hxxps://www[.]marketingdirecto[.]com/marketing-general/eventos-y-formacion/creathlon-anuncia-seis-primeras-cabezas-cartel

Analysis

max time kernel
119s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 12:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.marketingdirecto.com/marketing-general/eventos-y-formacion/creathlon-anuncia-seis-primeras-cabezas-cartel

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133579182439637245"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3844	chrome.exe
3844	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3844 wrote to memory of 60	3844	chrome.exe	84
PID 3844 wrote to memory of 60	3844	chrome.exe	84
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 3584	3844	chrome.exe	86
PID 3844 wrote to memory of 2724	3844	chrome.exe	87
PID 3844 wrote to memory of 2724	3844	chrome.exe	87
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88
PID 3844 wrote to memory of 2468	3844	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.marketingdirecto.com/marketing-general/eventos-y-formacion/creathlon-anuncia-seis-primeras-cabezas-cartel
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe33a4ab58,0x7ffe33a4ab68,0x7ffe33a4ab78
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1836,i,10919833271713169693,13848588404372227538,131072 /prefetch:2
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1836,i,10919833271713169693,13848588404372227538,131072 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1836,i,10919833271713169693,13848588404372227538,131072 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1836,i,10919833271713169693,13848588404372227538,131072 /prefetch:1
  2⤵
  PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1836,i,10919833271713169693,13848588404372227538,131072 /prefetch:1
  2⤵
  PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4372 --field-trial-handle=1836,i,10919833271713169693,13848588404372227538,131072 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4420 --field-trial-handle=1836,i,10919833271713169693,13848588404372227538,131072 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1836,i,10919833271713169693,13848588404372227538,131072 /prefetch:8
  2⤵
  PID:1516

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
b042537772df624e9c275a43ab0551ab

SHA1
9934e5b739bdee273057e42297f17de5bfa38c45

SHA256
cddbaba3664bc91e7372948a051867d997b9417e98e13f3f3ff0868bf0573848

SHA512
aa7fb8dec941d4d83ea89f2c8b5ab97f3fa2170b5b118280afed0c6fe549a39e7af8671c1c4c6049f9643d1067fa23cd093a163591e863edb51509b4f7425322

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
fe84a0f3c8281b493c72c3adb05b7c00

SHA1
34472901de8ea7a89509656e299613f66b5f0814

SHA256
48c8ec50160206f357860b808642fc64966f4562dbc4bcd24d15d9004f4bdd0a

SHA512
b63c10b00421cf4515b30e27c4522a21b9a3437fab4d61f4da425094cd0daa0cf976e7fbd9aae9ee6bac96b6a8435f5fbfdfcb380918f3b13ae3d3ac8a547c69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
688B

MD5
563123c80b814d7deea0e1e5e5fddf7e

SHA1
84e9bd2f9d867937278406227aea009ad01d1f13

SHA256
15e09d2e444d1240429567d3c2667be774eb0d578dba484b095e31767ccec546

SHA512
b4eb4ba42a1e71a6c69ee83392b7399c89c483c3f2ce4bc9838847e92ef43b40025af2ef1c9b92cd5adecd39f8cb93c004cf5eedc171e4707f6c596ef0c1075c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
855B

MD5
2a62a4def0afc4663acfb9c8ba87a659

SHA1
56f74b581a513c83e055d542bdcb0be4236cd87e

SHA256
991256420c3e451f5f0d1f8ea9ff91997a45b2215b628416ebca1d9ba4671104

SHA512
afbb305a595b8a48fc128c908ccbbc85a0770072b9a49f52e42b09b1e3f2c87d72f5476acf0dc69dc8f58ea12e0ae6d57d9b5be24fe3dcd969f58df3835293d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b0d19cd4a1ad7c81569b9f7cbed799f5

SHA1
e4259e5084859fadfbcf66b3d3bd3b33cac600c3

SHA256
fb12d41d1bfed752120ff1d7d46ea847b78ab8ae7291cbb6a48ed8861713b62a

SHA512
7b605456d21d6af519300357b04df2126762f3321c62947d537419a36b185878a56ce047f061d6e6102a86acd60583fa1196f790a6b60cf4aabf35878644b305

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2dc9d351303c66e2a00eb61b4ee288e3

SHA1
cce2bc630d5f52296ec2147cb69a70d8196bef03

SHA256
50086c07164ea56656ec98b68d40ba2a74d3b696b273b335e205672427228b6b

SHA512
aace576069fdbf4ea8d51789a21e1ece2d1c9fffe44d4c806db69f34cb583521dd51be67e60dc75b791221a0f0212e165340ce27fc87244b2500ebd1f30de378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c7d4.TMP

Filesize
48B

MD5
0d580a0355f99f8b8bfad8f11b1383b4

SHA1
67f48d474ca1b77766f5adc60c6cf35ed5d7f605

SHA256
1b277570d5fa80ea6ef862975d9fc0970f4dd046ce1a6d8c9afcb1885ab1308a

SHA512
df59f2da389e354254f958ced734813f20b5b852d5ff7b504b6285bf691ee7aacdac299e23ba435de006a356a57d937ab3c52858b928aba32343f4350d485495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
82722c28ac9e93f071e98f04a72830f0

SHA1
a56d952e9f5ecccd2eee4c3f755004c5a6b42e25

SHA256
f9eeb9cc296ed1855315a6518c85bcf2f94a47f949730eb9af1a0e263b089db0

SHA512
a1abcabe2395f2e969cef50afd6ab51e14c8ec60012080166cb6c23a59c772bc758c65d0e75c24a6a2450658cda7ec86f62d2b99c3843a0cfa032245babc9c69

Download Submit