PID:792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1764,i,15883073731821426911,16530067682259081636,131072 /prefetch:82⤵PID:3932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1764,i,15883073731821426911,16530067682259081636,131072 /prefetch:82⤵PID:1848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4568 --field-trial-handle=1764,i,15883073731821426911,16530067682259081636,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1516
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4720
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD586608de8d649fbe766a867cce4fe84c5
SHA1192d20c4ab433c99ecf34df2774abe3a78cf0d29
SHA256e9607fe9fed38def830de6fbfbe1625612fe6cc597efb2accb12a67c1c160208
SHA51253d23b8e386a34ff63b1303cd696c0794bea81c9a6e33eaa20aa635f448cc5a9ded15b4424ebf758c2b4c4152fff0eea002d6d1bd7995bc40e9a3474d4519f74
-
Filesize
678B
MD5e1307412586474fd0fb6e6f65148af5d
SHA1300681cfe647749177eadb01968bf34f5144f187
SHA2565b8fdfa6724c2a50f3b8878b1168f5a370021b5fd9ce428de96deb33cfa5fe14
SHA512449786e626c4c99b8c5d03903c9ffa6f0adf7c9e2603c27734c5e0703fa12dc8004550eb9a9a056a06ed1512d6958d54ce6dcf65179d4c9ec6de2ba868347807
-
Filesize
1KB
MD5a0ee615212cd4ceff97d4bc485df5dc9
SHA16e2321e3e23e395b237c89fbd43098ad0d7d8278
SHA256ae1aacd5df197a677061245f50473383748e1c00e99ad23e883cd845d42154b8
SHA5121eab2f4fa878c8e11b04c922a5dc28adc01a6b3724fe8d6bb3791b94bf1c974b916f823974a61cf057221fb1f7ae741e90bc179de5b7e61174671a4150441341
-
Filesize
6KB
MD5eb5584c3df9bdd10e09113e0fb6cec84
SHA1482931a7a5989218dd525c93d7a43914c956374e
SHA25651e3a7fa63e7bddb31e2013d0ce3189e8ca8a5a964ad12ea9f884796e5c40d10
SHA512a2d6dffda37c66a87cbdb0913cc033ea96577042bad27fefed17d7a2cbb90f9aa9c1bda0eeafc17b178fd733452df1eadf75774672dc30222a987f0491bab862
-
Filesize
6KB
MD5f925d0dadb5de04118885af04e355312
SHA10aa161183e19071bffd4fdd800609d71a3a1a67e
SHA25621daea3539574ac10f0d2fab471e826790417d6f58684f7c000dd2a05f9e6e94
SHA51228be2dea79db7bff696b847b822205a928bc81c01e366dcd6f49f095016e7a281c08e087ba28f81284566f5073de17ad0fe2b6c0115f8c029ec0a9f358b1a632
-
Filesize
130KB
MD59f77ca88a0371cce3cea9fb987146355
SHA1ef89d42ee563aa3b3b6be81813e1eced02760d37
SHA256193776ceea894da312c00436fc3b23fb472be65e494e94c994c804f4005050ad
SHA512d085b3eb3b9cf56485b0ec105a4a7c3477df25b010854ccbed4d7ea5b30c0cf84bfa0424e2cc09ebdf5ae4686faa60b9893f2a62ff59fd1e33a9cd37a7678d2a
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd