hxxps://232[.]72[.]148[.]132[.]host[.]secureserver[.]net/PROVA/PULCINO[.]pio@gmail[.]com/curriculo_OUTUBRO_2024_lcEs5aOd7ehP7HN_curriculo_0810

Analysis

max time kernel
27s
max time network
9s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-10-2024 12:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://232.72.148.132.host.secureserver.net/PROVA/[email protected]/curriculo_OUTUBRO_2024_lcEs5aOd7ehP7HN_curriculo_0810

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133730383509936646"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1772	chrome.exe
1772	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe

Suspicious use of AdjustPrivilegeToken 54 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 2000	1772	chrome.exe	83
PID 1772 wrote to memory of 2000	1772	chrome.exe	83
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 2276	1772	chrome.exe	85
PID 1772 wrote to memory of 5064	1772	chrome.exe	86
PID 1772 wrote to memory of 5064	1772	chrome.exe	86
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87
PID 1772 wrote to memory of 2092	1772	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://232.72.148.132.host.secureserver.net/PROVA/[email protected]/curriculo_OUTUBRO_2024_lcEs5aOd7ehP7HN_curriculo_0810
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0x9c,0x104,0x7ffd4ff0cc40,0x7ffd4ff0cc4c,0x7ffd4ff0cc58
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,81849509576866101,14739230273571136956,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1720 /prefetch:2
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1872,i,81849509576866101,14739230273571136956,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1940 /prefetch:3
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,81849509576866101,14739230273571136956,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2248 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,81849509576866101,14739230273571136956,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,81849509576866101,14739230273571136956,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4496,i,81849509576866101,14739230273571136956,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3644 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4752,i,81849509576866101,14739230273571136956,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:4116

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2700

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
005f2633828b7998f27fdec2293271a8

SHA1
fae25df71248bcf910f997e673e7f8b6ca15a3a4

SHA256
adeda84cb0962a44d0ad3bfd054da48bd025e4daf58e30ca045c4bf5da00d7ed

SHA512
48d9a344746a2041b5fa5b3d91a6874bb4e1b9aa8feeec3904dc2e8c05786ab5b9e93ce89f4c3a6a99333d2ce9ea759f891ddb7c7f9d502123475b37d6e4098d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
154194261c287434890ad6d1256ce397

SHA1
5616ce0aef654036c3214b9b41d5d5264e8ddc52

SHA256
266e194148f074fd8cc1b16608f689202a49a8b133fa24cfe670d2753600a8b6

SHA512
7e4e3b0ed0c475b50d3584a8dbb9c4ff3538c835d6ce19dfd9d6249402d7a1c868ae8e95972939291050a2fbbce2a989195a1d9768299f8d08896e5fcfe8ea0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8818ce374ad89eda0a6b4ead715d33c0

SHA1
bb2cb6e9437491ba2cda8be44300f212b7f20b1c

SHA256
0db1776d8372e6cd4e99d851d828a429036d92bb6b3c3382c5fedab17c5feda8

SHA512
53efba312f5325ab08943911b2285eecfd1335b01b3dd100c4789826de99ffa901303db592b37e93b2d787db5745d121da6a0981c4832813be8a416ac1d15512

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
e5c29a21ed4a014804578fb15ab6e7e3

SHA1
cff5af79014c0a62b25d47095cbfa68ac14eb465

SHA256
fb0515071452b069011d9ce9c82c800be264372b8852d2bc652affd2d7aba5d0

SHA512
79b5becb1f2a270f58a88c90603cd14043ed2eed72713f6a7740f010644118f3d8902b38b66c123bf215c19b12ade3bccddf5dccd1c46b3ff5527257fef72e46

Download Submit