hxxp://frog[.]cl

Analysis

max time kernel
1800s
max time network
1756s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 08:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://frog.cl

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608402301098196"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4760	chrome.exe
4760	chrome.exe
3884	chrome.exe
3884	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4760	chrome.exe
4760	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe
Token: SeShutdownPrivilege	4760	chrome.exe
Token: SeCreatePagefilePrivilege	4760	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe
4760	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4760 wrote to memory of 1428	4760	chrome.exe	83
PID 4760 wrote to memory of 1428	4760	chrome.exe	83
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 2340	4760	chrome.exe	84
PID 4760 wrote to memory of 4476	4760	chrome.exe	85
PID 4760 wrote to memory of 4476	4760	chrome.exe	85
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86
PID 4760 wrote to memory of 4216	4760	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://frog.cl
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xd8,0x110,0x7ff89307ab58,0x7ff89307ab68,0x7ff89307ab78
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1872,i,4767599878946285812,805457806928245696,131072 /prefetch:2
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1872,i,4767599878946285812,805457806928245696,131072 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1872,i,4767599878946285812,805457806928245696,131072 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1872,i,4767599878946285812,805457806928245696,131072 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1872,i,4767599878946285812,805457806928245696,131072 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1872,i,4767599878946285812,805457806928245696,131072 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1872,i,4767599878946285812,805457806928245696,131072 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1872,i,4767599878946285812,805457806928245696,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3884

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
adc565da0efa9087311ffdf1bd8892ef

SHA1
72a76b867da1f26c05a8af9761f648e8a1a2c5b5

SHA256
25283b5311d69322a528c8ea16adde89aded8c685744a388b42bed428a67c2b2

SHA512
45805fc38088004f66ad7bf7d0036284af2844cee00837f4a95d15ea538579457f525babc589bd22b69fcc76a710c780e709acbe4abdbe278a6cb41869551cb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2f52dba8c1445fdebbf7c032b708d15f

SHA1
ea3b2d23a18442340de1f1361f875d293b66f957

SHA256
4eded083dea10233f9e62ea78146db54136e8d956fb5bf0ef2c6c30c245fb57b

SHA512
70e67a1c59ca211d8b8fd92883d6cfb46d53e0559ff8accf3b40451701eb38a220f0b45da50420a6867093bfdcad0a3c1e81de2ecff0ba4fba04b05998a85f4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
40b34cd86ba1a620c4dcdb7fa4f9b659

SHA1
7c5082dbc565194d0c8ab2224e0549942b343837

SHA256
71b8a0f4de52a1711205f1f7f2e89ffb5cc85edfe694ef5ae097392d27232586

SHA512
96fbecf6a512f98bd5e02ed6a72111242d28567819a6ed7457d9fa2593c37fded347d3b583d19f6624df5facd2e1f509f2290a9f96247a14b36cacb712b8c0f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
336c40dcf174b7049a50bc054c117903

SHA1
372305760f6ee63394f3913ec8992a721982468a

SHA256
10ed1f10b136dbe578b17fc639a3777f00c8df2cd3fe62ddc4949ab608039dd7

SHA512
93fb24e374bee6511614cab7bfc3042901b6efab460d479ec6fd0cb0c8d9c1855fb59887cc5cc1240c16aa7bcd60ea77a149ad8b6aa918b5f66820ecd23e315e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
60f2cde74e87536ef181c97c78c1d963

SHA1
f9e65fb406095464163a805c26df9aaf54e82a56

SHA256
3b3159e9c4c9cce289df0152433b7430b1acd9721480df4f50cdd69246e3f336

SHA512
9a1ffe08dbfb73be67682340f9a3bfba6c9e994cfa6b3c71a003a5bc977cf4aca46049cf341933b29b8b00cfe94bc257e7428d10e6d7c947eca0f18dd4a40851

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
73465461a9bcf15d35705826233a514f

SHA1
63859efdaf5051181f11e24cd46dd42c4850d19c

SHA256
f1ad2381f37b1eb52149b8f37be423376af2d55d6e74668f2db25b95d3278e74

SHA512
9e382c1b0a3a2d079b0d2fbca919b200235dea52e0bf15dc3873e7d5fb7389aaf16016811ae3dcd40a2ade3e4e72973d7c8f06980915a40d48947cf15a9c1a48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
22f0596ce9cc55b9fd6659b29c27eaa0

SHA1
2989841f8e34ec54521af0f8e84320df2f4e2ba2

SHA256
2c54b3070125cd6a3ed7aaecd9ee18b84b3002a946cb97ad0768856e73d42f5c

SHA512
6b0afda048e581464dd730a54e402e8e5ed5387b15de1dd0673aa3ccc94d7301158f0673a342552188d476823b2336a0628e0bf565d4c978a1eb6d54fa9ffe9a

Download Submit