hxxps://aplicativos-test[.]bancodecorrientes[.]com[.]ar/%3Cscript%3Ealert(%22xssTESTBANCO%22)%3C/script%3E

Analysis

max time kernel
1800s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://aplicativos-test.bancodecorrientes.com.ar/%3Cscript%3Ealert(%22xssTESTBANCO%22)%3C/script%3E

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133586059070457483"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4848	chrome.exe
4848	chrome.exe
1924	chrome.exe
1924	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4848	chrome.exe
4848	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 5076	4848	chrome.exe	87
PID 4848 wrote to memory of 5076	4848	chrome.exe	87
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 1844	4848	chrome.exe	88
PID 4848 wrote to memory of 4576	4848	chrome.exe	89
PID 4848 wrote to memory of 4576	4848	chrome.exe	89
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90
PID 4848 wrote to memory of 1548	4848	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://aplicativos-test.bancodecorrientes.com.ar/%3Cscript%3Ealert(%22xssTESTBANCO%22)%3C/script%3E
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82737ab58,0x7ff82737ab68,0x7ff82737ab78
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1892,i,11890423724883257795,10362372780461458547,131072 /prefetch:2
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1892,i,11890423724883257795,10362372780461458547,131072 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1892,i,11890423724883257795,10362372780461458547,131072 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1892,i,11890423724883257795,10362372780461458547,131072 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1892,i,11890423724883257795,10362372780461458547,131072 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1892,i,11890423724883257795,10362372780461458547,131072 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1892,i,11890423724883257795,10362372780461458547,131072 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2548 --field-trial-handle=1892,i,11890423724883257795,10362372780461458547,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1924

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
2ac06d8538bf641de72efabee6a835fd

SHA1
16a22cffb241f340631fa2aefc76e3897aa8018e

SHA256
f7cb62828cc8ee4ac78ee44b69bdc5b3a3b8dc36151a43fe8b7f3201133b6f6d

SHA512
b4d3e30292e2b1bfbce0d413c2e2fea2bb7d0b74312af4fc513298b30d0a39c019ae9b7b5991a43f20710a90584407b3517c75612e805d0654aac3484ce74c38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e26a2fbbdb7573ee0919c02799b6499b

SHA1
f2eaa8e6e253a6d31c660fab423bed5bc550171c

SHA256
2acf527947640b699644e043674e71086d647ad75ec9403180dd8edcd3ec18dc

SHA512
7abdd58e86fb54a756f56e6dee6ed8ab30fb38d58d3dc78ad66474a694035ace45bf9b1b1ccb90fe63673255b4da2005fd9b64ba2c8dea4e703196daa10875b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
da9efd9c9f03bb07aa70063d686da9c1

SHA1
4fcb9f0ae9fe10af2dc58fb7a3e35c1a34a2878e

SHA256
8a29a5c539beac730c3f7e687f4fa106c1483676b5c75b8c4cb5322d9e17e146

SHA512
3a403bc20ff07cf849094791bc46a377612440e19da2b1602053b63dcd979e124369604bb0983e8b346360a608b22db5efcc053a8b2520a89b4667146c333697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
688B

MD5
34e89eb8bd5a1fd9da2492b8dcc72832

SHA1
d86c650e7ab7fee3bc0bc10282feb6f4b846f374

SHA256
0c2b7d95879e06c2da68642e35f18044da4b9a5b7b866a666f696d5473e2cee7

SHA512
6637cc85d69bc15569d4f62e85b37b2ff862021f807619258c3bbc3bf8901dd1e61b35d71f64e80f578b1f00b4debf50f0033ec5dd37f57c0fdb5c34e42de163

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
1fffc6f0f396d33bf0d5e90c2c9dba23

SHA1
e4ba8b810b5cde8821c80ff122fe211456772a40

SHA256
f4bd25cbb25decae780363e83fad498f583b977a7cdd0643e730ef7147b2101c

SHA512
c8f025cd5851a08d7ebccfcce30c63ce4734614ab2645b6e8c3c437d491310ce80f6c4fb3ff61518f5fa60dac7ec2c92b9afb52d17526ee70257f3eb8998589a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6418aa295756816121af74fabf167938

SHA1
97ec5f909c8db6ad6f90400a5978b2439f001c43

SHA256
53350f8a4be7b59b2ab420c7886875f0e25a88bbffb0b486e9bef5616bad432b

SHA512
730567d260274ae8544bfe07fcb0d9f85e3ce08f3ae1b2cc4845927e8f412eefc4f1bbd5f7856fed19002fd7de22e4c57ee7968fe3f0316cfa77e1da5b4a3d32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
8a0a9fc65e1bf7f1a53ae2f4b316ed88

SHA1
02b5603c282998e25602fea2edd0fe06749fc66c

SHA256
00cb5f44d496d6bf165a80459d7e127946c220bc8e60fd71cfab16ef2602ec5a

SHA512
27f45384181050f837e591c1042f0819a074387ae86b1c05a701daae750674e71bb8d43f23772a48ea551f4186544757de5f5c5fb71dacaf65f6ba3a2618ca3c

Download Submit