Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
27-06-2024 20:03
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://track001.correo33.com/email-marketing/plus/campaigns/redi/370111/?contact_id=63616241&utm_source=clientify&utm_medium=email&utm_campaign=segmentacion-vocacional-y-ocupacionalW%05spceuBft%EF%BF%BD%EF%BF%BD%7Dfz%EF%BF%BDn%EF%BF%BDR%[email protected]%04%00%00%05%EF%BF%BD~
Resource
win10v2004-20240611-en
General
-
Target
https://track001.correo33.com/email-marketing/plus/campaigns/redi/370111/?contact_id=63616241&utm_source=clientify&utm_medium=email&utm_campaign=segmentacion-vocacional-y-ocupacionalW%05spceuBft%EF%BF%BD%EF%BF%BD%7Dfz%EF%BF%BDn%EF%BF%BDR%[email protected]%04%00%00%05%EF%BF%BD~
Malware Config
Signatures
-
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 74 api.ipify.org 76 api.ipify.org 91 ipapi.co 92 ipapi.co -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133639922564509044" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 5084 chrome.exe 5084 chrome.exe 1760 chrome.exe 1760 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5084 wrote to memory of 3024 5084 chrome.exe 84 PID 5084 wrote to memory of 3024 5084 chrome.exe 84 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3324 5084 chrome.exe 85 PID 5084 wrote to memory of 3996 5084 chrome.exe 86 PID 5084 wrote to memory of 3996 5084 chrome.exe 86 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87 PID 5084 wrote to memory of 4724 5084 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://track001.correo33.com/email-marketing/plus/campaigns/redi/370111/?contact_id=63616241&utm_source=clientify&utm_medium=email&utm_campaign=segmentacion-vocacional-y-ocupacionalW%05spceuBft%EF%BF%BD%EF%BF%BD%7Dfz%EF%BF%BDn%EF%BF%BDR%[email protected]%04%00%00%05%EF%BF%BD~1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5084 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd90b5ab58,0x7ffd90b5ab68,0x7ffd90b5ab782⤵PID:3024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1800,i,3188025100692687124,16320400246124279602,131072 /prefetch:22⤵PID:3324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1800,i,3188025100692687124,16320400246124279602,131072 /prefetch:82⤵PID:3996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1800,i,3188025100692687124,16320400246124279602,131072 /prefetch:82⤵PID:4724
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1800,i,3188025100692687124,16320400246124279602,131072 /prefetch:12⤵PID:1912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1800,i,3188025100692687124,16320400246124279602,131072 /prefetch:12⤵PID:1780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4516 --field-trial-handle=1800,i,3188025100692687124,16320400246124279602,131072 /prefetch:12⤵PID:3968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1800,i,3188025100692687124,16320400246124279602,131072 /prefetch:82⤵PID:1152
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1800,i,3188025100692687124,16320400246124279602,131072 /prefetch:82⤵PID:4488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1800,i,3188025100692687124,16320400246124279602,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1760
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1784
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408B
MD546ccf0d8ce7a5c62e465e13d6330cf37
SHA1b0aa1557ec962bc54dadd0ba5bec551277e7d03d
SHA256f7e7d228abd0ab11eb200abc3f97173c9ea4a29274adfce3cb491014baf24d8d
SHA51238491e7edd1e61170ae929c2dcfd04f2da27ef51f17814eeb155bfda0ca9355544839cf865c569f76445e3aace904cfabc71c18b0585b4bc8ef9b2e383ad565a
-
Filesize
3KB
MD573fea201c34a5e847af407a39524b929
SHA10602ffcfa0033301c9a53b6e736045fbf49a152f
SHA256d4f20f29dac25784cf8c75466f1c45f7a687f81b88d610ba4d7303ce43b3350e
SHA51286b83e89f9ee01124f4ecce4b6b2cc486c36242729ff421059fbf4455e3bb794400ae128a756a0451e7cf38e8d0a56a3a17451413f563e04c3a13e6553c3d219
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD5d0eb69d4284be44d4538c1a5eac3591d
SHA15f11f950baa346cfe0578a82605ad3096adda429
SHA256df59ec93a8fba2e1178fa4e261675c0789703b28f4db1d800d320b25572cf3f0
SHA51260b4406660c00f1c90e09ba876066881aa1d9ee9d8bc8a38985b00e7ee538d551cdd398ecc935ead85728294b971d1da51979b0162ac0dd6f36635114a91fbe3
-
Filesize
1KB
MD5fce7e20606ce3e7f649e348231051a21
SHA19ad0bae826643b2becb942b86ac09c335de8f0fc
SHA256f9fcedc2b662e36aa27e180d11ff77b54af6addecab6be179ce0c54aa4a4be86
SHA512d84797c85c01d7cfb7fc972b97d77d2f3d35628e80fda8efb4dd0a12bc5659aad260b5cfc16f22955024824d3f02c89ca8bd04f0b6ccda5ee1939fa78797234a
-
Filesize
7KB
MD55a932a7288586766791a6966a53a709e
SHA1f328205775a184888856af5c0c975b5654eb7b5a
SHA2565e4dc7b2a30e79b6b4a6e1af7e7852b1161fad53e6269691be18a29a2d7bdf1c
SHA51252069dfcc71c126f56df1e760dac9ce5612a73e9e5e431b4abd3bc4ba4ed52518f4799e2f8b3c1b1a777e6d11ef5c91a8793c12f0f1a29cf303a2f5a7b4bb271
-
Filesize
6KB
MD5ac0dc05ca77b505f1d9666ca4016b4b8
SHA140e0830e20a110a383eb33ac9e05128cc585b9e7
SHA2560b8a2b6d7cdcb6cd6a5249fd7c79dd0a0b9573c2000593e294ca37e0f0503c5f
SHA512486c6c326fdc27872c7814c4ccfe27e4efdc7781486b141a981a8b99cca73cc22ffb6e0ae9492b53efe781afd54fc56d586df21f2093dd64966ba48769778d8d
-
Filesize
7KB
MD5bcd6d8d00e8795f64ce1b23ace4d2aff
SHA1a9340eff2fa3ca7446c2fca9ca333c01e77708c8
SHA2565245e21e21836d4c38032164b99833ba93a308b36b11aff50f5c58103eae827b
SHA5129a0c263e99c4321eaa8fd782e456ab92d903f6ae32834585c592a53cc1efdb3241546c1f61caca09e525bf30bc2d7c5ecd4427f3b556518bc67d419a53b0277b
-
Filesize
138KB
MD5c1a0e186d6b026545d13ec5733d782e2
SHA160c57c0df3a6cdd76c65cdbf8be463e92a00f8bd
SHA256a4b951a48691f68aa5d3090a3e4c876e3a80a7e4d9b91e7e4f10d67307f9e6c9
SHA512ea34067bbe823550951f02d2ba96759e7fd9a124b4f9f34e95d62c092d1b851f50cbe42525f29ae0c860ddcb801348e846273c0555f1db4f978bfd2d717927f9