hxxps://chaus[.]com[.]br/arquivos/portifolio-chaus-consultoria/?tmstv=1723052330

Analysis

max time kernel
30s
max time network
31s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 19:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://chaus.com.br/arquivos/portifolio-chaus-consultoria/?tmstv=1723052330

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133717645494437181"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4500	chrome.exe
4500	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4500 wrote to memory of 2936	4500	chrome.exe	82
PID 4500 wrote to memory of 2936	4500	chrome.exe	82
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1232	4500	chrome.exe	83
PID 4500 wrote to memory of 1920	4500	chrome.exe	84
PID 4500 wrote to memory of 1920	4500	chrome.exe	84
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85
PID 4500 wrote to memory of 1140	4500	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://chaus.com.br/arquivos/portifolio-chaus-consultoria/?tmstv=1723052330
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb70f6cc40,0x7ffb70f6cc4c,0x7ffb70f6cc58
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1964,i,13150158797430876000,8543923292483468024,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1864,i,13150158797430876000,8543923292483468024,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1708 /prefetch:3
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,13150158797430876000,8543923292483468024,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2272 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,13150158797430876000,8543923292483468024,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,13150158797430876000,8543923292483468024,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4360,i,13150158797430876000,8543923292483468024,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4352 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4672,i,13150158797430876000,8543923292483468024,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5112,i,13150158797430876000,8543923292483468024,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:2884

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:928

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a4 0x3dc
1⤵
PID:4576

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
730e8ffc2f5b59c08017760a42e7e97c

SHA1
655dd3833c9734fe7ec25035392b3e0c054484b9

SHA256
9b9ec76b83875e17c84c52cd09ae3ec277f96aa551f4538a5f12bd8a81303587

SHA512
0a04ea719523293da8f19257e80d1496bf19f83b8ac217ed6c2a7d68d43c92f6b94793f7b0a52f21b51356d0cbc237168d49e62e83449b339b6d2707faa4f2eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c059c78b7e5044e30760199fab3f05e1

SHA1
2c8990cf161a8d40c8082e097c7113b9ccdb5af3

SHA256
08695a9196d4db16eca735cd1a2a18c8b50354824741f500508d0575900b6839

SHA512
030d230b1078fb7bf475668ed9b4fb271a3f0e59503bc0cc3a8470dd453efd2dc802d13780cfe063d3b74a209ea2ce1c6e53b6e8a01f4833298c7e45d85a707a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e06e4065f86c2a17a1741ca537b67373

SHA1
e475a7709ccf71389761173c61975336e76e8487

SHA256
df13cdc44b152a8ed77f051b51b45a60ff69ed11d330baf86a18133cab187d73

SHA512
6649254005cfa49733101dcdc1a2cdc6947c13d1f94f0007592cd32b3e38844b5670258d40aac1bb5398e144ceb9ad33e0142b12b39613f886b02a6b908a8c3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3f513626257f1a85c3b5c61da5c87b2b

SHA1
9ec4faeae9d19fc3ea304c09b9864d1405d4aa36

SHA256
739d6ea8d8d6afb10446eefc051768973652702bf356fcf623cc0f6184be24a0

SHA512
dce0735f8d37fa8fe58b1d9615d2d6c5484d489684a4cc5085ffcc1d08d70f29278b66458308f4bb0e1a3d1b9e526e537815b42234adc5ac36f5cb2a0ca6724e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt

Filesize
105B

MD5
8bc6751e03fdb67aec019fc7618b58c3

SHA1
0be8342b5db0545b4f0536fa767dc4c37ca63fd8

SHA256
04e966701bb2ee21ca285adb30e0bc27d3b8bd641bc492059023f7fb0f3fd704

SHA512
e72ae9d882e8f7c49819091aeaecc3f36155f5d1ffe349fed2a93f283c2cca6c9ffaa10f37ae0f157a9576cb5bcb5632c5dcbcd26388affa9d3ef22e15039be8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt~RFe580d78.TMP

Filesize
112B

MD5
a8d6d0d34e40b02729e6cbed4c51c747

SHA1
e82c209a0cef3c140be740d8d0ef11a093f9450a

SHA256
1269e8bc0bcf45e1a112791d0259fa95077baddc8dba1eda771a40586c3d36a8

SHA512
691eba18e6c5f75115164be82ac0722916049f7a017c52e5f17e201556dd331b90f632e68c040f7dff527c752b7f1fc187be199f76ebc7111c400a1bd901edf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
df4aa2ebd2bb35824cf5206657c66e8c

SHA1
6572317752324ece07ac49f26e408c7ebbfd30bc

SHA256
db4d5697e67cd6a8278d50d62a1b9568e65fb492e41b3a1cad473d1491580b6e

SHA512
9ca05fcd91bf2dc22110799eb25d56cbd691a3c9b99d802508a2a143adaf2b477cf36f110c1967d692708308b9152b2b578c1bc0b11ec8d660dc0abaf2aafb72

Download Submit