Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
18-06-2024 16:18
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://nimb.ws/Zh09GBc
Resource
win10v2004-20240611-en
General
-
Target
https://nimb.ws/Zh09GBc
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133632011381622922" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 2220 chrome.exe 2220 chrome.exe 1952 chrome.exe 1952 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
Processes:
chrome.exepid process 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe Token: SeShutdownPrivilege 2220 chrome.exe Token: SeCreatePagefilePrivilege 2220 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe 2220 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 2220 wrote to memory of 2344 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 2344 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1076 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 4608 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 4608 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe PID 2220 wrote to memory of 1376 2220 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://nimb.ws/Zh09GBc1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2220 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffb7bdab58,0x7fffb7bdab68,0x7fffb7bdab782⤵PID:2344
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1848 --field-trial-handle=1900,i,14249797104436276431,784019956197645105,131072 /prefetch:22⤵PID:1076
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1900,i,14249797104436276431,784019956197645105,131072 /prefetch:82⤵PID:4608
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1900,i,14249797104436276431,784019956197645105,131072 /prefetch:82⤵PID:1376
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1900,i,14249797104436276431,784019956197645105,131072 /prefetch:12⤵PID:3956
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1900,i,14249797104436276431,784019956197645105,131072 /prefetch:12⤵PID:3656
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4124 --field-trial-handle=1900,i,14249797104436276431,784019956197645105,131072 /prefetch:12⤵PID:4060
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1900,i,14249797104436276431,784019956197645105,131072 /prefetch:82⤵PID:2788
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3348 --field-trial-handle=1900,i,14249797104436276431,784019956197645105,131072 /prefetch:82⤵PID:3424
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=976 --field-trial-handle=1900,i,14249797104436276431,784019956197645105,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1952
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:2304
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
432B
MD58d0285559b6984451fa527ccf74391af
SHA1590238a6c7afd0f94bae1374aa3f49f1a4d076ad
SHA2565e095ba37b1419f7c0ad7534765523f2c037b79e663174dbeb38e13527ed88f3
SHA512ac2d5f55aa1176a63b837803ba07f48d3bd59d727fe36d4f254ebbbed5f7924410a8736f3fc678198810851aa76293d1d79f3550f1a3815558939f28325c1e6d
-
Filesize
4KB
MD502ac51840c412bd2b847693bc1ed9f7c
SHA132423439467417b3445fb38a9a26cb7cb025ca1a
SHA2568843a822e6d81fa1165cff7fbf1eab5bdf2c0c5139791f013d9ae58fffbf6c09
SHA51254ad8fcbb8bfaff5e0d546fa63699a7fe02790a394ad3bae5ed27cb36ebaff7ff09cbf4cfb11c173b03b3759d05433479a6faa406775386701f1be5a88518562
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD55dd13c34ba9ee9d02d911857db156104
SHA1ab7b172e735989c024e4f079e8408f534229b647
SHA256c12ebf57c3eec926c70299ecf7f9165014b840725f328b8e79876d5ba37b5bc8
SHA512f338c412f31d99f5430cd38490d8ab71599f352d3c8fddb44d13685c2a85473b6a9000b68b8444772daad836466c16e782eed17b184b28cbf227e91635a22619
-
Filesize
7KB
MD521cf41ee0db4eabebd37a826603b5350
SHA11118e9bf5f8dfbfae88419c5d4d55286f3dba681
SHA2569cce58a176e2f34bdcea1422269a9ddbb31884c22718cefdeca66693fd3593cf
SHA51227c1c6e0118d5b8987d00a2bbcb216028fa81ff5877002cb31d3d9e681cfab95c938d9541b9ff0a1c11d3dc06a53408e54ce585a8bbc7dced493b67a5f9d0595
-
Filesize
7KB
MD58cee81b3cc1814d6db16957089f29845
SHA10063b200f65519140c325e71d708138024fa227f
SHA2560fb33f790ef9bee76db7b474359a89c91664e81bb5d761d1f0a1cb57be8fed9e
SHA512a6ad36f6fe5c114fe28af52bf4c3713979e89bf110b4e5f0a7643e7cf281f1e021aa6c3116d9131d7c4443b7449d0e1bf9561fecb93fac3fa70f7519968621b2
-
Filesize
138KB
MD5a7940a805a82905d8b72877929e0327c
SHA12447093348fd8aad4f638e9ef85ada2ffbfe90e9
SHA256c511541167e2f3d63e5fa28e91fb2fb81c6761c50dc7030d518d77da96d2e260
SHA5121f8ed83af6508f39d4a76afb197bdbad2c16ca183b987907b87fcf522dfb0e77dfafdece2fae56b5dd8d64c0c52e36880613195cc20ee1fd289c61b13df2573d
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e