Analysis
-
max time kernel
88s -
max time network
86s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18-06-2024 15:59
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://nimb.ws/k0BeSif
Resource
win10v2004-20240508-en
General
-
Target
https://nimb.ws/k0BeSif
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133631999880380761" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 4932 chrome.exe 4932 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
chrome.exepid process 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe Token: SeShutdownPrivilege 4932 chrome.exe Token: SeCreatePagefilePrivilege 4932 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe 4932 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 4932 wrote to memory of 2984 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2984 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 2912 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 3040 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 3040 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe PID 4932 wrote to memory of 4532 4932 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://nimb.ws/k0BeSif1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4932 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0ae5ab58,0x7ffc0ae5ab68,0x7ffc0ae5ab782⤵PID:2984
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1928,i,6370220954703622195,7805602314603737851,131072 /prefetch:22⤵PID:2912
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1928,i,6370220954703622195,7805602314603737851,131072 /prefetch:82⤵PID:3040
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1928,i,6370220954703622195,7805602314603737851,131072 /prefetch:82⤵PID:4532
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1928,i,6370220954703622195,7805602314603737851,131072 /prefetch:12⤵PID:2628
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1928,i,6370220954703622195,7805602314603737851,131072 /prefetch:12⤵PID:2916
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4192 --field-trial-handle=1928,i,6370220954703622195,7805602314603737851,131072 /prefetch:12⤵PID:1156
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4528 --field-trial-handle=1928,i,6370220954703622195,7805602314603737851,131072 /prefetch:12⤵PID:1124
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1928,i,6370220954703622195,7805602314603737851,131072 /prefetch:82⤵PID:1492
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3236 --field-trial-handle=1928,i,6370220954703622195,7805602314603737851,131072 /prefetch:82⤵PID:2916
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4636
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
456B
MD5107c93d02df21cc42585d0c1a524453c
SHA136ac82602331d820cea5f5f221e077481f8c29d5
SHA2565462c5de97f430bc853596f4b989d69a616ca279590a0c5b22ef6a2f3793e5b6
SHA512ed44dc9b285298a2386634564cbb02a0e9cdb347ea951f9db2be9ff52885b93d5582e7d4ac6801ff6f7f05c081af0a6c60daad1defb0b7b96bcbfd24d0cc4b6d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\080e0230-1726-42ab-a907-33c86daf70ec.tmp
Filesize3KB
MD5532229fc32e18036371282fbda1c63ef
SHA165832a4bcd9d6ff4084d13f3a37a98acb98e069c
SHA2562ebeb0f79c6f9c84d9b4d40f5a1879a2033015de2b240e3be53fa126fedd4e3f
SHA512cefbbea24b3e306c8b8c3bfc52450d0bfbaf4059d9dc39dda1781cc3a165df435b47760339a439db2af3a1125b96dea720dc057296059217d99da30566baec7c
-
Filesize
1KB
MD520ea3367aeb643eb41d6ab5ad7b05991
SHA1b9c668556de252999774ce3a0bec6cc1071fa66f
SHA2568054bcaae9eb65c5c853dd6508bffe286be3580c4d809539e3a7df9b34f2245e
SHA5129da4a314a7e5a87a3772b9b48f10c2efde96254fd1dd790e9a671eee30aaeae728d932778c473e832f0014e30bac779948e2955272ddc814a4ecc666e6e4ebd8
-
Filesize
1KB
MD5664ad3a3190d4679a90dfbaa462c9206
SHA1eddf14e9f572aa7a915df0f8eb50e60e5efd62c3
SHA25637e9ff0a643ba0e5e296b0a5c1d96a3456c6ca1162309f44e24d035ac9680fd5
SHA5128a6c378199ce2da6343641dca46e711eedda236db790089cb8e9c3696a612036f65437fb1d618c799f585141091895f63747e66af5cc3ef6c8afe7e577065be9
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1024B
MD5f1c942f5f5c6250df471bed1889b04fb
SHA1f2ea3a631be377e6f2d65de35135f47c75dc949b
SHA2567e61b28884c107a4bcf65db7474d09718ceabac1bc7b7f1b97e8f7e37692fbb5
SHA5128bd8d041cb210cb15084524137d4a77cad8111756808f640ff21b9a67f79c7dc8bea00c2c0f917380a841add4a49544a5039f187e445993f872a49a26e609972
-
Filesize
1KB
MD595d4b6601d9c6f746af5c58c50ae8239
SHA171093d3fed266b1b73d71ab17778fed10604dc2f
SHA25609f7352ab89796a89b9bebd682fca7f130cbbd9a4ecc5386061ab7928c0018d8
SHA5126be4b76148b19f530f3b36544dfdd91da68f7d0e167e5a2924d35b2e85a1a64a7e76af71f0f6de9785723567de5ee28d53140c12e444e54643e7cc7e18b770bd
-
Filesize
6KB
MD564bfd880a008001ec6c96de088884c89
SHA12c35881365c320a617adcb82b290413d90ce0cbb
SHA256ab6bf78779cfbf568edc3a7bfef99429190aabb991df8610d5099807cdd10a5b
SHA512113294a7800d0a615152294af65b6f7f97ed99e455b144f4204c97cd51912d495f5e1a0d59b20197c960a15324af7d4b6688050398ca8119de302845c1a1ea0e
-
Filesize
129KB
MD5f4a6efca938d7516407d250fe53a2494
SHA1e899623a8bc481ac6a0e5338bb569172ace6ede3
SHA2565cb9911f3b99a7b7b895625a15dce50d07b7fc854ad25413fd9115e1dcc849c0
SHA512f34949231ee6f8ed9e805422ebd37d7923a411ab9b8ee6e1488636c041d83180a2fec792e72cba746d1b5b5cd71994ef823fe7e2d11ee30f0bf8769c1fccf1ed
-
Filesize
129KB
MD52813cedc1ef4337eb31e2a1ff401fee2
SHA19c6cc6a99cedce6bedd3898ff33bc15a231f4b85
SHA256bccb5edb6df5a61569f37f3ea7e73aef2f8c109eeef376b706d500fd1875f728
SHA51250f5ce7aa60494c7d732310a60bb05726f1edb9213434298b40000e8daec9092c3b830b871ef58e9b9421a279ffdd9550adaa76d541ad1a02e132e9ac2c37710
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e