Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
18-06-2024 15:52
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://nimb.ws/Zh09GBc
Resource
win10v2004-20240611-en
General
-
Target
https://nimb.ws/Zh09GBc
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133631995560560417" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 3520 chrome.exe 3520 chrome.exe 4280 chrome.exe 4280 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
Processes:
chrome.exepid process 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 3520 wrote to memory of 3556 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 3556 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2168 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2148 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 2148 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe PID 3520 wrote to memory of 1868 3520 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://nimb.ws/Zh09GBc1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3520 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad3f7ab58,0x7ffad3f7ab68,0x7ffad3f7ab782⤵PID:3556
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1908,i,11788153757427219909,2165874516581507471,131072 /prefetch:22⤵PID:2168
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1908,i,11788153757427219909,2165874516581507471,131072 /prefetch:82⤵PID:2148
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2172 --field-trial-handle=1908,i,11788153757427219909,2165874516581507471,131072 /prefetch:82⤵PID:1868
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1908,i,11788153757427219909,2165874516581507471,131072 /prefetch:12⤵PID:1716
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1908,i,11788153757427219909,2165874516581507471,131072 /prefetch:12⤵PID:4144
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4144 --field-trial-handle=1908,i,11788153757427219909,2165874516581507471,131072 /prefetch:12⤵PID:4452
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1908,i,11788153757427219909,2165874516581507471,131072 /prefetch:82⤵PID:4280
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3392 --field-trial-handle=1908,i,11788153757427219909,2165874516581507471,131072 /prefetch:82⤵PID:1584
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1420 --field-trial-handle=1908,i,11788153757427219909,2165874516581507471,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4280
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1704
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
456B
MD5c0ab597cf820d872cfd78f52108e7a6c
SHA190f12eb080bf0e2871cd729e59c559471fca566a
SHA256a3291fcd176bcd0419aa1219cd211b9771ff60ce1c63b3576c60148401aea397
SHA51200ab153e016aee2ac151448b7585d0af346450f25f9870688cbac5474535ac985763ca6603562e1dbda5eaf5a8e837b31c9ba9a684316288d83df19ef1331707
-
Filesize
1KB
MD563f06732a4978d7a241ea78c8f5bfbbc
SHA10eff6af1cee1463e334fed1b92fdf9744b7c170e
SHA2567dffc3810480e48dc6f0e47face94808eee9a85f93041a3fe719fee71284c2e7
SHA512d61f62489697a9d426980a455cf9682e9c222b515f3aebd9658c5552059d6b8ce7d66f0b648eb4c45bdcbd7ccf31982b378cadca424103e19cde3e09af688988
-
Filesize
3KB
MD532fc346b94dccdd4bf7faa3cfc916f33
SHA14371093b2282ec40e49ffabc12712811ceed8404
SHA256cb798fea52f64fd8819326719a7c51f8492ec8baf1811be271cb6094f86684c9
SHA512bb54ac363566cc4046fcf7afb7d03b51d3be12c882c572a93103c28646da8acc136b8e278cffe09ce7f61db1604cc50e9db38bb936969268c65ce05cb172963e
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD54d8df3caf0f16c49afad3ac04fc5043d
SHA1b77555dd695e4fbc4b27960f50eaa6492fd41b90
SHA2569658a558d0a49e35ef8b3bd67be3fa88b78e90cb40fd77caa708ab0f6b770a74
SHA5120e8cdedf4daedd5c031cc9793075465a955d5094a9ce8cd4ea131e4edf638cac630f9802a7c5818639388c898de3730fe32cbf6c9d417847041387fd5326d932
-
Filesize
857B
MD53e6bed9d15b2c39a5605732d96d5c9d8
SHA1bbad52ee1cf945093e50c43d37f72015b80e5f42
SHA25636241727a45cfacd762272d8ee198c6a2fe646593f7e471f8b8ff98e1fa57101
SHA5121db4509f59e7f896d245438e02cb4deb6d2ec140a12ea74b5369f2428c35c5c6388b1158fd8ca0b8cc1cc58737a69e7c43a0520bc25044a807edbe55c1731aaa
-
Filesize
7KB
MD56d77e3ab86683aef764f204aeb8edbad
SHA1a89bdb70a1030dede01db83b8ebeb7ac3a52450e
SHA2563d2082e01d7f346c7969147f00336ee94a6826aac537535aafd30dd1bccdd059
SHA512f3893daaf93ce7fbc9e94096b2b83dc6274068a48da9ec54a3886c50a915c7720df2e3090e7bcb2f27fe77dbe5832d3d73ed3bb2ac3975b225176706ac84f05e
-
Filesize
6KB
MD55bff8e8d3c829254ca4a5b0a32ea2d95
SHA1268188de55bcd9e9fff48dd9d3a8471547152a23
SHA2564913d50bebb2351cc9d953f105d540762dceddc5619bffdd0f4c72c1e0820b11
SHA512fa1cb598058151fab5725b61e857e30b33acdb7acbcc416267c0af687cde00d0eb598ffc27fe2766e095f76af1ffbbc3d1ebfdd5238cfb69cbd0b651bdc347cf
-
Filesize
7KB
MD5cf2ace5becd97698d78a1c62346c7a7e
SHA1238d0725f5bbb3c080d326ac0791ba3dc824c4ec
SHA2567ce695990acc0e5a740bfff4086dca8cc6c3887dd02eb147fc27ec96b74bb599
SHA5129eec7d0a7796f2048a2b80a3ec589bf577f3af3b5077898788ace715409a282ab7d260eee92f0c7b69a6072418edf4a220d887259ab94b0c53ba06c6c3c8704e
-
Filesize
138KB
MD50fadaf806f8098167eb415ee4ccb223b
SHA1ca74071545f1228dcaacf3e928d7c943c2a69ff4
SHA256aadc218ea221b3ba9a6b6ae5032bcd7e097fb98ed2d757596b01e194c164e1de
SHA51280f6c614c89347dd5e40adc009048f870aeeeb72afc09978f2d128c2d968cea160ce54751ee6388ef1de9fe3b6be162c40f76560640a2e2f20f79c228a032b1c
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e