08fa522fdb6a7be3545562612b87f199a788d2b2ca8224649632ab12853ce7ba

Analysis

max time kernel
2s
max time network
185s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/04/2024, 20:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Paranoid checker/chrome-win/chrome.exe
Size

2.1MB
MD5

433153e95f9551304c6fd4e0a1965845
SHA1

c5ddc24f5b1bca0f730e2e0225cde8d7cde03f2e
SHA256

c9b634ee1b6702ad0630eb228a5f5655ce306916f52079b1c2207f19ff9a27e1
SHA512

168e5a09b0f092d0a929a11106205538b186d8253b74e9cd2b164375bde5ff795ffbb88b12c8bd27f51655e3a68e8d7c4cc6b38b5777740f0347b3bc528b643d
SSDEEP

49152:jnH85Q6W/LjOyT+h6xhCninbIRMg7rtQETpK:77TORMgG

Score

7^/10

spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\International\Geo\Nation	chrome.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious use of WriteProcessMemory 47 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2688	2672	chrome.exe	30
PID 2672 wrote to memory of 2688	2672	chrome.exe	30
PID 2672 wrote to memory of 2688	2672	chrome.exe	30
PID 2688 wrote to memory of 2564	2688	chrome.exe	31
PID 2688 wrote to memory of 2564	2688	chrome.exe	31
PID 2688 wrote to memory of 2564	2688	chrome.exe	31
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32
PID 2672 wrote to memory of 2348	2672	chrome.exe	32

C:\Users\Admin\AppData\Local\Temp\Paranoid checker\chrome-win\chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Paranoid checker\chrome-win\chrome.exe"
1⤵
- Checks computer location settings
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Users\Admin\AppData\Local\Temp\Paranoid checker\chrome-win\chrome.exe
  "C:\Users\Admin\AppData\Local\Temp\Paranoid checker\chrome-win\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Chromium\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\Chromium\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Chromium\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Chromium --annotation=ver=98.0.4696.0-devel --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef70ae660,0x7fef70ae670,0x7fef70ae680
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Paranoid checker\chrome-win\chrome.exe
    "C:\Users\Admin\AppData\Local\Temp\Paranoid checker\chrome-win\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Chromium\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Chromium\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Chromium --annotation=ver=98.0.4696.0-devel --initial-client-data=0x100,0x104,0x108,0xd4,0x10c,0x13ffcecf0,0x13ffced00,0x13ffced10
    3⤵
    PID:2564
- C:\Users\Admin\AppData\Local\Temp\Paranoid checker\chrome-win\chrome.exe
  "C:\Users\Admin\AppData\Local\Temp\Paranoid checker\chrome-win\chrome.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAIAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1212,4411897639284923273,4683190282981335546,131072 /prefetch:2
  2⤵
  PID:2348
- C:\Users\Admin\AppData\Local\Temp\Paranoid checker\chrome-win\chrome.exe
  "C:\Users\Admin\AppData\Local\Temp\Paranoid checker\chrome-win\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --start-stack-profiler --mojo-platform-channel-handle=1368 --field-trial-handle=1212,4411897639284923273,4683190282981335546,131072 /prefetch:8
  2⤵
  PID:1800
- C:\Users\Admin\AppData\Local\Temp\Paranoid checker\chrome-win\chrome.exe
  "C:\Users\Admin\AppData\Local\Temp\Paranoid checker\chrome-win\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=1420 --field-trial-handle=1212,4411897639284923273,4683190282981335546,131072 /prefetch:8
  2⤵
  PID:1100
- C:\Users\Admin\AppData\Local\Temp\Paranoid checker\chrome-win\chrome.exe
  "C:\Users\Admin\AppData\Local\Temp\Paranoid checker\chrome-win\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Temp\Paranoid checker\chrome-win\gen" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1948 --field-trial-handle=1212,4411897639284923273,4683190282981335546,131072 /prefetch:1
  2⤵
  PID:2244
- C:\Users\Admin\AppData\Local\Temp\Paranoid checker\chrome-win\chrome.exe
  "C:\Users\Admin\AppData\Local\Temp\Paranoid checker\chrome-win\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Temp\Paranoid checker\chrome-win\gen" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1956 --field-trial-handle=1212,4411897639284923273,4683190282981335546,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Users\Admin\AppData\Local\Temp\Paranoid checker\chrome-win\chrome.exe
  "C:\Users\Admin\AppData\Local\Temp\Paranoid checker\chrome-win\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --start-stack-profiler --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Temp\Paranoid checker\chrome-win\gen" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1988 --field-trial-handle=1212,4411897639284923273,4683190282981335546,131072 /prefetch:1
  2⤵
  PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\65ea452c-2f47-49ed-b468-a7c000fb87a3.tmp

