Analysis
-
max time kernel
283s -
max time network
274s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
05/04/2024, 22:02
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.nexus-creative-solutions.com/login/?xcstoken=RDJHWFlpVkR5UTFhQWZ3ZVI4T0M3dHVtK29VejVoRjlpSVF3ZFRIdEJlUkRiTlVvRXErUU1aZjhYUE1naDFjeQ==&[email protected]
Resource
win10v2004-20231215-en
General
-
Target
https://www.nexus-creative-solutions.com/login/?xcstoken=RDJHWFlpVkR5UTFhQWZ3ZVI4T0M3dHVtK29VejVoRjlpSVF3ZFRIdEJlUkRiTlVvRXErUU1aZjhYUE1naDFjeQ==&[email protected]
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133568282139991950" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 976 chrome.exe 976 chrome.exe 620 chrome.exe 620 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 976 chrome.exe 976 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe Token: SeShutdownPrivilege 976 chrome.exe Token: SeCreatePagefilePrivilege 976 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe 976 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 976 wrote to memory of 3624 976 chrome.exe 85 PID 976 wrote to memory of 3624 976 chrome.exe 85 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 3928 976 chrome.exe 87 PID 976 wrote to memory of 1616 976 chrome.exe 88 PID 976 wrote to memory of 1616 976 chrome.exe 88 PID 976 wrote to memory of 2356 976 chrome.exe 89 PID 976 wrote to memory of 2356 976 chrome.exe 89 PID 976 wrote to memory of 2356 976 chrome.exe 89 PID 976 wrote to memory of 2356 976 chrome.exe 89 PID 976 wrote to memory of 2356 976 chrome.exe 89 PID 976 wrote to memory of 2356 976 chrome.exe 89 PID 976 wrote to memory of 2356 976 chrome.exe 89 PID 976 wrote to memory of 2356 976 chrome.exe 89 PID 976 wrote to memory of 2356 976 chrome.exe 89 PID 976 wrote to memory of 2356 976 chrome.exe 89 PID 976 wrote to memory of 2356 976 chrome.exe 89 PID 976 wrote to memory of 2356 976 chrome.exe 89 PID 976 wrote to memory of 2356 976 chrome.exe 89 PID 976 wrote to memory of 2356 976 chrome.exe 89 PID 976 wrote to memory of 2356 976 chrome.exe 89 PID 976 wrote to memory of 2356 976 chrome.exe 89 PID 976 wrote to memory of 2356 976 chrome.exe 89 PID 976 wrote to memory of 2356 976 chrome.exe 89 PID 976 wrote to memory of 2356 976 chrome.exe 89 PID 976 wrote to memory of 2356 976 chrome.exe 89 PID 976 wrote to memory of 2356 976 chrome.exe 89 PID 976 wrote to memory of 2356 976 chrome.exe 89
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.nexus-creative-solutions.com/login/?xcstoken=RDJHWFlpVkR5UTFhQWZ3ZVI4T0M3dHVtK29VejVoRjlpSVF3ZFRIdEJlUkRiTlVvRXErUU1aZjhYUE1naDFjeQ==&[email protected]1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:976 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c6bf9758,0x7ff8c6bf9768,0x7ff8c6bf97782⤵PID:3624
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1864,i,4154641408607080730,11261276758530088331,131072 /prefetch:22⤵PID:3928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=1864,i,4154641408607080730,11261276758530088331,131072 /prefetch:82⤵PID:1616
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1864,i,4154641408607080730,11261276758530088331,131072 /prefetch:82⤵PID:2356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1864,i,4154641408607080730,11261276758530088331,131072 /prefetch:12⤵PID:4380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1864,i,4154641408607080730,11261276758530088331,131072 /prefetch:12⤵PID:4400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3652 --field-trial-handle=1864,i,4154641408607080730,11261276758530088331,131072 /prefetch:82⤵PID:4920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1864,i,4154641408607080730,11261276758530088331,131072 /prefetch:82⤵PID:3688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=964 --field-trial-handle=1864,i,4154641408607080730,11261276758530088331,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:620
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1144
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
840B
MD589744a5e369573391202fdbc90990717
SHA1ef3d2ee9a1ccab3a58052775125b93fc458b0240
SHA2565bfd83acf2d5deca169dba36a3ad02b654ec0c13b3cf792f4d8df90f0aae0116
SHA512d26a516457b9515358754a0d14a3846cc11cb427ed2b09dbec86cab6b0af1b0cc927b4602c3f015cb79a8e41daa30c499021c55fa172629fdb0a72fd69ad1bce
-
Filesize
2KB
MD541c28f41411e1d689d18803d48f5e95f
SHA1fe6be005c6e66062196dec4514e151509c75e70d
SHA256fce541a835be967035c8c411f29bb290baaddbddcfa16a7bfbea0d46b8dded3d
SHA5123284d22740998e9a26313ec216c5aca3acd93905effdf7d49d0fb0c2485fd5337f532a71bb9e591b2ca51e5653160ef1b9e685a0c415a27560795d8480586398
-
Filesize
2KB
MD5dcf1e34f53050967332d70111414d892
SHA119618f04d5efdcffc8133018aa6b5347f938b3e0
SHA2563211092e4855a700ff6759f7aa248010b978d19a47bc0628b355f773f2cc4e57
SHA512374aec9d6539237b8373715efe103da975d55a7fd69521e560b27edbd8ec87cae4059a1ebdc4ba6a472c3677245966599d1a56cb287bec68c2c8a7d3eb213b34
-
Filesize
705B
MD5af9aa849b308d55cacbf39ef8a6d4411
SHA1af6073e899104649fb8a36b3ee96f7fc9357ce98
SHA256e4da89b3f1ece4f793338a0917b8037dd6a222deff2d47b8f4b73ab4dcff6ad6
SHA5123563e6a641a9c2ea59e847008d610c1256c259f0c5e0ee86ac7f38f90a2c797158c9867dd045bfd67d3b56acc50401d1241df28d5f4aaf07841128b5b36a85e6
-
Filesize
6KB
MD5e91063f4ef73269bd52cfe7242e62b29
SHA113787643afa1ff4da0e66f1fa019e0370c5380d6
SHA25699c9a6ef77ea9fb94aba503d642cd0b061d245e2c8c130ea54f557f2e6bcc450
SHA512b6bf4d13ac5a4c9c34b7c127c39818a2359c15d9654afc587dda8c83ad84fc735c41ff527d2da8b61a2125fc782c871d62be51a0c98b1d78e32d6b16163f5f72
-
Filesize
6KB
MD500be5f8797dc612fcdb85a38c8b693bf
SHA15f6b2f1371a1638d206e2a28013f692a31ab8f0a
SHA2567c2abfab28a5bd7332ca75654fe97ccbf6d27c46cc0c7f831ffc93546f9d3f42
SHA512b62b77969af1a8d01104239f74db3e82bccfff2692d003dbd29cf9369578646c790752a5d848b2039d48180f4e5a9c982f244aee3e332eec470f5b127f6a515b
-
Filesize
6KB
MD530a3913bf8559fccecf9eb6e88475af5
SHA1e5ae0cf4d5012f28afe621827fe67eac02c0ee65
SHA25667f819eb49906fc1dcf5cdddd1cef0940f4de410f39ee08e9ab93fe3f49e9b77
SHA51297eecc428662b1b6f30d4782b6b012c267d48dfe428b498f2ca202e6136501346677efff2b337d168e9a0fa68d345475e1ff1938d7ce2ad8fd81bdfb397985b8
-
Filesize
114KB
MD5f0d2886c4b6a366d4125bd426a2f7cb5
SHA1f48c85b258878f35920db02056816150f49681a1
SHA2567e2d60c42e93d7c17eb4e9c1649fc5671d35bf366f25fb99485fdafe735e32fb
SHA51251581962e86f663381998e55ba15594bf5d647699b10c71051fd512f52e4dd61c983dcff6a80bd20b032603aaf4bb25b1ee80733bb024bcde89543385b8638da
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84