hxxps://energisa[.]com[.]br/

Analysis

max time kernel
149s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 21:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://energisa.com.br/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133571733929798429"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2684	chrome.exe
2684	chrome.exe
2568	chrome.exe
2568	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2684	chrome.exe
2684	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe
Token: SeShutdownPrivilege	2684	chrome.exe
Token: SeCreatePagefilePrivilege	2684	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe
2684	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 3448	2684	chrome.exe	86
PID 2684 wrote to memory of 3448	2684	chrome.exe	86
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 3908	2684	chrome.exe	88
PID 2684 wrote to memory of 2744	2684	chrome.exe	89
PID 2684 wrote to memory of 2744	2684	chrome.exe	89
PID 2684 wrote to memory of 4756	2684	chrome.exe	90
PID 2684 wrote to memory of 4756	2684	chrome.exe	90
PID 2684 wrote to memory of 4756	2684	chrome.exe	90
PID 2684 wrote to memory of 4756	2684	chrome.exe	90
PID 2684 wrote to memory of 4756	2684	chrome.exe	90
PID 2684 wrote to memory of 4756	2684	chrome.exe	90
PID 2684 wrote to memory of 4756	2684	chrome.exe	90
PID 2684 wrote to memory of 4756	2684	chrome.exe	90
PID 2684 wrote to memory of 4756	2684	chrome.exe	90
PID 2684 wrote to memory of 4756	2684	chrome.exe	90
PID 2684 wrote to memory of 4756	2684	chrome.exe	90
PID 2684 wrote to memory of 4756	2684	chrome.exe	90
PID 2684 wrote to memory of 4756	2684	chrome.exe	90
PID 2684 wrote to memory of 4756	2684	chrome.exe	90
PID 2684 wrote to memory of 4756	2684	chrome.exe	90
PID 2684 wrote to memory of 4756	2684	chrome.exe	90
PID 2684 wrote to memory of 4756	2684	chrome.exe	90
PID 2684 wrote to memory of 4756	2684	chrome.exe	90
PID 2684 wrote to memory of 4756	2684	chrome.exe	90
PID 2684 wrote to memory of 4756	2684	chrome.exe	90
PID 2684 wrote to memory of 4756	2684	chrome.exe	90
PID 2684 wrote to memory of 4756	2684	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://energisa.com.br/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3b759758,0x7ffa3b759768,0x7ffa3b759778
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1884,i,17105524589189034877,9954062870503015625,131072 /prefetch:2
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1884,i,17105524589189034877,9954062870503015625,131072 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1884,i,17105524589189034877,9954062870503015625,131072 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1884,i,17105524589189034877,9954062870503015625,131072 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2868 --field-trial-handle=1884,i,17105524589189034877,9954062870503015625,131072 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1884,i,17105524589189034877,9954062870503015625,131072 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1884,i,17105524589189034877,9954062870503015625,131072 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5168 --field-trial-handle=1884,i,17105524589189034877,9954062870503015625,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2568

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
3439852b26d08ae31e14574af36aedbd

SHA1
83f86c0fcfa0b2a39c23f18e49a8275f58069c33

SHA256
30bb0729676b80eac02c95007494214507f044922e195dd114c3fe5c8f3093f7

SHA512
d5606e82609b1ab5cca5bfbc47b5dee272dbc2ec7771ddec5bd5f5a7207efc087e4452135337ffecc174a4452e0bccef16e2694c9a1993437f558735f04f7080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
96007a884c9096f1393295c7360fd2e7

SHA1
3ea1e846450350b438af22d0e997e9696f090d88

SHA256
e2f1b8908e4c842563972fb9b265878f65e880436831878ace836fd3b5734e7b

SHA512
6c2f2323a6e2cf20ff9b5152141f8e50b3d23db571a6b1259aa0af55705e727286edc42a634b47301e0a38658e1d9580f8a7bb255158d65ebe659649f754f611

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
15ef4a9cb2fe98796176d36c7eae4071

SHA1
ba5e0691e5ca5ef7c0667075038256d2211ee5ca

SHA256
b548752a18ccb3b750fff9a8beb464b02c48b2566f721c253e335c35fa8773fd

SHA512
280c6d596e899bad580658614f7f5625f04ee95d29e9899dec58af9c4e7bb5128b49e9af2746748ecb1517a5ca2f72b2d4112e48749f34832e2697d243fcd645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
587ecae54c18fb5db8ed7e9ff33bc869

SHA1
dc19e68be2339f67dcd3c9b66d78e7fd325091aa

SHA256
75a0e714253ebc4898816b16a163ac8cd1627677620a21a7207c230e2d2f7885

SHA512
848ed4ffdfbe9d5226f0660823db6028a879f3ed0ff9fd5b0749d0bdfaca1bd7da2ca70ef3390b162fe21500aaa9900a0bc8cc8f6fd8219808c3bc7755489e7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
2ca57b1ae31fc9d52c022ddbff02b2a2

SHA1
2668da7c9de4f1db2eed004ac81616d538768b93

SHA256
e5e778481bb5d9d07f8c3fc730d13bd716c95137e64248c3e6849661f5aa4157

SHA512
0434aea6d463ff50f84bdfc58ff842eb8d2c94f4ec30936fe848094bb52d028ecac8793c7f71a32c51d0356d52769caaac1d44f33e4b60387585b7a79e8ca02d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit