hxxps://lessons-3dvisual[.]ru/3dlsyt

Analysis

max time kernel
32s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2023, 08:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://lessons-3dvisual.ru/3dlsyt

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133374260738740584"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of AdjustPrivilegeToken 62 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3448 wrote to memory of 4696	3448	chrome.exe	74
PID 3448 wrote to memory of 4696	3448	chrome.exe	74
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 1940	3448	chrome.exe	84
PID 3448 wrote to memory of 4784	3448	chrome.exe	85
PID 3448 wrote to memory of 4784	3448	chrome.exe	85
PID 3448 wrote to memory of 2852	3448	chrome.exe	87
PID 3448 wrote to memory of 2852	3448	chrome.exe	87
PID 3448 wrote to memory of 2852	3448	chrome.exe	87
PID 3448 wrote to memory of 2852	3448	chrome.exe	87
PID 3448 wrote to memory of 2852	3448	chrome.exe	87
PID 3448 wrote to memory of 2852	3448	chrome.exe	87
PID 3448 wrote to memory of 2852	3448	chrome.exe	87
PID 3448 wrote to memory of 2852	3448	chrome.exe	87
PID 3448 wrote to memory of 2852	3448	chrome.exe	87
PID 3448 wrote to memory of 2852	3448	chrome.exe	87
PID 3448 wrote to memory of 2852	3448	chrome.exe	87
PID 3448 wrote to memory of 2852	3448	chrome.exe	87
PID 3448 wrote to memory of 2852	3448	chrome.exe	87
PID 3448 wrote to memory of 2852	3448	chrome.exe	87
PID 3448 wrote to memory of 2852	3448	chrome.exe	87
PID 3448 wrote to memory of 2852	3448	chrome.exe	87
PID 3448 wrote to memory of 2852	3448	chrome.exe	87
PID 3448 wrote to memory of 2852	3448	chrome.exe	87
PID 3448 wrote to memory of 2852	3448	chrome.exe	87
PID 3448 wrote to memory of 2852	3448	chrome.exe	87
PID 3448 wrote to memory of 2852	3448	chrome.exe	87
PID 3448 wrote to memory of 2852	3448	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://lessons-3dvisual.ru/3dlsyt
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf48d9758,0x7ffaf48d9768,0x7ffaf48d9778
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1860,i,10181669944603826038,8506217453081437894,131072 /prefetch:2
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1860,i,10181669944603826038,8506217453081437894,131072 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1860,i,10181669944603826038,8506217453081437894,131072 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1860,i,10181669944603826038,8506217453081437894,131072 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1860,i,10181669944603826038,8506217453081437894,131072 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4976 --field-trial-handle=1860,i,10181669944603826038,8506217453081437894,131072 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 --field-trial-handle=1860,i,10181669944603826038,8506217453081437894,131072 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 --field-trial-handle=1860,i,10181669944603826038,8506217453081437894,131072 /prefetch:8
  2⤵
  PID:996

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
135KB

MD5
3353ab70b849bfa87c25907192d30f9e

SHA1
8a67965d3cc841bd079a8647ee4df8872dc63871

SHA256
00ef0181bcd2c70c0c48d5e3e15f31909085b7e04d5e990155b14fce6c673256

SHA512
fc75ad7f4dcabaa4784f40c4a7a13f005aabf71995fd9f226cf0f9b26a60add61c5772103d80fafa5710db22223d954e1136f26f918322eb6c2242c682b4aad9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
65630b9af1e3c91575dd9e991b5975b7

SHA1
d45bf45893ba64afa2abee6f081ed2431cbb8528

SHA256
929cc6cd7ca6d0039d58b973ee0c54f589f399b6af14f98ea5c1829395a4d1a3

SHA512
047720996c94ed50b2a12ac7f780cf4d8a4c6fa2f5da35d059d37cd9794dd977b1dcfae2d18d1748f3007772e4117d4f2acc25bb909986af312bf09ac5e1cb5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
875B

MD5
1256b1cdac9e98ef881c4754091c61f1

SHA1
e04665d30d5daf2adb43c8d9b622dd1fc6875205

SHA256
b4d9227060eef38f11ccc1e59897590abc74850cc35a0aea1991dbc8b5ce442e

SHA512
5f6c8eaaa2f9662ca09127c75a9e048594c004df40ad1f291d489b5b8ba2d43a30155539ab389279f13667dffa68ce4e47d8a365da5fb7bb29c43db876d70372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3499a5dd550cdfe0650cd3d9a0be90a9

SHA1
8c82866e33030ffa6ac83c87d0cabbe32bca378b

SHA256
56d6e8d8fc61001547886cc97f339247d2bc7e1e163fe3832338d7dae906de5c

SHA512
79a64e0dc48c4d4f23c61c3566d212b372df360cf8f7bc299457adc2a2f3b96f40292000331af112528e9b57c156a01f954b0f4f7dc671b11f94c4c209a7bfed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
b328774740e6b4f1f745e1d4360a094a

SHA1
e326571b375b0fd2316c8b9d8e58d3ac0eb91a49

SHA256
646ea382819a7e29632b9fa9359c3bcaac714755ef2cfbb33668f723b56c085c

SHA512
9e3f29423d9afc4000aa30dd17e5bc490644cdbb16cf45b5a612c874d742f148870dcde494af34c63c30a2cf9dc85fd5526f303c8b997b9d40e35bfd8a185be3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit