3b8f2c9e88aa5e14f4a564bc344957e4d5b83a39fdbdbfbed655edf92b3670dc

Analysis

max time kernel
125s
max time network
292s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
15-08-2023 14:51

Target

ChromeSetup.exe
Size

3.6MB
MD5

96e1bbf52df636da6be5be64d4480f32
SHA1

1f443c2c92c30d2a36a47e64751b80676150a67c
SHA256

73cf1ebc6cdfa8502c023986c21c1fac0b7a787159c25264f1317e0d9ef4c0d1
SHA512

33ce13ef3496290e94234883531a8a3b1f160c98facacb9977007af87d80002b0196eb174548c5ddc8605748d0ef8d03c9cfa561dd51c431a28e61928ac8b9a4
SSDEEP

49152:wBuZrEU1xksJwZbkRoDE+vzB/ldSRAbIDSrNHVyO8i/QpPGvYeYCDKt:OkL9wZgt+7B/lsRAMSxHV/8i/8ugyDKt

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1960	ChromeSetup.tmp

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	22	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1960	ChromeSetup.tmp
1960	ChromeSetup.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1960	ChromeSetup.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3500 wrote to memory of 1960	3500	ChromeSetup.exe	83
PID 3500 wrote to memory of 1960	3500	ChromeSetup.exe	83
PID 3500 wrote to memory of 1960	3500	ChromeSetup.exe	83

C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe
"C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3500
- C:\Users\Admin\AppData\Local\Temp\is-97ONV.tmp\ChromeSetup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-97ONV.tmp\ChromeSetup.tmp" /SL5="$30210,2943475,901120,C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:1960

C:\Users\Admin\AppData\Local\Temp\is-97ONV.tmp\ChromeSetup.tmp

Filesize
3.1MB

MD5
e04e49a7b34886d68e0b43bbadc67bbf

SHA1
d6e0ead4f2ebafcc6be1ba027eec0a3b874ef78b

SHA256
6454e86035dff87969a2ce7fcb6f29ba4f5b2af63ae7ba28cbcdc47f33deb276

SHA512
32542b04ad38d4836b49f20e7ed2b1be0f9ca8ca6c53262f0d463f35db412275033ad42981379f600facdc5ab8d8ee8d6272dd11a872220003c374df9068e115

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-97ONV.tmp\ChromeSetup.tmp

Filesize
3.1MB

MD5
e04e49a7b34886d68e0b43bbadc67bbf

SHA1
d6e0ead4f2ebafcc6be1ba027eec0a3b874ef78b

SHA256
6454e86035dff87969a2ce7fcb6f29ba4f5b2af63ae7ba28cbcdc47f33deb276

SHA512
32542b04ad38d4836b49f20e7ed2b1be0f9ca8ca6c53262f0d463f35db412275033ad42981379f600facdc5ab8d8ee8d6272dd11a872220003c374df9068e115

Download Submit
memory/1960-141-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/1960-184-0x0000000000400000-0x0000000000724000-memory.dmp

Filesize
3.1MB

Download
memory/1960-185-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/1960-187-0x0000000000400000-0x0000000000724000-memory.dmp

Filesize
3.1MB

Download
memory/3500-136-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/3500-143-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/3500-188-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download