hxxps://maquionline[.]cl/Redirect/htdocs/home/index[.]html

General

Target

https://maquionline.cl/Redirect/htdocs/home/index.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609133432378567"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

264 chrome.exe
264 chrome.exe
2080 chrome.exe
2080 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

264 chrome.exe
264 chrome.exe
264 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe
Token: SeShutdownPrivilege	264	chrome.exe
Token: SeCreatePagefilePrivilege	264	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe
264	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 264 wrote to memory of 2264	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 2264	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4780	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4932	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 4932	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe
PID 264 wrote to memory of 1488	264	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://maquionline.cl/Redirect/htdocs/home/index.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff810c3ab58,0x7ff810c3ab68,0x7ff810c3ab78
2⤵
PID:2264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1852,i,11613612851199124739,8063986052472034826,131072 /prefetch:2
2⤵
PID:4780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1852,i,11613612851199124739,8063986052472034826,131072 /prefetch:8
2⤵
PID:4932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1852,i,11613612851199124739,8063986052472034826,131072 /prefetch:8
2⤵
PID:1488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1852,i,11613612851199124739,8063986052472034826,131072 /prefetch:1
2⤵
PID:2180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1852,i,11613612851199124739,8063986052472034826,131072 /prefetch:1
2⤵
PID:5040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=1852,i,11613612851199124739,8063986052472034826,131072 /prefetch:8
2⤵
PID:3552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1852,i,11613612851199124739,8063986052472034826,131072 /prefetch:8
2⤵
PID:4860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4160 --field-trial-handle=1852,i,11613612851199124739,8063986052472034826,131072 /prefetch:1
2⤵
PID:2120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=996 --field-trial-handle=1852,i,11613612851199124739,8063986052472034826,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2080

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
5715a3c40755ae3dc5d91ce3d127629b

SHA1
892c55475a285974bbe756ad605f809ff08633fb

SHA256
2fa769da51588e2c513e5b34f109920a328a1f42b87d127e6a5452b83e11190f

SHA512
ad475fc3867a3ced88bcf66496b97da502e4fb6698f949767d4eeff07f6ea959df76ccd3181e7a6c7960ea9bf19767e9e9a0d72e663860b7c23116174655e796

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
68f0d1e86549082e9dd6e6d993b2eaff

SHA1
94397c7f140f8dfa1b20218c1216d93578dbd8c9

SHA256
011d293d444f8c8be24e9cce1fa56aa14bcd413b33e7c4bcca585b48994ffaed

SHA512
e595cc0302b5f72ac407273b080e177fd822cce08ce99754e95cb3ca4383b273bcbb9dbe51099b9a08dcbc5db1851c46361c54c4a5d3e44bb233a4410cc40ab6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
3a34b8e43a73e63176b347647ac10a98

SHA1
c2cceb83021e847dbf770dff9c1c478ddbe01d9d

SHA256
c67fc47c6e93e66854d792015cd6dfe314b0ead08ce4799f4789cc6b23a7341f

SHA512
9403c4c0a8946f069f6f26235d535a91ad4fc549a7dc941296125d6173174c81ac441601a8a89d1ad6ea4adce43465c766f2facf7674d6c5dd20c15f0059a5ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
0ca3870007dea4b6b92e6d41b98ec260

SHA1
7e08076b175d085fabed75956bfe7d8da3ccb4d0

SHA256
b54c5d06e11fea7226548e1dc1a739d58b1137adfebe9ae35434c49bc71f132e

SHA512
64d8644148ab72c347ad0852fa91107d3948a4a9a878a757b051193f96dc2f8a6a0b8769072ba1adb73eff40c4d73c2d89885a0213a7bc5f037b83b2a73b4b99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
db425bf0393008ef3a01e25cefda2058

SHA1
e7701491dc693c5755087de17f7ba6b5f9f84141

SHA256
fdfb0f67f13abe3e0b6d060ef85fdf2e699f546f3201b61f7922a7dba2167e8f

SHA512
17dbefbca7eff146f4ce4879af6b5bb95d085861ac30159bd2c8daf336e07a2b407427c1555c96a393202778fe642825366fee4a1213479c70181a5e259b3440

Download Submit
\??\pipe\crashpad_264_ZDUVFKLHSVJFZMTP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads