Analysis
-
max time kernel
58s -
max time network
58s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
05/04/2024, 20:49
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.nexus-creative-solutions.com/login/?xcstoken=RDJHWFlpVkR5UTFhQWZ3ZVI4T0M3dHVtK29VejVoRjlpSVF3ZFRIdEJlUkRiTlVvRXErUU1aZjhYUE1naDFjeQ==&[email protected]
Resource
win10v2004-20231215-en
General
-
Target
https://www.nexus-creative-solutions.com/login/?xcstoken=RDJHWFlpVkR5UTFhQWZ3ZVI4T0M3dHVtK29VejVoRjlpSVF3ZFRIdEJlUkRiTlVvRXErUU1aZjhYUE1naDFjeQ==&[email protected]
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133568237859002100" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4584 chrome.exe 4584 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4584 chrome.exe 4584 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe Token: SeShutdownPrivilege 4584 chrome.exe Token: SeCreatePagefilePrivilege 4584 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe 4584 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4584 wrote to memory of 4896 4584 chrome.exe 87 PID 4584 wrote to memory of 4896 4584 chrome.exe 87 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 2848 4584 chrome.exe 89 PID 4584 wrote to memory of 644 4584 chrome.exe 90 PID 4584 wrote to memory of 644 4584 chrome.exe 90 PID 4584 wrote to memory of 2632 4584 chrome.exe 91 PID 4584 wrote to memory of 2632 4584 chrome.exe 91 PID 4584 wrote to memory of 2632 4584 chrome.exe 91 PID 4584 wrote to memory of 2632 4584 chrome.exe 91 PID 4584 wrote to memory of 2632 4584 chrome.exe 91 PID 4584 wrote to memory of 2632 4584 chrome.exe 91 PID 4584 wrote to memory of 2632 4584 chrome.exe 91 PID 4584 wrote to memory of 2632 4584 chrome.exe 91 PID 4584 wrote to memory of 2632 4584 chrome.exe 91 PID 4584 wrote to memory of 2632 4584 chrome.exe 91 PID 4584 wrote to memory of 2632 4584 chrome.exe 91 PID 4584 wrote to memory of 2632 4584 chrome.exe 91 PID 4584 wrote to memory of 2632 4584 chrome.exe 91 PID 4584 wrote to memory of 2632 4584 chrome.exe 91 PID 4584 wrote to memory of 2632 4584 chrome.exe 91 PID 4584 wrote to memory of 2632 4584 chrome.exe 91 PID 4584 wrote to memory of 2632 4584 chrome.exe 91 PID 4584 wrote to memory of 2632 4584 chrome.exe 91 PID 4584 wrote to memory of 2632 4584 chrome.exe 91 PID 4584 wrote to memory of 2632 4584 chrome.exe 91 PID 4584 wrote to memory of 2632 4584 chrome.exe 91 PID 4584 wrote to memory of 2632 4584 chrome.exe 91
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.nexus-creative-solutions.com/login/?xcstoken=RDJHWFlpVkR5UTFhQWZ3ZVI4T0M3dHVtK29VejVoRjlpSVF3ZFRIdEJlUkRiTlVvRXErUU1aZjhYUE1naDFjeQ==&[email protected]1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4584 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb3e2b9758,0x7ffb3e2b9768,0x7ffb3e2b97782⤵PID:4896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=308 --field-trial-handle=1920,i,13694089589876284708,1779189384289188677,131072 /prefetch:22⤵PID:2848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1872 --field-trial-handle=1920,i,13694089589876284708,1779189384289188677,131072 /prefetch:82⤵PID:644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1920,i,13694089589876284708,1779189384289188677,131072 /prefetch:82⤵PID:2632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1920,i,13694089589876284708,1779189384289188677,131072 /prefetch:12⤵PID:4696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1920,i,13694089589876284708,1779189384289188677,131072 /prefetch:12⤵PID:992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1920,i,13694089589876284708,1779189384289188677,131072 /prefetch:82⤵PID:4728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1920,i,13694089589876284708,1779189384289188677,131072 /prefetch:82⤵PID:3296
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1920,i,13694089589876284708,1779189384289188677,131072 /prefetch:82⤵PID:1140
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:824
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
528B
MD561828593e9ac8824a0c5a98ec9a253cd
SHA1b439d03891072f2d47de667e47f9eef84f9063c1
SHA256e2d9bd2325f984cde09b517555f7a9f7d7d40f15bc4638709e676156ac3e15d4
SHA51222b986bf71f4862988346020672c1a9a49430c0a0c2fa21fa79009008b51ca5b69e97475a954fa6c49a619eadc568e05d6349ca77172eff1702973ea35f1d125
-
Filesize
703B
MD57d18d97bbede9b941e1a02ccf468660d
SHA12066f0ee9cf59afe8a138c3eebe35b0180d47285
SHA25645f1969c6a8caa1be402bc31fa5176aa358965e57ea409bdbaf483aa0d79ce38
SHA512b9c8eef10a58ea46a5c366b2972b0ab5ba9938c7e8e165ccb421da137c6cd95dcb3ef019b4f34a2e38a91da961078ce289a0ae163aa62abdef219f89e15831da
-
Filesize
6KB
MD54cb749ce91ba2d99c1c96716ff078856
SHA10b532e5f029c40e6d7e1e097c3ffeb1b022cfdc8
SHA256cccdcc2ce13c076d463337d059103e3eb158358d53fd2cab4f3efc0f6ca8559f
SHA512073fbf1b9d788ec4e8da16f21ae8e50e9437a68f03e595c1a9604795a9733fb4206f929fcc5908a758c6600408ac1d71c6226413a40d0d567e887f9bc65e14e3
-
Filesize
6KB
MD5abffd276e765ffc0fc823eab3a9ecb49
SHA1849ff3499f170b3dcadd4f08704fc8989454b26c
SHA25605934e9bdf03b5561ee9b121a44993f05c3a87ca402fe73ab3df748b309fcd2f
SHA512a5d05b8eea1491d68b4369e58daeb18563de76cb0ef2dce1707f4db2d2403eb1519daa5de8fe3ca5aece8f4aae2debce5650ef36b17ea668622ea6f735316304
-
Filesize
6KB
MD5d293ed148ff36c6d2caa4fc70708dda4
SHA1b38a3c2c25013b96d8dd8a7342085baf19c0629f
SHA2563c7a996d1957ffff8cc706e539db1713729ca7b158c746bfd20582b4aa01f578
SHA5125b342b102e3f6cef806bde484bf276371f1c09b049a90e84bd384109c04367133d88a395a250d20c2ff1b17a804628432269b019a1dd13bb9a90fd2f25d5d1d8
-
Filesize
114KB
MD51d75fc07d4c350b79e45b266074ef06e
SHA1a2c8cf8abe44b52ef6224b5278b516d487e9ced0
SHA2561e8ef914ba6d9e09f0ee718b32da6ad64463c8289f6bb7e58f3dd28320787d04
SHA512267f54ce59ac2501048f6eb88af7a328899b6e6c49ab8d1dcbf3e00d42820bba1a26081ba28745add61742fcf97ea9c68c232a3f80d84eca4811a06ab81d2120
-
Filesize
99KB
MD59a9c4e02da778515cda90ad7a2f6f859
SHA129037b80d941cf049fd435e553d5a46b94062497
SHA25618765acf484b51a87c43d2b4a871ac680aee18331c0035006752e6c1031627e5
SHA512d9d9af080574fd036537171566171b915ea84ef2e41731d007268d1c7b04f53ec3e879b462e73595d0e0f3508f8e9061c2db06b315cf3fd73fabe022af977f2c
-
Filesize
98KB
MD589dcc3de5aabbdd71616b76672b7b3ea
SHA1f301ea4660673dcc3646b3a1e3cea5b96ee2d1e9
SHA256b173c8de0f0f7f486d669a2dea1b0503a5e26d12cfa98ca9d86c249893e72375
SHA5128573bc16c48ddca2ef5a84bcf942d26edb4c9b08c6c4e00956f8fba93b4405f23542c77fab0d6aa0417e242d89e4c51b2038f5899c98c9bdb8002351f1be136e
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84