d536ab2f173c80b69a4b9a807e5774ccba6cc39f66c8ccaf65aa53039672c2cc

Analysis

max time kernel
31s
max time network
37s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
11-04-2024 15:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

es\palas-de-padel.html
Size

63KB
MD5

3d6c09811a7b11f049065b6262b2d3e2
SHA1

31227a2a0b93fafaf50eda8d852a4337a894bdee
SHA256

d536ab2f173c80b69a4b9a807e5774ccba6cc39f66c8ccaf65aa53039672c2cc
SHA512

2d5c31bd343de8206289316ee84219abff0b74e3a6d1b58f73f50b1803171e4eba4347ad3ca6c47eb2aa3dc2594174ed21575a79bc797c8de99dde0117bd0420
SSDEEP

1536:mAnYrPSHQemhH4mN/p+0Rn69ERqAdWoXT+9vZAOx8cGQ:mAnYrPbtxRn691A4GT+9vP

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1804	chrome.exe
1804	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 3036	1804	chrome.exe	77
PID 1804 wrote to memory of 3036	1804	chrome.exe	77
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 3288	1804	chrome.exe	79
PID 1804 wrote to memory of 668	1804	chrome.exe	80
PID 1804 wrote to memory of 668	1804	chrome.exe	80
PID 1804 wrote to memory of 1580	1804	chrome.exe	81
PID 1804 wrote to memory of 1580	1804	chrome.exe	81
PID 1804 wrote to memory of 1580	1804	chrome.exe	81
PID 1804 wrote to memory of 1580	1804	chrome.exe	81
PID 1804 wrote to memory of 1580	1804	chrome.exe	81
PID 1804 wrote to memory of 1580	1804	chrome.exe	81
PID 1804 wrote to memory of 1580	1804	chrome.exe	81
PID 1804 wrote to memory of 1580	1804	chrome.exe	81
PID 1804 wrote to memory of 1580	1804	chrome.exe	81
PID 1804 wrote to memory of 1580	1804	chrome.exe	81
PID 1804 wrote to memory of 1580	1804	chrome.exe	81
PID 1804 wrote to memory of 1580	1804	chrome.exe	81
PID 1804 wrote to memory of 1580	1804	chrome.exe	81
PID 1804 wrote to memory of 1580	1804	chrome.exe	81
PID 1804 wrote to memory of 1580	1804	chrome.exe	81
PID 1804 wrote to memory of 1580	1804	chrome.exe	81
PID 1804 wrote to memory of 1580	1804	chrome.exe	81
PID 1804 wrote to memory of 1580	1804	chrome.exe	81
PID 1804 wrote to memory of 1580	1804	chrome.exe	81
PID 1804 wrote to memory of 1580	1804	chrome.exe	81
PID 1804 wrote to memory of 1580	1804	chrome.exe	81
PID 1804 wrote to memory of 1580	1804	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\es\palas-de-padel.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcc70f9758,0x7ffcc70f9768,0x7ffcc70f9778
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1840,i,17823324607339943316,8781256037008261899,131072 /prefetch:2
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1840,i,17823324607339943316,8781256037008261899,131072 /prefetch:8
  2⤵
  PID:668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 --field-trial-handle=1840,i,17823324607339943316,8781256037008261899,131072 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1840,i,17823324607339943316,8781256037008261899,131072 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3168 --field-trial-handle=1840,i,17823324607339943316,8781256037008261899,131072 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4832 --field-trial-handle=1840,i,17823324607339943316,8781256037008261899,131072 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4532 --field-trial-handle=1840,i,17823324607339943316,8781256037008261899,131072 /prefetch:1
  2⤵
  PID:488

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
68ad0c33ebedf7ebbcaed942de2492ec

SHA1
3192ab5d963ea05fa794e1b02e0473da1d77bfb8

SHA256
99e079b70a790a641bf3ad6866f37a31330b5e3acd38bda16f13bd89cb81a82b

SHA512
758d3729ef81632cebf2938496c062a8acc1bb4609f2c973bc99a7cb6e7a2d0fba3f013c05da64d1b9a090c4915003efaf7baf994feee7c7fb40f6145f326809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
704B

MD5
683a599cbe16dc2ef9bdec41ddcbb559

SHA1
40f3e1284b8462a7cd32c3eca4b7e6c0377ff7ef

SHA256
0cf5d941540ee516d317b7ece6e67e94a3c9c338c5f5b39fbffbfe681abcedfd

SHA512
aff926da2f0d06ca61667ea82364a67163a47c2c8bb95525835a443b50b3f30c28b0ca73c54b9fafcb22852af68ef350b9534cce98a8132a6d1391de5a056d1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c56a000bc81708f0069309f7934db74b

SHA1
6e723a5ae7cc9660bf228c63953b464fc91df9d4

SHA256
10b0ca48f67c64948387cba1b2c6dfaf5e551367b002903d4fb7d480a38c6274

SHA512
466ecae1709d1fbd60c63a15054a09d5ff6e4c2bd5e3ea6a52856b68326dbfe016fb6617949041f3fb674ae86a1ca4b908e0c4b563aea63a1c7f87c8be21e242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
3d89c301e1704a2998219aeaa7cd3749

SHA1
f7305a88089f79ca65a6b5fde93f27348fc8f1ee

SHA256
7d83e693eb42dbfc871b61e7f02e6ced6d736e266cacdf298263ad12f739eab4

SHA512
682824bc21caa6f59867cadaaeb1a6736c9c2781ec0be9c09fd881c97ca2197175bedf2a6a5ce11ed58859003b6fa7679096a50e624a8e12e41c0b7388c5d4f7

Download Submit