Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
28-11-2024 17:38
General
-
Target
descarga (1)
-
Size
5B
-
MD5
4842e206e4cfff2954901467ad54169e
-
SHA1
80c9820ff2efe8aa3d361df7011ae6eee35ec4f0
-
SHA256
2acab1228e8935d5dfdd1756b8a19698b6c8b786c90f87993ce9799a67a96e4e
-
SHA512
ff537b1808fcb03cfb52f768fbd7e7bd66baf6a8558ee5b8f2a02f629e021aa88a1df7a8750bae1f04f3b9d86da56f0bdcba2fdbc81d366da6c97eb76ecb6cba
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 21 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 4 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 48 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\descarga (1)"1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd411bcc40,0x7ffd411bcc4c,0x7ffd411bcc582⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,166198702805361685,11527266897778293938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1912 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1960,i,166198702805361685,11527266897778293938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2004 /prefetch:32⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,166198702805361685,11527266897778293938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2488 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,166198702805361685,11527266897778293938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3308,i,166198702805361685,11527266897778293938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4640,i,166198702805361685,11527266897778293938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4084 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,166198702805361685,11527266897778293938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5000,i,166198702805361685,11527266897778293938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4796,i,166198702805361685,11527266897778293938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4732,i,166198702805361685,11527266897778293938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5124,i,166198702805361685,11527266897778293938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3980 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=240,i,166198702805361685,11527266897778293938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd411bcc40,0x7ffd411bcc4c,0x7ffd411bcc582⤵
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Microsoft Office\root\Office16\Winword.exe"C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Downloads\download"2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\download2⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:17410 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:209940 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:341002 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
-
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\download2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40B
MD50cbe49c501b96422e1f72227d7f5c947
SHA14b0be378d516669ef2b5028a0b867e23f5641808
SHA256750530732cba446649e872839c11e7b2a44e9fb5e053fc3b444678a5a8b262ac
SHA512984ea25c89baf0eb1d9f905841bda39813a94e2d1923dfb42d7165f15c589bd7ff864040ec8f3f682f3c57702498efff15a499f7dc077dd722d84b47cf895931
-
Filesize
649B
MD5cf7dc73c67d922f76c9c1fb2655347e4
SHA1be009f3f410399bcbdf38ec1de262024217b46fb
SHA256b3f0005972db6d69b67884e2e46a7f88eff2aad0261796d4193a37dc09ae0a2d
SHA512610d1bcb9ca60709a45d6675acbc4b392572114cb753f8ee6a0794c24e2ee970e6ef8beddfd673647bb619852b18a6154e35d22f4bf4331ec97b27aeb5a0ed17
-
Filesize
1KB
MD5833e49f166c9d556e980385df62e231c
SHA1783503797a4a0596db99a62013b6395cc6e6a152
SHA2560734132d37276034492c34c9dac215e691bb606a5a600db552cb8f1399685e3f
SHA512e6dbe79b40d77051ef1874732240fe57ab1fcbad83ec87236ae391d7d274254553ec3e579ebf3b185270f33c2cb9002402a6fe336a60c3f500c8c399b0688bf0
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD533a6d1106d24fa77dea27ce8f2fa543d
SHA10c94a634ef0ccfe7670231bf17085026dbb57685
SHA2563077543772c3a641b99b86c25dcc1937ca315e71c10f71a10f6e9ae6685e58a4
SHA512f507d9997558348190937781ebb1e3393221ea9a97f1b3873b29ec474db47f62dc8e75eb68d272e69c37c50ef623c684963f2b4508eb31d49bd7f0ba23d5fa31
-
Filesize
9KB
MD57a51da3d422447dd3916425abcc8581d
SHA1fb63691d327a5edc4226ca4b61f24f25aab4f5e8
SHA256a7f16195bd30d2af9c7df426f49d196f3f3deff003d7dde2413b71d439896f88
SHA512b7fed04cf147f8dbb034444e328b9cb7a3de218131406a64129dcadcc9062c31d0b6d9c578bd893b3b2ab7d582e98cc543b1d985b80ba6dfba3870b19e9058cd
-
Filesize
9KB
MD55e5045f317f1444b7d2ad05b8c286615
SHA145ce81a330e818faab5b1db41f5831f8bfdde2ea
SHA256596245d124c8e3e85646ee52ffed3a44b939f5208ea994b711f168a030010a74
SHA5128efd1b5461822ae9979b5f2ea59e4f6169b3016884950b298d1d6edb0f04b4b0fbda9d9360ba2f93b2ee70e4a323ed866776d2e50ae139fe94a437ee1f7a8336
-
Filesize
9KB
MD523cb83713b8b4de5f765240792f99096
SHA1a49396e196e7fd5c9e4435c4ed6a43df2c365bce
SHA256b95553e74eecf26e2583a9e279dead5c158dfbc859675b5c429b8bcef701ece2
SHA512b71c28299987e6af9f474333f4bc4c7c79a2440cd4496686eb354f0db4dccc62a7b4034940a6ea04f31ecc2d6c026ac621780d70b0a1eed0f8aee127b6f1ec21
-
Filesize
9KB
MD5000a6d72a65a5f46d427b9b2c9ad179b
SHA1ad123397e225d3af68162cfed6a67fab8c563daa
SHA256c1331e159787a8caf8d67f81f10c64a75400487ca6248c866807656fecef2311
SHA5124155c8c69eb281f2eff50e62991922cd7a3240275b3941cd4a080415133c43762b4197b6aad8d639c037b1a966d0f7f3c481e63b68c54eabc2c19dd4453a3441
-
Filesize
9KB
MD529b3495b9654ca974fb510788fa856d2
SHA1d1a1f886a37944f809d99626e86f3da6caaa7fec
SHA256334c09d06e353f819d4f453732c74a8c21f3128fa2ec8b31ed1f6a2296bd5e4b
SHA512f21b82293e2849adde3907f9b0cb5111eee1fa411b587aa44115eb6ac88004de2c433b7dcb572122ee0e4168156179ea0711bb4247cc1be6f57e94d4ba6f8faa
-
Filesize
9KB
MD588a3f74321436d01182bd67c1cb2a540
SHA18852e35d3fbc585f96d4c0298b4fb27faeddba19
SHA256de263ec7e877e5db6d6315f4cd87b4ac4fb6c2587af53dc1c95777aeed00ce48
SHA51284b6970daf38418624123c92bdd1de4cb227ac94d34ac465309b2fd48fd767a7bfbf511e789d315bf02b67a9dd9d99420974b54415d5243e1f50bb2e4b31d960
-
Filesize
9KB
MD5cd57cfb71d376e69151a70d04110477d
SHA1ebec9bdb6e151ecb0cfa82c928189bc55156a9ee
SHA256e78d9764aaf1d9736b03f64371d3a4800b34c628e2532375e1650c20a53f047c
SHA512d8fa3ac8ade9618a977bac87968ec7bad3cb012faa2d7655bcf3e89e9d8aa0b63c38a747cf95633657645e1580427beb7e50e38b6e35640c6885a1041b36cb05
-
Filesize
15KB
MD53ae2e8064d8dbaa13ae1810ec953e2d4
SHA1501dcc456e7e42d29d907617687fd7ee1b2dcfcd
SHA25660b8015a162181f8ae0031aaada3fd2e9c4985f77cec9989a57dcfa6269249c2
SHA512ac1cd01cbf35c7a71ced180bd914330ce82b4cb37150bd2246dcf26ea0901e9ab6eb744f334b4d19e16fa4aadced327ce6a7aa75d58c0036c08826dee3eb3761
-
Filesize
234KB
MD5432897b82581145996ea78c16df9b0d0
SHA16cbc9791d9a5de79cb6766aeec2a8b39c5728b22
SHA256045b06f3c453fe55632bc2429de850b00e3c0a37693f9ca86718ba3cf54addf9
SHA512cd415a1d39f375de4c216281872b8ee93f890a4ca3b8e99ac166c28ec8fe12799fbb6fa9f1d59775f4857d575d5a17354dd5bc73e11a43065a3f0811f12634fe
-
Filesize
234KB
MD5160468f8206007a42f1efbcbe0ab5001
SHA1994fd094896721d6efd81ccce37b384372659a93
SHA256ffc310a59ee0624ecf1e32ec1867120ae3b8f73701b39a09679b1df69b262da4
SHA512b1f0cfcc3422a001bae18f4131183b1014634ecb90b761296b1c02ccb129188b170ba87b8f16b87a8b798c0221420a3203914ef3777294ef6fe225f67eff5b66
-
Filesize
262KB
MD551d32ee5bc7ab811041f799652d26e04
SHA1412193006aa3ef19e0a57e16acf86b830993024a
SHA2566230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97
SHA5125fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810
-
Filesize
264B
MD570d1cbbc29a62e505c84db0a5f48b599
SHA1010e9904d0893223efc135a4fe301dc8eb6b0c16
SHA256fba3d12bf76db63800579e44ee4eae826a0c0787c533f5f1737c6c868b80d79e
SHA512e52dd5b2f860531a85be5264cf30de5935ce1fcc78e7271477b7ca605be6839cf35787a22cb0042c6ff31d1d547260483a6b8d7b4d633c1b1cfcf10160483d17
-
Filesize
16B
MD5d29962abc88624befc0135579ae485ec
SHA1e40a6458296ec6a2427bcb280572d023a9862b31
SHA256a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866
SHA5124311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f
-
Filesize
5B
MD54842e206e4cfff2954901467ad54169e
SHA180c9820ff2efe8aa3d361df7011ae6eee35ec4f0
SHA2562acab1228e8935d5dfdd1756b8a19698b6c8b786c90f87993ce9799a67a96e4e
SHA512ff537b1808fcb03cfb52f768fbd7e7bd66baf6a8558ee5b8f2a02f629e021aa88a1df7a8750bae1f04f3b9d86da56f0bdcba2fdbc81d366da6c97eb76ecb6cba
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB