hxxps://www[.]linkedin[.]com/company/cobli-brasil/

Analysis

max time kernel
13s
max time network
14s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 14:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.linkedin.com/company/cobli-brasil/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133612945352588266"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3208	chrome.exe
3208	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe

Suspicious use of AdjustPrivilegeToken 26 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3208 wrote to memory of 1448	3208	chrome.exe	82
PID 3208 wrote to memory of 1448	3208	chrome.exe	82
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 3848	3208	chrome.exe	83
PID 3208 wrote to memory of 2692	3208	chrome.exe	84
PID 3208 wrote to memory of 2692	3208	chrome.exe	84
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85
PID 3208 wrote to memory of 2592	3208	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.linkedin.com/company/cobli-brasil/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9e6fab58,0x7ffa9e6fab68,0x7ffa9e6fab78
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=268,i,5565967627833154123,9279911412198769367,131072 /prefetch:2
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=268,i,5565967627833154123,9279911412198769367,131072 /prefetch:8
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=268,i,5565967627833154123,9279911412198769367,131072 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=268,i,5565967627833154123,9279911412198769367,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=268,i,5565967627833154123,9279911412198769367,131072 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4392 --field-trial-handle=268,i,5565967627833154123,9279911412198769367,131072 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=268,i,5565967627833154123,9279911412198769367,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=268,i,5565967627833154123,9279911412198769367,131072 /prefetch:8
  2⤵
  PID:2396

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

Filesize
394B

MD5
616d36baa29aab92493016c53688c823

SHA1
96eb09730c8657b8ae7fdf24b1641ff14cccc2e4

SHA256
b18ce6d1f162750db409fb64fe759fa5be1113552fab33c0e2e304eed3a571ca

SHA512
e6191265f278bcddff401f394a38317d337c40f177959710ceb4bc3ce6e8ce6803a5f30aa86b94ec9245063446c833ef2cf4ecff7a3825d394b176e64bc7c2df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old~RFe5777df.TMP

Filesize
353B

MD5
db0d1c7c29acb7767928c8dcb0ab0b96

SHA1
1a2034300d986bf7b28442d3414b2fdbe8af34da

SHA256
e060871d93e7ad1e6601997ecaa420a3f6260230d278e5caec3bbf9ebe7c1816

SHA512
083772c7baa57af2a561752f377d167c3a9637998dc35b2e469006c6bfe31ba59b45ee88907ad4e373dc011ab5c79f45a28ff6816ceac2b58a774c157ac247ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
8e8f8b3c6aee85aaf738c69ef8c3734a

SHA1
d43721adebf37ecd3eb19876a3dbdca54497fdbb

SHA256
284b9b165357ae85a4c127119ff3ff2dedde8f7afe463902b01d4fb728963c4c

SHA512
39e535576f7c5ed10bbd571943e1abe174d00dff82ba09541909356b3671becd4b6754d51ca4ae15c9f1fb1be6162c6e3560ca804e5675e96a4c70660bd06045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f14fc26c01df93721ec5711e04c3a944

SHA1
82073ecd535851c8f6f049ec24932f9bbdafbd4b

SHA256
113b1c4c9714f996b08529dc470d2e06e36c1cf6eed969b0ba50bb8fc05f8bbb

SHA512
d905ff657bfbb8282342fd8acd2c61d5a4cd2effc802e8fd1b1d32cf299ae4f3099c5f1c4f1366bb0f7e4b8fec8bf6f36a42659845055277936361fa1d765bf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
dedc46d71246f9696aef1d18ac33a16d

SHA1
22a05ce3f0c3d200ae38678d0f5d0a2827e6c4e5

SHA256
db652c0300d5467de50a9f25cd7c1572b8ac27a6be2e2d4f5b93da60372f2b02

SHA512
23934d264562f4b424f6a179865909fd13dc30f2e38a97c12a6ca9553eea27258fa8594e226fcb981464272d920251966987bb142a8eab2c12a4d495b220329e

Download Submit