Analysis
-
max time kernel
149s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
28/05/2024, 18:03
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://contactmonkey.com/api/v1/tracker?cm_session=6cb0d7b4-7514-49ed-a422-137958b36105&cs=d01410f1-e93a-498a-bdf9-aed95ac45c9b&cm_type=link&cm_link=c38d4278-31b3-4240-b05e-868db3a168a7&cm_destination=https://contactmonkey.com/api/v1/tracker?cm_session=78cba606-2264-447f-bc39-16d7e80cd3c0&cs=825ad42b-2c78-40c6-8587-3b0541fc1564&cm_type=link&cm_link=0da11854-d710-40c4-8250-bcd92bcc7ee9&cm_destination=//danilomontemurro.com.br/redirect2/rd/ZWR3YXJkLmphbWVzQGluaGFiaXRpcS5jb20=
Resource
win10v2004-20240426-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://contactmonkey.com/api/v1/tracker?cm_session=6cb0d7b4-7514-49ed-a422-137958b36105&cs=d01410f1-e93a-498a-bdf9-aed95ac45c9b&cm_type=link&cm_link=c38d4278-31b3-4240-b05e-868db3a168a7&cm_destination=https://contactmonkey.com/api/v1/tracker?cm_session=78cba606-2264-447f-bc39-16d7e80cd3c0&cs=825ad42b-2c78-40c6-8587-3b0541fc1564&cm_type=link&cm_link=0da11854-d710-40c4-8250-bcd92bcc7ee9&cm_destination=//danilomontemurro.com.br/redirect2/rd/ZWR3YXJkLmphbWVzQGluaGFiaXRpcS5jb20=
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133613930392308896" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4908 chrome.exe 4908 chrome.exe 3268 chrome.exe 3268 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4908 wrote to memory of 4068 4908 chrome.exe 82 PID 4908 wrote to memory of 4068 4908 chrome.exe 82 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 5048 4908 chrome.exe 83 PID 4908 wrote to memory of 2396 4908 chrome.exe 84 PID 4908 wrote to memory of 2396 4908 chrome.exe 84 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85 PID 4908 wrote to memory of 2300 4908 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://contactmonkey.com/api/v1/tracker?cm_session=6cb0d7b4-7514-49ed-a422-137958b36105&cs=d01410f1-e93a-498a-bdf9-aed95ac45c9b&cm_type=link&cm_link=c38d4278-31b3-4240-b05e-868db3a168a7&cm_destination=https://contactmonkey.com/api/v1/tracker?cm_session=78cba606-2264-447f-bc39-16d7e80cd3c0&cs=825ad42b-2c78-40c6-8587-3b0541fc1564&cm_type=link&cm_link=0da11854-d710-40c4-8250-bcd92bcc7ee9&cm_destination=//danilomontemurro.com.br/redirect2/rd/ZWR3YXJkLmphbWVzQGluaGFiaXRpcS5jb20=1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4908 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc502dab58,0x7ffc502dab68,0x7ffc502dab782⤵PID:4068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1892,i,2934508454734044735,3664441594974049510,131072 /prefetch:22⤵PID:5048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1892,i,2934508454734044735,3664441594974049510,131072 /prefetch:82⤵PID:2396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1892,i,2934508454734044735,3664441594974049510,131072 /prefetch:82⤵PID:2300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1892,i,2934508454734044735,3664441594974049510,131072 /prefetch:12⤵PID:3940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1892,i,2934508454734044735,3664441594974049510,131072 /prefetch:12⤵PID:1740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4196 --field-trial-handle=1892,i,2934508454734044735,3664441594974049510,131072 /prefetch:12⤵PID:2844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4424 --field-trial-handle=1892,i,2934508454734044735,3664441594974049510,131072 /prefetch:12⤵PID:5056
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1892,i,2934508454734044735,3664441594974049510,131072 /prefetch:82⤵PID:3788
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1892,i,2934508454734044735,3664441594974049510,131072 /prefetch:82⤵PID:1740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1892,i,2934508454734044735,3664441594974049510,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3268
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3060
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
888B
MD5c07c037233a1556edf3607a16c18835f
SHA109146c914b29476e1ba2fe30c8a94426bf44a2c9
SHA256dd32f5cdd03653fa963c2cc7268ff4418bd21fb5044ec577ab05983ca4998aa9
SHA512ac09ef3fd9b6e4989652665ad40df7102d7a47cc879a27d68b125115dae5cbb1fe2fd63224663976adf1c3421eb014e1f7c7af5ed765fa6bcab4f7e23916cfeb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\518a5847-14d0-4c0a-a5a8-f2b1f10530fe.tmp
Filesize2KB
MD59ae3a2dea976009d1246df9e85a0408f
SHA18c9894bf4961abb58ec34b2744b3e78cd6c4e75a
SHA256327420dad02e3d60b7cbf0bfaca001e7e83169e8a96e80bbc3a694509feac697
SHA512aec2338d2afa1c3f582e33db87a1af3e1afb194c6005ef5f8140c1a1734834964ef79fbdae78bd55daefc2ba0ed8d9fcc393c214fea58db3347ac3bc12bcd39a
-
Filesize
1KB
MD5c51c63df707ce124a402c7e74e6a16c5
SHA1c7f540cdd3c669159187d7522bffa498c3aec907
SHA256b9231f1674ac93221782f360eae4ccefa51221a571af306963d0981417d5fe52
SHA512eace425c44765656ed03a457d6d59266052cf3771320354371483a63577a539b1f21cd85ff6f141ea2a367978d63aaf5272b4fd9d71ab78739b32cbc87d3e663
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD57e517083f04e208614c7887de201f7a5
SHA1dc514809de95358a25b02e1f1960ea4145a54be8
SHA25683d8c7d4cf9eaa4b78068316a219dfeffe882ea999b3c75d91e9f6369a15bfb4
SHA512ae51d253b928f33ede766e2bb644b15aa5cca9052173ce0e4077bacc220dc0a6c2a22848196773d70c2ac56b67198cc6d4345e25678688892569ff9af4996224
-
Filesize
7KB
MD5bff5b2006448a6b62762ef4d94040786
SHA1823b099387d8a2ff7ccdcfab24247df69c3c8747
SHA2564feff2a8e26eeae8056fa9a96f5bd381022f65434ce6cbd7d38a057bde2dbd95
SHA51237bf48359a44100ca0a75906be91066cee0df4fa0ea49002e6705d4c6c56bd507a0baa2bb22e399e433d36d6a96f04037bfbde366f239d651267807aca452f10
-
Filesize
130KB
MD51ac87db8c1f3529be954f6db1f671251
SHA1b04c022bc87c4262e52d83b0ab7f97c4630e8ea2
SHA25656836effd82b60b6866deb615897e80de59173d0027b1e18ac5625c7387eec34
SHA5128509598d3aa520d48bc298d790c60579ba72d52f93b186bbba1f1373ebf58c8c37fc2d26aee9fd123202737ae5e4f2b0ed843746df1c179e0359478c2991afd0