hxxp://centrodesoluciones[.]net

Analysis

max time kernel
149s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240704-es
resource tags

arch:x64arch:x86image:win10v2004-20240704-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
08/07/2024, 22:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://centrodesoluciones.net

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133649507284183503"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1520	chrome.exe
1520	chrome.exe
4968	chrome.exe
4968	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 2280	1520	chrome.exe	82
PID 1520 wrote to memory of 2280	1520	chrome.exe	82
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 1400	1520	chrome.exe	84
PID 1520 wrote to memory of 4044	1520	chrome.exe	85
PID 1520 wrote to memory of 4044	1520	chrome.exe	85
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86
PID 1520 wrote to memory of 4764	1520	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://centrodesoluciones.net
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8d77ab58,0x7ffb8d77ab68,0x7ffb8d77ab78
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1840,i,13059987341996673163,1297534161964267879,131072 /prefetch:2
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1840,i,13059987341996673163,1297534161964267879,131072 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1840,i,13059987341996673163,1297534161964267879,131072 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1840,i,13059987341996673163,1297534161964267879,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1840,i,13059987341996673163,1297534161964267879,131072 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4272 --field-trial-handle=1840,i,13059987341996673163,1297534161964267879,131072 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1840,i,13059987341996673163,1297534161964267879,131072 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4440 --field-trial-handle=1840,i,13059987341996673163,1297534161964267879,131072 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1840,i,13059987341996673163,1297534161964267879,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4968

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
36feeb70f9b9224ede029b1a3bb795b6

SHA1
090b3f05d315c95af7043b329d3448cd25ac992d

SHA256
367b26ef0614012bdafda2ee7da524e5eac69928afbcdeb75eb612f176fa0239

SHA512
4d37206406a795822f2c02ef6ffba609b2879bafd844cf3436d6d3f466edf8721fe04cffb0258dcdcba705e0bfa5bebe28a5228245f8df65afe5ba46f9dbcc2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d7547dda7b924229d3a9c4033a2f3afb

SHA1
609113f31ead1980039037c601eda6b21f998400

SHA256
f80769905cc7be0527e681adf92927e3a43f35869151717cca64a29871ab18da

SHA512
dfedb08d877abb0b5c1bdab10a77894d9d346bc0d147c2755dc92cb5bf9b89a9b9a524e3366388a47c78d3353297c3d0209b785cb77ba5b296190d850df95bf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
059ffce70e5f44b0c4e498d6cbb3147c

SHA1
93fd87c0468db1e5b1b55ce0c8b23fd7ef50f9f4

SHA256
82dcd6926ed82ce0811f9397e3d1f8ae14b971c2d0bd8d4eb927c185b16c91bf

SHA512
1f1357527f94a4cbed321b0b2671f681d0bae77cfdaef97626aa7aadb2c60b87285e151299a83f34aadb6f70d37dcaedfa60f1d29ad300cb90318b5db0f78d3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ac4b0fb11ae5ae6abc9af619d59fa972

SHA1
5736ed14a81db1d70cead9481f3a52cf426a8859

SHA256
10a0fc3e29b21bc711f57e859fd67bec62ceb8498bdb9b2fc5edae6d670f47c3

SHA512
63ca0cd6b22564f3d6439792bd58dca256b7f07a7c9f9dd62077124fe29fce7cdfbc29863311f356ba73698d3358ce9c68d85bd65cefffca796e4b6cdb2e383d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
1b39ed6659f3cb38e7bc90d1d65e41a3

SHA1
a9ab85d328ca773a2453073a523bfa8822fd903a

SHA256
731cdb9a95d9dd4d3344abeaff744fcf015208a2c7f326b46735c96a92c955f3

SHA512
03357b51f5f6a6c4f1839ff1080c1e6fb2779b676f33aab9b612fb06bf64a06d69c265303c36437f2c9b7aadb5da8eefbdb64765b94efd288f875d8d2b331614

Download Submit