Analysis
-
max time kernel
106s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 08:50
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://pastedownload.com/nebula-video-downloader/
Resource
win10v2004-20240426-en
General
-
Target
https://pastedownload.com/nebula-video-downloader/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618782680549038" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1548 chrome.exe 1548 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1548 chrome.exe 1548 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe Token: SeShutdownPrivilege 1548 chrome.exe Token: SeCreatePagefilePrivilege 1548 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe 1548 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1548 wrote to memory of 4688 1548 chrome.exe 84 PID 1548 wrote to memory of 4688 1548 chrome.exe 84 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 2384 1548 chrome.exe 86 PID 1548 wrote to memory of 1316 1548 chrome.exe 87 PID 1548 wrote to memory of 1316 1548 chrome.exe 87 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88 PID 1548 wrote to memory of 3984 1548 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pastedownload.com/nebula-video-downloader/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1548 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5927ab58,0x7ffa5927ab68,0x7ffa5927ab782⤵PID:4688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1852,i,6124754098406135856,12229286200612827565,131072 /prefetch:22⤵PID:2384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1852,i,6124754098406135856,12229286200612827565,131072 /prefetch:82⤵PID:1316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2184 --field-trial-handle=1852,i,6124754098406135856,12229286200612827565,131072 /prefetch:82⤵PID:3984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1852,i,6124754098406135856,12229286200612827565,131072 /prefetch:12⤵PID:2088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2188 --field-trial-handle=1852,i,6124754098406135856,12229286200612827565,131072 /prefetch:12⤵PID:1508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1852,i,6124754098406135856,12229286200612827565,131072 /prefetch:82⤵PID:4476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=1852,i,6124754098406135856,12229286200612827565,131072 /prefetch:82⤵PID:2116
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4540
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216B
MD59efc90a11bb8e48dbe7482294096eeb6
SHA1be4c569cc80a1e7378209212de4f1e2b2393cfb8
SHA256046b2503684e4e7e221a18d04f46d1b8ac62fa6c728fc8c1a93d9ba5de77b301
SHA5126901d2227548b31d7e796ef5a9bee7796c6842ec367b84233eb37141dda339fed3637f0d714c18cdb7a146e3d5a2b2f8229dfbacc93189a152aff6c7c2bce956
-
Filesize
2KB
MD5da21ad0b1cbc98e959b926868171ffe9
SHA1f4c76c52992cbfa527c2b99390f1febf52832a1c
SHA256331f9b60f176bd1ed7d6d700e66e380c08c0c03e221438201ff61d14068688f8
SHA512abbfff7ab81090650da983ab70bdeef07968f098fce61b26ffc77e7c5bd1305aae6d4aff85df2d93fefca17b4410f6951e1f6e50812c276f1951fd38af5312d2
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
689B
MD53177341cd7baa60f96f56f91494edd35
SHA18f4e59132a38b73d981599cfb0411101389ab749
SHA256e6f030723daaaf40ab089546a0eca8012795f6994c94e6541749dee119476e65
SHA512ef7c59d7ee1c1b54e679cfdc8240afdb6931eed7c008710f2a67b67b6155d69334d487b57462db349451f47dd2dead4a945fbdfa504078a6a3f7f2056980613a
-
Filesize
7KB
MD51284df6063c39568eb94e636f38af683
SHA1d7704b52dd0f7838d4851f5583f9a6af5d01a06a
SHA25654a339a8314736f323918c1c41da191431f49ccd553fdee4f3221da618da4576
SHA5128722dbf5d2653a9f7e6e70c01d297aac33dfef9f3dd0bd3f2cd52ffd162e46bb21843c4aad9d4079558bc38bc2a733d741a81e90f0c18f67ede0b7c9523b15fb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3315532e32a8230f4b32b32187c9985daa8b998f\59519853-ce03-49c9-979f-e586c2c4437e\index-dir\the-real-index
Filesize72B
MD5d727e08e9d0bf0bad06b5642838c7bbe
SHA1c515f6bc746637af5dc0c12410fe4b69681db56a
SHA2568cb9b99c804f935e120e6faf2b7c6e2f62309d6b6c5ba93a95115abd6f3221a8
SHA51230b1581235d9898b08aa83f7ba61fbd5528aa85c6820b6a677b034d3c116a5e134dc043613da03e4bfa363e7a4a80b7685d5d71340222b70809db5f9c24c6f23
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3315532e32a8230f4b32b32187c9985daa8b998f\59519853-ce03-49c9-979f-e586c2c4437e\index-dir\the-real-index~RFe57cdcf.TMP
Filesize48B
MD5a00731ee6274b375e2563b8e329f2219
SHA1e0a8c251eba7232bb17a58249637feee7c9d9964
SHA256a2069b225f4ada6a42fae32db3dd09f07ecd71418340e74f256acb6dada1bb4f
SHA512cded4620c6b6cae83376379e1f38cad939c3cf01f1bf319ccc43e82f29e8d8268465c603930bf9761036dd6e1a71c19a3a306d5ef96070b4c70d37beb8a41e15
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3315532e32a8230f4b32b32187c9985daa8b998f\index.txt
Filesize163B
MD5837c616c847e2e0c16eeb45b1023fa67
SHA164b37c1add85d577cdde424d52ecf4dfc41ac83b
SHA2565628ec9c1396de82fe94005c4cedf8e60da5610fa73478b784faf20e0b578a23
SHA512a61ca7c085ef80e2009956db09fe2bd7f6cff20fb3328caf9dbf4eaba817da8025313d3b25e54b4a7891faf8606bba14e8f8eb86df17feeb0b536fc494cae63a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3315532e32a8230f4b32b32187c9985daa8b998f\index.txt~RFe57cdfe.TMP
Filesize168B
MD59bc2ef15f48e4518ab76077037aad283
SHA18d923fd58e195689db62dee7dc0897694f5e2c51
SHA256efa1cb38d81d7a26dd6be834b9cd7b0995c2b0ae603c02ab3cdc92587d775d8b
SHA5128fcce546a5bf505b14edfce934713129f3f87b9abfcaf9adf685fec3353f1f0781d30866f99e195ba4c83acd005d0c88164338a35c8cc85a64673636068152ec
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize96B
MD561fa8defd20d966a66b3f0f8cf0d7836
SHA158fd64ecec1c8a7546fa768d222a24d20b59d176
SHA256f3ff3f3f70592dc50f222df1c4b37f3dcce3f336ca78b7b4dfa52bc989f92398
SHA512d269df975c7d59a8991c1d90d1456f06543e5cfe79ffcce04251ec3649d10969c384846d60875a94b6f47b5629e87f7182ecbd12073e96084b0008da3a76b134
-
Filesize
130KB
MD527af73252e7b522597c1e172254482da
SHA1029bad5b8b13fd77bef3e32734f43d481644d357
SHA2568281f792f28d4cc0747e2bfa24b90c6d70e7deeedd439db74b8004fd19c021f6
SHA5127521917aa6333c4fb108cd3bed693936dcd245f2fcb096ea625949818f32fbc7e4d57c5ee3938ad6e69eb213a2f695717708668dd13a545b1595369c391d70a7