Analysis

  • max time kernel
    106s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 08:50

General

  • Target

    https://pastedownload.com/nebula-video-downloader/

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pastedownload.com/nebula-video-downloader/
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1548
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5927ab58,0x7ffa5927ab68,0x7ffa5927ab78
      2⤵
        PID:4688
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1852,i,6124754098406135856,12229286200612827565,131072 /prefetch:2
        2⤵
          PID:2384
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1852,i,6124754098406135856,12229286200612827565,131072 /prefetch:8
          2⤵
            PID:1316
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2184 --field-trial-handle=1852,i,6124754098406135856,12229286200612827565,131072 /prefetch:8
            2⤵
              PID:3984
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1852,i,6124754098406135856,12229286200612827565,131072 /prefetch:1
              2⤵
                PID:2088
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2188 --field-trial-handle=1852,i,6124754098406135856,12229286200612827565,131072 /prefetch:1
                2⤵
                  PID:1508
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1852,i,6124754098406135856,12229286200612827565,131072 /prefetch:8
                  2⤵
                    PID:4476
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=1852,i,6124754098406135856,12229286200612827565,131072 /prefetch:8
                    2⤵
                      PID:2116
                  • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                    1⤵
                      PID:4540

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                      Filesize

                      216B

                      MD5

                      9efc90a11bb8e48dbe7482294096eeb6

                      SHA1

                      be4c569cc80a1e7378209212de4f1e2b2393cfb8

                      SHA256

                      046b2503684e4e7e221a18d04f46d1b8ac62fa6c728fc8c1a93d9ba5de77b301

                      SHA512

                      6901d2227548b31d7e796ef5a9bee7796c6842ec367b84233eb37141dda339fed3637f0d714c18cdb7a146e3d5a2b2f8229dfbacc93189a152aff6c7c2bce956

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                      Filesize

                      2KB

                      MD5

                      da21ad0b1cbc98e959b926868171ffe9

                      SHA1

                      f4c76c52992cbfa527c2b99390f1febf52832a1c

                      SHA256

                      331f9b60f176bd1ed7d6d700e66e380c08c0c03e221438201ff61d14068688f8

                      SHA512

                      abbfff7ab81090650da983ab70bdeef07968f098fce61b26ffc77e7c5bd1305aae6d4aff85df2d93fefca17b4410f6951e1f6e50812c276f1951fd38af5312d2

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                      Filesize

                      2B

                      MD5

                      d751713988987e9331980363e24189ce

                      SHA1

                      97d170e1550eee4afc0af065b78cda302a97674c

                      SHA256

                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                      SHA512

                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                      Filesize

                      689B

                      MD5

                      3177341cd7baa60f96f56f91494edd35

                      SHA1

                      8f4e59132a38b73d981599cfb0411101389ab749

                      SHA256

                      e6f030723daaaf40ab089546a0eca8012795f6994c94e6541749dee119476e65

                      SHA512

                      ef7c59d7ee1c1b54e679cfdc8240afdb6931eed7c008710f2a67b67b6155d69334d487b57462db349451f47dd2dead4a945fbdfa504078a6a3f7f2056980613a

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      7KB

                      MD5

                      1284df6063c39568eb94e636f38af683

                      SHA1

                      d7704b52dd0f7838d4851f5583f9a6af5d01a06a

                      SHA256

                      54a339a8314736f323918c1c41da191431f49ccd553fdee4f3221da618da4576

                      SHA512

                      8722dbf5d2653a9f7e6e70c01d297aac33dfef9f3dd0bd3f2cd52ffd162e46bb21843c4aad9d4079558bc38bc2a733d741a81e90f0c18f67ede0b7c9523b15fb

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3315532e32a8230f4b32b32187c9985daa8b998f\59519853-ce03-49c9-979f-e586c2c4437e\index-dir\the-real-index

                      Filesize

                      72B

                      MD5

                      d727e08e9d0bf0bad06b5642838c7bbe

                      SHA1

                      c515f6bc746637af5dc0c12410fe4b69681db56a

                      SHA256

                      8cb9b99c804f935e120e6faf2b7c6e2f62309d6b6c5ba93a95115abd6f3221a8

                      SHA512

                      30b1581235d9898b08aa83f7ba61fbd5528aa85c6820b6a677b034d3c116a5e134dc043613da03e4bfa363e7a4a80b7685d5d71340222b70809db5f9c24c6f23

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3315532e32a8230f4b32b32187c9985daa8b998f\59519853-ce03-49c9-979f-e586c2c4437e\index-dir\the-real-index~RFe57cdcf.TMP

                      Filesize

                      48B

                      MD5

                      a00731ee6274b375e2563b8e329f2219

                      SHA1

                      e0a8c251eba7232bb17a58249637feee7c9d9964

                      SHA256

                      a2069b225f4ada6a42fae32db3dd09f07ecd71418340e74f256acb6dada1bb4f

                      SHA512

                      cded4620c6b6cae83376379e1f38cad939c3cf01f1bf319ccc43e82f29e8d8268465c603930bf9761036dd6e1a71c19a3a306d5ef96070b4c70d37beb8a41e15

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3315532e32a8230f4b32b32187c9985daa8b998f\index.txt

                      Filesize

                      163B

                      MD5

                      837c616c847e2e0c16eeb45b1023fa67

                      SHA1

                      64b37c1add85d577cdde424d52ecf4dfc41ac83b

                      SHA256

                      5628ec9c1396de82fe94005c4cedf8e60da5610fa73478b784faf20e0b578a23

                      SHA512

                      a61ca7c085ef80e2009956db09fe2bd7f6cff20fb3328caf9dbf4eaba817da8025313d3b25e54b4a7891faf8606bba14e8f8eb86df17feeb0b536fc494cae63a

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3315532e32a8230f4b32b32187c9985daa8b998f\index.txt~RFe57cdfe.TMP

                      Filesize

                      168B

                      MD5

                      9bc2ef15f48e4518ab76077037aad283

                      SHA1

                      8d923fd58e195689db62dee7dc0897694f5e2c51

                      SHA256

                      efa1cb38d81d7a26dd6be834b9cd7b0995c2b0ae603c02ab3cdc92587d775d8b

                      SHA512

                      8fcce546a5bf505b14edfce934713129f3f87b9abfcaf9adf685fec3353f1f0781d30866f99e195ba4c83acd005d0c88164338a35c8cc85a64673636068152ec

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                      Filesize

                      96B

                      MD5

                      61fa8defd20d966a66b3f0f8cf0d7836

                      SHA1

                      58fd64ecec1c8a7546fa768d222a24d20b59d176

                      SHA256

                      f3ff3f3f70592dc50f222df1c4b37f3dcce3f336ca78b7b4dfa52bc989f92398

                      SHA512

                      d269df975c7d59a8991c1d90d1456f06543e5cfe79ffcce04251ec3649d10969c384846d60875a94b6f47b5629e87f7182ecbd12073e96084b0008da3a76b134

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                      Filesize

                      130KB

                      MD5

                      27af73252e7b522597c1e172254482da

                      SHA1

                      029bad5b8b13fd77bef3e32734f43d481644d357

                      SHA256

                      8281f792f28d4cc0747e2bfa24b90c6d70e7deeedd439db74b8004fd19c021f6

                      SHA512

                      7521917aa6333c4fb108cd3bed693936dcd245f2fcb096ea625949818f32fbc7e4d57c5ee3938ad6e69eb213a2f695717708668dd13a545b1595369c391d70a7