c36aceb6c342f118436ab536688fcb6260561e638f07165a672fadb959c42d21

Analysis

max time kernel
106s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26/08/2024, 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20240821_ArchivosII.zip
Size

3KB
MD5

dceb7cef0902a20df34b96b0830c1993
SHA1

968dccc2e442b1240b8e7e2aa536ac839357c0d1
SHA256

c36aceb6c342f118436ab536688fcb6260561e638f07165a672fadb959c42d21
SHA512

f12b1196ab7eedaa10cf42d26a16812b367f0e50e4a528a7266ef06b5eec68281ba2def71f5f2f0f1cadc28715d331e1d5873257520fa828733bc4201042d21b

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133691096366382555"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2504	chrome.exe
2504	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2504	chrome.exe
Token: SeCreatePagefilePrivilege	2504	chrome.exe
Token: SeShutdownPrivilege	2504	chrome.exe
Token: SeCreatePagefilePrivilege	2504	chrome.exe
Token: SeShutdownPrivilege	2504	chrome.exe
Token: SeCreatePagefilePrivilege	2504	chrome.exe
Token: SeShutdownPrivilege	2504	chrome.exe
Token: SeCreatePagefilePrivilege	2504	chrome.exe
Token: SeShutdownPrivilege	2504	chrome.exe
Token: SeCreatePagefilePrivilege	2504	chrome.exe
Token: SeShutdownPrivilege	2504	chrome.exe
Token: SeCreatePagefilePrivilege	2504	chrome.exe
Token: SeShutdownPrivilege	2504	chrome.exe
Token: SeCreatePagefilePrivilege	2504	chrome.exe
Token: SeShutdownPrivilege	2504	chrome.exe
Token: SeCreatePagefilePrivilege	2504	chrome.exe
Token: SeShutdownPrivilege	2504	chrome.exe
Token: SeCreatePagefilePrivilege	2504	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe
2504	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 5064	2504	chrome.exe	100
PID 2504 wrote to memory of 5064	2504	chrome.exe	100
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 4260	2504	chrome.exe	102
PID 2504 wrote to memory of 1632	2504	chrome.exe	103
PID 2504 wrote to memory of 1632	2504	chrome.exe	103
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104
PID 2504 wrote to memory of 3656	2504	chrome.exe	104

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\20240821_ArchivosII.zip
1⤵
PID:3140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffad4a9cc40,0x7ffad4a9cc4c,0x7ffad4a9cc58
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,8197804009375682313,772711245801842560,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2208,i,8197804009375682313,772711245801842560,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2316,i,8197804009375682313,772711245801842560,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2332 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,8197804009375682313,772711245801842560,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3324,i,8197804009375682313,772711245801842560,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4628,i,8197804009375682313,772711245801842560,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4488,i,8197804009375682313,772711245801842560,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4848,i,8197804009375682313,772711245801842560,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:3828

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4336

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4484

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
44d59e8bfc31d43778c79cc060f6de91

SHA1
16a1c53f2973528d2a1c34ffc1f6a797b9c3b004

SHA256
f166629494500f66055086091a5a2a92dbabbc26b3e9d5381e602d57d285b260

SHA512
04de88005513919dc998d8c655cc3890ab325f8f7cd2a41810b905ac39598d34d8170446f74921ca7b11de2b007fb1f81631c9979a937d6ecb099dc2ac3bbc82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
82d4fe311a51a3081a8609f2ebd32896

SHA1
7bffaa7e7f49e38b881837a88a9c5bc927172231

SHA256
a1b38e1632bc3879566451fc870097e5c4e253417a12ed999b0a9f6bcb3c9a7a

SHA512
fb07217d3c9e26489b6935a067e10fa90c8df17c8ccedaacb1ce84358e552df1d0786aa0b62c089d3cb7969da135ffe944c31a3ed451d09e49e0e465c3755f78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
bd6f6280bcdb308d0c1c5984aa4e170b

SHA1
907a4ae6b311ba41724e28d911f8a5eb5f48a2c9

SHA256
4268e3a3a947dd071dc6fcb61892fca6518a578b0dbd941f584d65f4ec09fe0b

SHA512
6da253df7c5503450f69276228e50f8256b872f8c8e6e92afcde6a0b5863215ab5dc7efb2aaf27f0e922a576b415801029e24caff17cf596057700c6b338acdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
410c0dce8fc48b4c0f44cb5f545c185f

SHA1
e001dbe3c580977bdf6ed620cc4eca6adf47cc38

SHA256
02f034c08215f490ea15e7f7656f814e464bf55b797d9fca2541682219b74703

SHA512
1020bd97e862c5d1a0f9bff1be24f2a3b6be772bf1ce35fe3a785e2fdf732efc6f8062804fc4cb8b725e6cd74eb322f0611d28a10068a7cde1e2b9886b211857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f7a6d43e056ff28904ae6203462a03e4

SHA1
bfd14c5536488f5537457c4f8d335f3d8787b3ab

SHA256
4205c744352fdb183fd19cd3f2869e30694817cb123cf36de9bcc743291f3677

SHA512
9b531e6bbf56487709c7128e9c7e09c149ec123f0ce07fc6fea30bbe42aac93c418ad724f40c33f1d24f0427fe2eca8c513a23f6dbf9dce68c9f07fc6a5b4b63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
198KB

MD5
2c5e2d9c5ce3652cc13b12999e667de1

SHA1
30abac79a93d3b5c6504ba882944f9d170c76a12

SHA256
7f371d1b6e76f5f256c904184f6eb0aaaeeae633becec8f819522958f9a61c1b

SHA512
94b0b60a283ea70c44dfe2211a74b55e93a5ab14f58c9520247ed10afe1a63d5de7d44c8c430a94a37cf39ff21d5f783710ef9fbeb54dfc7086aab6a029fe606

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit