hxxp://vist-v[.]ru

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
08-08-2023 08:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://vist-v.ru

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133359578891926047"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
400	chrome.exe
400	chrome.exe
764	chrome.exe
764	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 400 wrote to memory of 1500	400	chrome.exe	82
PID 400 wrote to memory of 1500	400	chrome.exe	82
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 4592	400	chrome.exe	84
PID 400 wrote to memory of 1860	400	chrome.exe	85
PID 400 wrote to memory of 1860	400	chrome.exe	85
PID 400 wrote to memory of 1028	400	chrome.exe	86
PID 400 wrote to memory of 1028	400	chrome.exe	86
PID 400 wrote to memory of 1028	400	chrome.exe	86
PID 400 wrote to memory of 1028	400	chrome.exe	86
PID 400 wrote to memory of 1028	400	chrome.exe	86
PID 400 wrote to memory of 1028	400	chrome.exe	86
PID 400 wrote to memory of 1028	400	chrome.exe	86
PID 400 wrote to memory of 1028	400	chrome.exe	86
PID 400 wrote to memory of 1028	400	chrome.exe	86
PID 400 wrote to memory of 1028	400	chrome.exe	86
PID 400 wrote to memory of 1028	400	chrome.exe	86
PID 400 wrote to memory of 1028	400	chrome.exe	86
PID 400 wrote to memory of 1028	400	chrome.exe	86
PID 400 wrote to memory of 1028	400	chrome.exe	86
PID 400 wrote to memory of 1028	400	chrome.exe	86
PID 400 wrote to memory of 1028	400	chrome.exe	86
PID 400 wrote to memory of 1028	400	chrome.exe	86
PID 400 wrote to memory of 1028	400	chrome.exe	86
PID 400 wrote to memory of 1028	400	chrome.exe	86
PID 400 wrote to memory of 1028	400	chrome.exe	86
PID 400 wrote to memory of 1028	400	chrome.exe	86
PID 400 wrote to memory of 1028	400	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://vist-v.ru
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93ca79758,0x7ff93ca79768,0x7ff93ca79778
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1904,i,14035479063833136213,11340941303053598401,131072 /prefetch:2
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1904,i,14035479063833136213,11340941303053598401,131072 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1904,i,14035479063833136213,11340941303053598401,131072 /prefetch:8
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1904,i,14035479063833136213,11340941303053598401,131072 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1904,i,14035479063833136213,11340941303053598401,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4792 --field-trial-handle=1904,i,14035479063833136213,11340941303053598401,131072 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3724 --field-trial-handle=1904,i,14035479063833136213,11340941303053598401,131072 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3096 --field-trial-handle=1904,i,14035479063833136213,11340941303053598401,131072 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1904,i,14035479063833136213,11340941303053598401,131072 /prefetch:8
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2924 --field-trial-handle=1904,i,14035479063833136213,11340941303053598401,131072 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5612 --field-trial-handle=1904,i,14035479063833136213,11340941303053598401,131072 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4756 --field-trial-handle=1904,i,14035479063833136213,11340941303053598401,131072 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4676 --field-trial-handle=1904,i,14035479063833136213,11340941303053598401,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:764

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
824B

MD5
d0c41ea30d41633af0c026acf70bbaa8

SHA1
3e090539f0c8b1ffcbe7e2a42279edc68e56820b

SHA256
5cfbb92539fd53b7b0fb486537d63171cf245987b079ec6c341abe523d7920a9

SHA512
0602de9e331dc17bb6e7dcdc67a547a65417d566237cdab4886618c0d8e9ece9849a0ac3cf0288b8e943de3f83fe18e1a7135ca406588fca8151f8b5c11b2132

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2814f6f50d93afaa2a5d2fa136d30121

SHA1
f3b1f7798e765334dece29e10b9b18ea9c34ecf1

SHA256
11711d816d9b756d9cd6fa53b72224fec518fcc2d1f07e5650120bba9bc20376

SHA512
8360e0b2988f5bc44ed77f3cbf02846dcb85f457e4a238db578e581c37843015c70ded09411f0851a7d4c96c97405023b0f684370b6e695b7dcd5c901a0baadb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1ff88982ef07497c7226b31c71a5db36

SHA1
a9445e9b725fbf9a1630c8bd7c2e43c4b51c331f

SHA256
cde53d3824a72cf823056501cca8729c8eb94169cbe16a365693cacc16e88f82

SHA512
f5bb59cc5c8fd7376b1833f6ac26868fa43d2457dca961a6dda5d921484e55144d4b219d7ab57db6793445742dada676b15f21ece6d92e211454b85e802ca930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
66953f29003025bcd77be189d08bd17a

SHA1
e8f0c92cb4562fe2cdc1b06271f4c9f207ea489c

SHA256
adaf09b6415114aed148ca2f562dac122d15a3af1cfad981c59506bb2ddbe6b6

SHA512
3bf250f4aeb5f900af51f58fa17a8071b923de17cd216d8a8649426873701a5649744413dc09caa77f2d95155ebc0cb3272a037459c80b715ccd7549f265bdaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit