hxxps://free3d[.]com/es/modelo-3d/nathan-animated-003-walking-644277[.]html#

Analysis

max time kernel
313s
max time network
320s
platform
windows10-1703_x64
resource
win10-20231215-es
resource tags

arch:x64arch:x86image:win10-20231215-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
14/02/2024, 17:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://free3d.com/es/modelo-3d/nathan-animated-003-walking-644277.html#

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133524039234921541"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4628	chrome.exe
4628	chrome.exe
4652	chrome.exe
4652	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe
Token: SeShutdownPrivilege	4628	chrome.exe
Token: SeCreatePagefilePrivilege	4628	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4628 wrote to memory of 2764	4628	chrome.exe	72
PID 4628 wrote to memory of 2764	4628	chrome.exe	72
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 4204	4628	chrome.exe	75
PID 4628 wrote to memory of 1060	4628	chrome.exe	74
PID 4628 wrote to memory of 1060	4628	chrome.exe	74
PID 4628 wrote to memory of 2700	4628	chrome.exe	76
PID 4628 wrote to memory of 2700	4628	chrome.exe	76
PID 4628 wrote to memory of 2700	4628	chrome.exe	76
PID 4628 wrote to memory of 2700	4628	chrome.exe	76
PID 4628 wrote to memory of 2700	4628	chrome.exe	76
PID 4628 wrote to memory of 2700	4628	chrome.exe	76
PID 4628 wrote to memory of 2700	4628	chrome.exe	76
PID 4628 wrote to memory of 2700	4628	chrome.exe	76
PID 4628 wrote to memory of 2700	4628	chrome.exe	76
PID 4628 wrote to memory of 2700	4628	chrome.exe	76
PID 4628 wrote to memory of 2700	4628	chrome.exe	76
PID 4628 wrote to memory of 2700	4628	chrome.exe	76
PID 4628 wrote to memory of 2700	4628	chrome.exe	76
PID 4628 wrote to memory of 2700	4628	chrome.exe	76
PID 4628 wrote to memory of 2700	4628	chrome.exe	76
PID 4628 wrote to memory of 2700	4628	chrome.exe	76
PID 4628 wrote to memory of 2700	4628	chrome.exe	76
PID 4628 wrote to memory of 2700	4628	chrome.exe	76
PID 4628 wrote to memory of 2700	4628	chrome.exe	76
PID 4628 wrote to memory of 2700	4628	chrome.exe	76
PID 4628 wrote to memory of 2700	4628	chrome.exe	76
PID 4628 wrote to memory of 2700	4628	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://free3d.com/es/modelo-3d/nathan-animated-003-walking-644277.html#
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xa8,0xdc,0x7ffff2e39758,0x7ffff2e39768,0x7ffff2e39778
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1768 --field-trial-handle=1796,i,14033146272264628805,6338424572558849120,131072 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1796,i,14033146272264628805,6338424572558849120,131072 /prefetch:2
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2044 --field-trial-handle=1796,i,14033146272264628805,6338424572558849120,131072 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1796,i,14033146272264628805,6338424572558849120,131072 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1796,i,14033146272264628805,6338424572558849120,131072 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4872 --field-trial-handle=1796,i,14033146272264628805,6338424572558849120,131072 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1796,i,14033146272264628805,6338424572558849120,131072 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1796,i,14033146272264628805,6338424572558849120,131072 /prefetch:8
  2⤵
  PID:364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1796,i,14033146272264628805,6338424572558849120,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4652

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
2ab72cfa47ee111ec8bf35f8492f7521

SHA1
d2c235225e58fb86342f3963e973fe757d2853b1

SHA256
ee7f96f81d8801f7ee24c94ea0061aeecc118bb6a5b25c3a41307a226627b221

SHA512
f55f8eb0bb0807eb0e44f4893fdbf3ea981b6e80f9dc43dbf1692335625e81179eaea6d60d6eb959512434ff68a4e159d9ccca6f0a3b23f4f159147b8663d986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e3f5d586f9165e82bad063dc97371d38

SHA1
6a4bde5e1a8ab51c7b08c2125d45333490c39f27

SHA256
0a64d24460267e5e9cdcded424125c2d390b0a0404b765ce01add72866f13b40

SHA512
db59ce5eb38714ea40331e978cf1fa3caf63f5a7de7e583130c3a8a499e7c7e6cf6767527406030a7f0183c129ea15b205b301120b2cac002bcb90e3e3d05377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0d24605eba02a4b208335c9e672f4b64

SHA1
6b83ddb63d0f7a600d6d6523c954541f8b0c3521

SHA256
473b7330321114b91b53de7897cc0e5a9c91d411315b876a0fcd9ebb86909b90

SHA512
e033571fbfecf1d85a11708c892cb862bd86c581272b884ce1e1e43e57e3702dfcd1a5ff0f784afccbeca95022df5781d1c7d23e156f6b5766334594bc1fc9da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d3007de4980031f621d498b89429a9b0

SHA1
3c4c2ee2a169a5055ea7ac33fe36a2f1e63b8e4d

SHA256
84552d3d632f713d0f0cb2251f200997b75f78901273c8ebc191182dbe1b38a2

SHA512
df9b47fefafee4c3f15b0aeab9853161ddd223bc9c18130a0fba52f0a52c856d332e581794717baa81eb498cbd1ca3da13b63883467ff4b02d8576bcf2fa9048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a7cdd74fe480ade34a23b1389b923cff

SHA1
843a60f2fd3ad7d7c3a55484bb9bc3fbfc159d86

SHA256
942ba62dd66a1f20e3dec9208c7d52d4f20f02baf2dd1278ab67a7eb6c4ca077

SHA512
bc32054d15dddccd7a2732ec6f79b837a86ff88c9c4d19d6ec8a49712ea3e986b8d4a2831963b7ab300fa24a58fbbfd397f7d05133e7dd3b464f3156a99cc065

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f7a8fd679071cdea9681b0584a9132a8

SHA1
e20dfeef7bde1d0d6e46805c32083af47036b49b

SHA256
78d4ffb9abd6440e310f7d8b4d9f370cce8d85feed508fe5cca5ac03f1d1f0ce

SHA512
018aa5d6b2a080b0293b6bce92d4a7994c2683f141452888ec98e4a6fe6afc557a9be0f3381f213991506995b46e4ff70cc593384a8f067cb9cbcb68918507ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
532f02a304843766908d83d846d426f9

SHA1
9efee140d48dbea5ea5b6a72dc225b51b85dc23d

SHA256
d459a7a8a3cd7b566884ec944c6115e8da178d11f67de483ba4d4ef553fa0351

SHA512
dba107443f0d8221767484acd6508960e2c802c1b28298a60ae582d3cc7b7eead5a313864d211b5a919af8f9c0110beeb156557b1192531c26e8547088566851

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
77ef9b7d33c2c4ac07b9d3a8107863da

SHA1
63a25f25f25fe90d12d66a38eeedebd3d4e4fd37

SHA256
840b5d04fba46d813fb6b62ffd1a1a0abbd1e6da0099f59e0609280ef06a5ed8

SHA512
1e4c71458c299b7f40e7cc29e68a9034264331f1eba0a594b52b27f839c5860f6338c23a21c0ff0f92bd998b1e70169e7578cdb4ec0dbc110e4bd0d207c80de8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit