34b740789389b6aec040caf45c0da8a5de2451b5d6002925a9cde6cba436b7e4

Analysis

max time kernel
33s
max time network
134s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14/06/2023, 09:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ChromeSetup.exe
Size

1.0MB
MD5

1e5db050ae657418229cc65b6c7b62fb
SHA1

bf66c158fe588ac39ba160ef5169560c13c380be
SHA256

34b740789389b6aec040caf45c0da8a5de2451b5d6002925a9cde6cba436b7e4
SHA512

4f6afe4228afae60cd7492f666aa0dd275700c712e4486510e90e2958b2d4f36ae8a55e68f4f329433439bdef1632ea5a69bc79f2c37c3ca4bd892f2cb60dbdd
SSDEEP

24576:6VyEIohMRSfw0RTQZjHKPjiqSMz9xLZ/JO5unIE:6VpMiwWTQZjHKPji/MxxcuI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1292	GoogleUpdate.exe

Loads dropped DLL 4 IoCs

pid	Process
904	ChromeSetup.exe
1292	GoogleUpdate.exe
1292	GoogleUpdate.exe
1292	GoogleUpdate.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\GUM7521.tmp\GoogleUpdateSetup.exe	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\GoogleUpdate.exe	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\GoogleUpdateWebPlugin.exe	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_es-419.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_iw.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_ms.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_de.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_en-GB.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_en.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_ja.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_lv.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_ta.dll	ChromeSetup.exe
File opened for modification	C:\Program Files (x86)\GUM7521.tmp\GoogleUpdateSetup.exe	ChromeSetup.exe
File opened for modification	C:\Program Files (x86)\GUT7522.tmp	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdate.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_da.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_el.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_is.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\GoogleUpdateComRegisterShell64.exe	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_bg.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_pl.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\psuser.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_fr.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_ml.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_nl.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\psuser_64.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_kn.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_gu.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_hr.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_pt-PT.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_sk.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_vi.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_zh-TW.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\GoogleUpdateOnDemand.exe	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_es.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_ur.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\psmachine.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_fa.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_no.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\npGoogleUpdate3.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_fil.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_id.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_ko.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_tr.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_uk.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_zh-CN.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\psmachine_64.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\GoogleCrashHandler64.exe	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_ca.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_it.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_sv.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_th.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_am.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_pt-BR.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_ar.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_cs.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_hu.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_te.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\GoogleCrashHandler.exe	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\GoogleUpdateHelper.msi	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_et.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_sl.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_sr.dll	ChromeSetup.exe
File created	C:\Program Files (x86)\GUM7521.tmp\goopdateres_sw.dll	ChromeSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1292	GoogleUpdate.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1292	GoogleUpdate.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 1292	904	ChromeSetup.exe	26
PID 904 wrote to memory of 1292	904	ChromeSetup.exe	26
PID 904 wrote to memory of 1292	904	ChromeSetup.exe	26
PID 904 wrote to memory of 1292	904	ChromeSetup.exe	26
PID 904 wrote to memory of 1292	904	ChromeSetup.exe	26
PID 904 wrote to memory of 1292	904	ChromeSetup.exe	26
PID 904 wrote to memory of 1292	904	ChromeSetup.exe	26

C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe
"C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:904
- C:\Program Files (x86)\GUM7521.tmp\GoogleUpdate.exe
  "C:\Program Files (x86)\GUM7521.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={D8589D13-0585-2631-111B-02E183065013}&lang=zh-CN&browser=4&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&installdataindex=defaultbrowser"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1292

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\GUM7521.tmp\GoogleUpdate.exe

Filesize
105KB

MD5
e1b44a75947137f4143308d566889837

SHA1
2bbb25793fb06e79462911a3f51c4e71ea86034e

SHA256
ec7e883e7af38bf3ac0ac513cfde0186038443e9acc7ad616ee6bd0ec09aacb9

SHA512
1708d045f7f447e4bc80df4758e2a4bfa5c2144d47995c769b739631e7a4b4506e4265c9b8784e6903fd065957c05c05bed293d01ac53cea19090f98eea902a5

Download Submit
C:\Program Files (x86)\GUM7521.tmp\goopdate.dll

Filesize
1.6MB

MD5
5c2593649cf4fe6b9ed6f9a734dbf344

SHA1
a53363568dcb192a1148987e1cad160b9cf8f221

SHA256
dbe8a6b2dac8f166e08534ebe02d23ff7648e836cfcb507a41f51368cba01bbe

SHA512
b3fbca01a459223f184ca039e4aa16e921217025f5967fdff6d0d0aa54042f882d986e003c8556b04877ed14f346abd2b62bb5bd2d6de89664ff5cb62439f2bf

Download Submit
C:\Program Files (x86)\GUM7521.tmp\goopdateres_zh-CN.dll

Filesize
31KB

MD5
49118a53f59666aa2f27af738830d767

SHA1
03f1554bd446fc697300dd9768c629d5b3deb272

SHA256
24f51cc2b5d20296f31c04c22a9ed4b2d9eece579996209703a60083eea7fa1b

SHA512
e982f38d9855fa6b8c9a4117ff3ded84b08990b997f50e2499e46061dd3df0079909cbfabb496c09b41ec6c47f89914e8967508cd4c557bf4a3a9642ddcc54a1

Download Submit
\Program Files (x86)\GUM7521.tmp\GoogleUpdate.exe

Filesize
105KB

MD5
e1b44a75947137f4143308d566889837

SHA1
2bbb25793fb06e79462911a3f51c4e71ea86034e

SHA256
ec7e883e7af38bf3ac0ac513cfde0186038443e9acc7ad616ee6bd0ec09aacb9

SHA512
1708d045f7f447e4bc80df4758e2a4bfa5c2144d47995c769b739631e7a4b4506e4265c9b8784e6903fd065957c05c05bed293d01ac53cea19090f98eea902a5

Download Submit
\Program Files (x86)\GUM7521.tmp\goopdate.dll

Filesize
1.6MB

MD5
5c2593649cf4fe6b9ed6f9a734dbf344

SHA1
a53363568dcb192a1148987e1cad160b9cf8f221

SHA256
dbe8a6b2dac8f166e08534ebe02d23ff7648e836cfcb507a41f51368cba01bbe

SHA512
b3fbca01a459223f184ca039e4aa16e921217025f5967fdff6d0d0aa54042f882d986e003c8556b04877ed14f346abd2b62bb5bd2d6de89664ff5cb62439f2bf

Download Submit
\Program Files (x86)\GUM7521.tmp\goopdateres_zh-CN.dll

Filesize
31KB

MD5
49118a53f59666aa2f27af738830d767

SHA1
03f1554bd446fc697300dd9768c629d5b3deb272

SHA256
24f51cc2b5d20296f31c04c22a9ed4b2d9eece579996209703a60083eea7fa1b

SHA512
e982f38d9855fa6b8c9a4117ff3ded84b08990b997f50e2499e46061dd3df0079909cbfabb496c09b41ec6c47f89914e8967508cd4c557bf4a3a9642ddcc54a1

Download Submit
\Program Files (x86)\GUM7521.tmp\goopdateres_zh-CN.dll

Filesize
31KB

MD5
49118a53f59666aa2f27af738830d767

SHA1
03f1554bd446fc697300dd9768c629d5b3deb272

SHA256
24f51cc2b5d20296f31c04c22a9ed4b2d9eece579996209703a60083eea7fa1b

SHA512
e982f38d9855fa6b8c9a4117ff3ded84b08990b997f50e2499e46061dd3df0079909cbfabb496c09b41ec6c47f89914e8967508cd4c557bf4a3a9642ddcc54a1

Download Submit
memory/1292-133-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/1292-134-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download