Analysis
-
max time kernel
1799s -
max time network
1800s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 17:43
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://aut.bcoctes.com.ar/modo/login/
Resource
win10v2004-20240611-en
General
-
Target
https://aut.bcoctes.com.ar/modo/login/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627744458628747" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 3420 chrome.exe 3420 chrome.exe 4088 chrome.exe 4088 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
chrome.exepid process 3420 chrome.exe 3420 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe Token: SeShutdownPrivilege 3420 chrome.exe Token: SeCreatePagefilePrivilege 3420 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe 3420 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 3420 wrote to memory of 396 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 396 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 3888 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 4796 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 4796 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe PID 3420 wrote to memory of 1012 3420 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://aut.bcoctes.com.ar/modo/login/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3420 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2146ab58,0x7ffe2146ab68,0x7ffe2146ab782⤵PID:396
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1904,i,1936472472679789624,12915908854792370504,131072 /prefetch:22⤵PID:3888
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1904,i,1936472472679789624,12915908854792370504,131072 /prefetch:82⤵PID:4796
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1904,i,1936472472679789624,12915908854792370504,131072 /prefetch:82⤵PID:1012
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1904,i,1936472472679789624,12915908854792370504,131072 /prefetch:12⤵PID:2088
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1904,i,1936472472679789624,12915908854792370504,131072 /prefetch:12⤵PID:988
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1904,i,1936472472679789624,12915908854792370504,131072 /prefetch:82⤵PID:4672
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1904,i,1936472472679789624,12915908854792370504,131072 /prefetch:82⤵PID:1076
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1904,i,1936472472679789624,12915908854792370504,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4088
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3760
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4360,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=4380 /prefetch:81⤵PID:1880
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4204,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=1284 /prefetch:81⤵PID:2104
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264B
MD530e7afc80c065a44a4bae2a300e41633
SHA1475448c180a2e819ab4228717dfc57575296844c
SHA256429be47a4648e21c1539d9c24ed8210594c49cff16de347d2938f4065a1dbb8e
SHA512333dce87815c7ec3083b07e0b47fbee81c37d4c935ab1248547695de713e28b5ee560ffc8101bdbc4df002cfeb5b1d9b3c3a8f1e7bfd1ecc01f357382d264955
-
Filesize
1KB
MD5dcc2a7203929231f9cab52c85282b511
SHA1b9dc26c3613dc9e19a28a8d070b4fccc8a152a85
SHA2561e3e5e7a3b5dc619e54e8308b8d104847856d76411cbe6b887c6bcc92d7d7ba6
SHA512fd1b950d075b0bca8e160acf9bb90e9eda8bda658ebef55496be1e12b0a174aea554cb7e73b7332ff552e7f1c3ef72d17a10a7d27bd4f7284e33f3e44b0d85fe
-
Filesize
2KB
MD5d8362b4122011f49858bd1009dcd79fb
SHA15423b296a98378777bf4503aacf194c693dd3eac
SHA2567eada2d77c16f2a4a6246c1ec71ae1359323ed984d98bd497578a85a85a7c8d6
SHA512095d2f58572ebabef22108aa807604135774d0f3356c080859aa5642db10ac9e9544db53ace885e01038903ef710d1a4582bb66acd815a5132a4bcd547f9bc53
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
524B
MD570c1c5b6fb1b3da2afd5b299b737c444
SHA1b6f88cfb236c115f0812ecf775d829c22db3e891
SHA25687c642d123a72392274bc2e0ed256a1690e5f5e331734095c720d457382b8478
SHA51222a077ceeb5961d3358d2ff4fc14fb647c319b584509ed3391dcd89a3d13aac00e1ea77f40d404acb4d1754f0bd730736ced30e84485785b3441f6777baa2cab
-
Filesize
7KB
MD5ff6bad6f4ebf54048be4d754969969f4
SHA159180e24eb00bee374272d29b1bfc11e165680a2
SHA2568c85b710f4368cd12d1b821b4505bebb84d8d242b0d56af13b3ae5cff6abf4ca
SHA512ab437495c15ca36868f758c3d367f67baa5768a8b9b144c615a44b0f25452d04ec8cac22132ef6fb33a93b04ee423dc9e3a50aa01fdf13568ad87a8a6668a8f2
-
Filesize
138KB
MD5e74a0db1ba554ddec8abd66042e3680b
SHA1307d78a40bdcca0c1ea64130352d3043d028160b
SHA256255e68534b6173b59c38afeedcfcb4cd70269ee5bf18a584d137b13613eea2e1
SHA512b439eb16c83a9e80c5d1d05640cc94f639d395963d9da9116e4a7c08a5cb754efeedd47c5d0b9207314520781f918f1a8e49bfd4f2711335d1e7da7d129902d8
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e