hxxps://vdrk5wfv[.]r[.]us-east-2[.]awstrack[.]me/L0/https[:]%2F%2Fwww[.]comgas[.]com[.]br/1/010f018f74a839f9-c25e59c5-4ee6-409a-8fea-5d997bfcddda-000000/K1oTlRbLhorIaQwE0K4Cp9LPdRg=158

Analysis

max time kernel
52s
max time network
53s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
14/05/2024, 11:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://vdrk5wfv.r.us-east-2.awstrack.me/L0/https:%2F%2Fwww.comgas.com.br/1/010f018f74a839f9-c25e59c5-4ee6-409a-8fea-5d997bfcddda-000000/K1oTlRbLhorIaQwE0K4Cp9LPdRg=158

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133601583931369433"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3004	chrome.exe
3004	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe
Token: SeShutdownPrivilege	3004	chrome.exe
Token: SeCreatePagefilePrivilege	3004	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe
3004	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 3024	3004	chrome.exe	81
PID 3004 wrote to memory of 3024	3004	chrome.exe	81
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 4080	3004	chrome.exe	82
PID 3004 wrote to memory of 1628	3004	chrome.exe	83
PID 3004 wrote to memory of 1628	3004	chrome.exe	83
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84
PID 3004 wrote to memory of 1764	3004	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://vdrk5wfv.r.us-east-2.awstrack.me/L0/https:%2F%2Fwww.comgas.com.br/1/010f018f74a839f9-c25e59c5-4ee6-409a-8fea-5d997bfcddda-000000/K1oTlRbLhorIaQwE0K4Cp9LPdRg=158
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc25ddab58,0x7ffc25ddab68,0x7ffc25ddab78
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1816,i,8965194692509459652,11085078270345117875,131072 /prefetch:2
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1816,i,8965194692509459652,11085078270345117875,131072 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2108 --field-trial-handle=1816,i,8965194692509459652,11085078270345117875,131072 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1816,i,8965194692509459652,11085078270345117875,131072 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1816,i,8965194692509459652,11085078270345117875,131072 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3920 --field-trial-handle=1816,i,8965194692509459652,11085078270345117875,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4396 --field-trial-handle=1816,i,8965194692509459652,11085078270345117875,131072 /prefetch:8
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3084 --field-trial-handle=1816,i,8965194692509459652,11085078270345117875,131072 /prefetch:8
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4540 --field-trial-handle=1816,i,8965194692509459652,11085078270345117875,131072 /prefetch:1
  2⤵
  PID:644

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
502KB

MD5
add520996e437bff5d081315da187fbf

SHA1
2e489fe16f3712bf36df00b03a8a5af8fa8d4b42

SHA256
922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4

SHA512
2220fa232537d339784d7cd999b1f617100acdea7184073e6a64ea4e55db629f85bfa70ffda1dc2fd32bdc254f5856eeeb87d969476a2e36b5973d2f0eb86497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9204897e11ae91189afcc760ecdfa627

SHA1
dd18f6c3a2459595f68a8b103cecd492b0f0fd31

SHA256
59e32eb4f57af3536b960776bf35478bd49e29d3cb68fd4e660293ed84e7ef70

SHA512
aa4fe6f48986adb71bb6a91d36711877c36e2e586131f7b49dda0699ca6517d9dc69cf0628c440ccf0be9c1762333288faa67156066aa831aeb8c7d80cad499d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
7030bfb67bd76fd483cb2b090a051deb

SHA1
f510b45ff0c86dbd5c43e8517e830f614bff0c0e

SHA256
e02eb14edfb19e29fa7448bbb89527b10cb785272a3d52ded4b2cea5b16b0f3c

SHA512
82d4a88e54a4c730abde9065c136956fe81815f30dacc820d2276378b48052672dac37905179dad0a861fee6d422e83392534e48a9488d2759a79e726325ea84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
07404d262882bb004bd9152cae8a887d

SHA1
dc8dcb18068da2bda80d93ced35d02d874f8a76f

SHA256
92309029c97125a0f1ae11b6fc2b6e495c5e446fd1a5a41c55523b41e413199f

SHA512
95dd2b822862c23137b2bbb06aaf4be7cd07193bfb915c84ef56a2f4a6d2d9e7737183ffdd7894514a128cb0f65d2321dc3c2de5811a0f780cbb4c411d7d3b65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9d468a24f2f96a8888bc68e96b6bb0a6

SHA1
e2d5ef0cd0e760fdbf3267dc2176f441f84b9d73

SHA256
1dd6965b48d3a88112a87679d69fae00f7c8035f3ddfa7f60258e720792cdd76

SHA512
643e3ccff56027e6b5449f05a35979c18d9a1a782922abc48164519207a0881e38ebc0643f326364b36187500e4984892b0edc9da4233b548eca2423f62ff8a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
4e7770520f96d3664526c868744b5adf

SHA1
214c7a37f2170cc5eacea9cdca88dd2f90eaf097

SHA256
9459c2f44a73a5d00daf4038e1664500582e328374f3fb503780815298aabbd7

SHA512
059ffad891e8632008d2770faa8bfb10b6f059c116033ae0555fe761ee8c395fa9fd9a2f13c40210967f293c098c877567abfd995f5d2de197c86207ad355d6c

Download Submit