hxxps://лечимварикоз[.]рф/bitrix/admin/System/?cid=EJ8BPNQ0UOIS75P6J0GR3SMD8ND6

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2023, 07:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://лечимварикоз.рф/bitrix/admin/System/?cid=EJ8BPNQ0UOIS75P6J0GR3SMD8ND6

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133370781572209949"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
2580	chrome.exe
2580	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4184	chrome.exe
4184	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe
Token: SeShutdownPrivilege	4184	chrome.exe
Token: SeCreatePagefilePrivilege	4184	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe
4184	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4184 wrote to memory of 1504	4184	chrome.exe	84
PID 4184 wrote to memory of 1504	4184	chrome.exe	84
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 1136	4184	chrome.exe	86
PID 4184 wrote to memory of 4532	4184	chrome.exe	87
PID 4184 wrote to memory of 4532	4184	chrome.exe	87
PID 4184 wrote to memory of 1408	4184	chrome.exe	88
PID 4184 wrote to memory of 1408	4184	chrome.exe	88
PID 4184 wrote to memory of 1408	4184	chrome.exe	88
PID 4184 wrote to memory of 1408	4184	chrome.exe	88
PID 4184 wrote to memory of 1408	4184	chrome.exe	88
PID 4184 wrote to memory of 1408	4184	chrome.exe	88
PID 4184 wrote to memory of 1408	4184	chrome.exe	88
PID 4184 wrote to memory of 1408	4184	chrome.exe	88
PID 4184 wrote to memory of 1408	4184	chrome.exe	88
PID 4184 wrote to memory of 1408	4184	chrome.exe	88
PID 4184 wrote to memory of 1408	4184	chrome.exe	88
PID 4184 wrote to memory of 1408	4184	chrome.exe	88
PID 4184 wrote to memory of 1408	4184	chrome.exe	88
PID 4184 wrote to memory of 1408	4184	chrome.exe	88
PID 4184 wrote to memory of 1408	4184	chrome.exe	88
PID 4184 wrote to memory of 1408	4184	chrome.exe	88
PID 4184 wrote to memory of 1408	4184	chrome.exe	88
PID 4184 wrote to memory of 1408	4184	chrome.exe	88
PID 4184 wrote to memory of 1408	4184	chrome.exe	88
PID 4184 wrote to memory of 1408	4184	chrome.exe	88
PID 4184 wrote to memory of 1408	4184	chrome.exe	88
PID 4184 wrote to memory of 1408	4184	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://лечимварикоз.рф/bitrix/admin/System/?cid=EJ8BPNQ0UOIS75P6J0GR3SMD8ND6
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ffa3d529758,0x7ffa3d529768,0x7ffa3d529778
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1924,i,4245348961993346615,8778375598017946373,131072 /prefetch:2
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1924,i,4245348961993346615,8778375598017946373,131072 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1924,i,4245348961993346615,8778375598017946373,131072 /prefetch:8
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1924,i,4245348961993346615,8778375598017946373,131072 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1924,i,4245348961993346615,8778375598017946373,131072 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1924,i,4245348961993346615,8778375598017946373,131072 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1924,i,4245348961993346615,8778375598017946373,131072 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 --field-trial-handle=1924,i,4245348961993346615,8778375598017946373,131072 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1924,i,4245348961993346615,8778375598017946373,131072 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3992 --field-trial-handle=1924,i,4245348961993346615,8778375598017946373,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2580

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
33a016bc5b569c015c97f8e5a041609d

SHA1
30a31a7138b1ac6e3c983ffceb4abcb0bd8bc845

SHA256
6a3a5c0a382898199a7b544fbda56cfa7a9a124d58152664f57711b565b8dfa4

SHA512
d13177d86f8ee2a0ce43b30e5ce997c18b4c16313579b64942737288f672fafe5848720cec66c4e133f6cd95f16844862cb5f7a6c3ab4d9fd9399998d875e013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
409cf7418042326af1b0e5ef017ca191

SHA1
93013c324d8f6f923021b893223b1667ec715f86

SHA256
c912042a5d0cc8a111878f42b7c03a89cc1c9a67e875fcdf9327826347a8941b

SHA512
d1d51eee2ba8dc6d940880df7fe757de1b62a9d871c160d41f1c1002caf957a9e13ea5f9dee787869f4b61e4eb550aa3ad9a4bd25918ae82f65cfdae27945fc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5b213927688a98fb628f8237c601e24b

SHA1
cffa504dce9f597d2cf162f05591b1eacf296e40

SHA256
f937425870f953043930eb723d9adc47c4884165367427e15866bb7b90bd3ba7

SHA512
3af6ef1a88d7b35185772ed6352b11971b34233d888a075e51cd32f705b7eb224d730e2fc5e532f6bfcdc6911584a45effd50308faa2309fdff4b67ac36620f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
3570cfef0bfc0c842e9261c80dbdd689

SHA1
efbfb68b760aa65a597e38a3dd595880ade4864a

SHA256
ffed3b087e74d2ca750c5de0a5cc43a70e51fbc8cfb7a9fb3d0b56e50a1a295f

SHA512
34b50b0f08c651371497c5e323abd3d96dc24e52652661cf7edeff92a6d06602e60adcc987fa450371a8fadc2354532c4a640d67aa2c781822ed2c62e0808757

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
5e04a63f483f4e7fde9240668e3ba3c7

SHA1
2e57ef48a848d3d255c8a2881a7df1c66251e0e3

SHA256
bb1129af2cbf5ce47345d180a69744ad762fbe7f9e7fd98b6adc07df7df1f42a

SHA512
0f9fa755215fe4523485a0fbe4c53a7acacb4be6580c26d6e0e77156c58b96af527ba9acd3b7fc6c8fdd06967db79c2e103366417a74ca91a051c8ce28f01a98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
4454773271328e990f844026c820faaa

SHA1
9da8847a4d4010f22db0e28c175f50210b4a7b39

SHA256
78885da59644b6328409d1538a80a9ee7b1fcbf74d023306e56b77d5ee601d08

SHA512
4cc9e221fafcee599749a05df12c534cd1d82bd4966724793996d0b264036ab57d712dce05253e99fecc44d09cde3ba07b002536f57b7a9b76ce34ad6301380e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
108KB

MD5
fccb9d0363f2106592bd7a2bfd54b95b

SHA1
46405dc1a3e5c392a95928ee088482b29c9324d8

SHA256
6fa7bdaf2b69f85ab4c801585ff4cb97330311a81e96130ec53b625720a3f068

SHA512
bcd33602f62ccf6df03cdbd2b992eaa24b73c8d5f434f26106758eaecaf21beafac57d45b8fc559c00223d7faea82cf31f25b9ece4d85e325394c8705991aeb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit