Analysis
-
max time kernel
25s -
max time network
27s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
18-06-2024 15:54
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://nimb.ws/h3t6XR7
Resource
win10v2004-20240611-en
General
-
Target
https://nimb.ws/h3t6XR7
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133631996994469547" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 6092 chrome.exe 6092 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
Processes:
chrome.exepid process 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe -
Suspicious use of AdjustPrivilegeToken 50 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe Token: SeShutdownPrivilege 6092 chrome.exe Token: SeCreatePagefilePrivilege 6092 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe 6092 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 6092 wrote to memory of 3888 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3888 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 3972 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2928 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2928 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe PID 6092 wrote to memory of 2752 6092 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://nimb.ws/h3t6XR71⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:6092 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4fd2ab58,0x7ffe4fd2ab68,0x7ffe4fd2ab782⤵PID:3888
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1896,i,13728615892233469145,2272267015409398261,131072 /prefetch:22⤵PID:3972
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1896,i,13728615892233469145,2272267015409398261,131072 /prefetch:82⤵PID:2928
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1896,i,13728615892233469145,2272267015409398261,131072 /prefetch:82⤵PID:2752
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1896,i,13728615892233469145,2272267015409398261,131072 /prefetch:12⤵PID:2576
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1896,i,13728615892233469145,2272267015409398261,131072 /prefetch:12⤵PID:4420
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4116 --field-trial-handle=1896,i,13728615892233469145,2272267015409398261,131072 /prefetch:12⤵PID:5920
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1896,i,13728615892233469145,2272267015409398261,131072 /prefetch:82⤵PID:3592
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1896,i,13728615892233469145,2272267015409398261,131072 /prefetch:82⤵PID:1248
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4596
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD579132ee07bc64237130594385d0e66ec
SHA1463800eb66688841c4390e678770ed1b28ee3838
SHA2565d567e8535397398a2a392348eb7bcbe07b3ab7693555e0c501cbdcafb69f5a8
SHA5125a7dde656b4fc0400cc08045b24b137ce2a83f2024902eaf0b77a68647144a065cc784fce5d8601bba846a0e708cae95072ee95aa8b2ba5794c12499530c52c5
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD57ffe3d85469b8c90313e77fc9f12d8ba
SHA1adcb0b9b66627c61c18381814262ba75d59e0273
SHA256a7e40b63687f6145d3f355fe2e72b02238eb4099591138b3f98dc19bcbb613f1
SHA51204f7f39d238e3add301186a5a85043695fdd3d715f80338c396d6739c8e3a9b4072f5eb7dfcbbef7ed7021cdf9f33aec2b2b28cbd133412fcec98aca86990b10
-
Filesize
1KB
MD5e6b35ae05f9669b2a8c7c2403c447c8c
SHA17f31239ea11f9a39b823132c5dabafb1e19f1b58
SHA2564b2b598dac092d86226ac208702ed9d6179e3a8f300183ff36e342cf63157bd8
SHA51269011c652cfe6b8850e26d4d2719b854efc95adf776e08f0f864cd03fae18fd18a3279ec9b1cf507a3d3cc1e025e65978a1b904bcbc69821459d8d08b3b744be
-
Filesize
6KB
MD5a67eaef5a05461c87bc9425b4d1b4bc4
SHA13fa5bf403bb5b5852b2d14141823688850f28543
SHA2567fb4321b82cb02f542b4a3c23ae9605d5946107201a53ecbed6f789e6b63164a
SHA51270e61f28f066ee131289a81ee89c1a9bcfd42237df5dbb1f60a1ac39ecc472930ac70a92dc3938f6ab143f5752accd9752da68a54a837a8413ced0c8887446ce
-
Filesize
138KB
MD5dcf8fa2316c4c436d4a658766e12bcd5
SHA19ce5201a2d0454ed69c39e46be2d6012555c2c7b
SHA256f4325b4c70964082f9ab1669ce437ced92b2fb6102ee7b4fb0edbcc77983d427
SHA512f4a82980ee392b1937f3d7a43b0038c35e393e7e4e63c6b17401112d40f6f77110b32400a0a68df78ce5aa78fedf4fa6f26783999007567505c872e4f6bd2ada
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e