Filesize
7KB

MD5
4be961b47e7537c9edbc447a3c368d01

SHA1
a9568232c3ff9eb5fd81da8a18b66091188ace5d

SHA256
afbdf1f974634a9cb2876b680218694e5fe9f37264cfdaba85d96387be09dcba

SHA512
08a7431688cbaf5e5ed9730746c7559c5b6f77f2105277722c16968575887f9d745b7bbb850e54b629bc081cf0e222462874de2c047fc6aaccab512d8687b20b

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Cache\Cache_Data\f_000001

Filesize
441KB

MD5
a78ad14e77147e7de3647e61964c0335

SHA1
cecc3dd41f4cea0192b24300c71e1911bd4fce45

SHA256
0d6803758ff8f87081fafd62e90f0950dfb2dd7991e9607fe76a8f92d0e893fa

SHA512
dde24d5ad50d68fc91e9e325d31e66ef8f624b6bb3a07d14ffed1104d3ab5f4ef1d7969a5cde0dfbb19cb31c506f7de97af67c2f244f7e7e8e10648ea8321101

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e0cccb069967daeea0a1ec6748e0bde6

SHA1
f50217a0d4ff2af7c5def946aeb3f276fcda5646

SHA256
7b96d22b1d05ec8581cce45109f93f88e1160bd67550dd7bdf00fb039feba339

SHA512
cf9ee22266b35e2bb8269275665882d750583d5612ab9b90ad42e74db3da08656f2b4c933b8acccaa1ec2e37c8c9d1efb5e88a0d06d3dca2d200e453e8ca68da

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Network\Network Persistent State

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Network\TransportSecurity

Filesize
518B

MD5
1a79f75c4d3b09d1bf1601168b89ee10

SHA1
5a930222c4279ebc66b96d4b173838c20efea0d8

SHA256
77810b4f36d8e266aade02fdc2725be531fee9d3792c50f9b4cc68563a456a0f

SHA512
1f92ca30303767bf5e212135ee9d105e07b60b5824f65bc57c4a51856d40c31b12af65fa3ac05589879de78396fac5eb66f838054f7de43fedae0ec6b125f397

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Network\TransportSecurity

Filesize
520B

MD5
6f4f5059e7d8b2bc70f285d1ec7a2a4f

SHA1
f492bacc23ab9a0f1fb328ade407e8230c8c4946

SHA256
6a4bc517db883260d5d7d9a92e9ef203b57a56703ccaf4ca7791fabbebe7316b

SHA512
b92181cd5513e24d5de9010a42b732deec3163688301812bd6719d5da89f00486e8560a40974487b8062860aa4241eebab3671e31b75033addaa534f0a6aa3f4

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Preferences

Filesize
3KB

MD5
abccb111670ad661b8ca97777d948fd7

SHA1
1a63cecfc301bc0718a360a0ba32b7968e3a92f9

SHA256
4fef9341a3bd046b8857713377f39edb83df5639c9bd6b59fc19b23da56cba45

SHA512
2c683533bc08dadf6da3e4cedac816873169ed618084aae0ed9eb00a741b48c72135688c7db594ce524e8b70b4b72cfaa94c205076359cedd2dda274faae550b

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Preferences

Filesize
3KB

MD5
6edf437f8725f76794383055ed9944ec

SHA1
ab0ae3ccf4240fe484acbbe724265ca4f74481a7

SHA256
89caaceba0ab80d656959facaaf37488fbb8480bfd915d354c3c41ae2fa7935d

SHA512
bcb9507f3a41bbb99ceb5bbd1550cf9bb0a4c7e0ae23cba9e666204f6d500478b2bc8c7801cfe46072d7524616ea5e3a8e5affb5a40d44c108abf90557ab27ea

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Preferences

Filesize
4KB

MD5
1fac7d10ad392f184e40394e2713c480

SHA1
c877e0bcf1f802ad91185c7a0e428d98c6080702

SHA256
59b8931a3cd6a50dae3fea632578480d49d6f6557721fcda178c7aaa5258d04c

SHA512
b432960b2f79120bf4f93411fbce7374f15ca736e0bb98a650c766f2440e4ad04ebd3b64ceb6269c2df68a0761b781112d61c8e3c382a8a1d423525fa3375806

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Preferences

Filesize
4KB

MD5
1ea1807adfca603ff46b3f5d470455c4

SHA1
093f0d8dedb286325c54de54e1aeb51dcc6acecb

SHA256
539c566b16de0144b66bdceaa257f6d68e7404c08349d8d74352476991264de1

SHA512
a743e3c44ac37a564e98e186bad53b941b9f751c5cae05ed88c0e9c44b76ed65390f3862d37e584e3fc5409aa8ca124ac5195922ea5d93b2021465306bf00463

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\c71ddc55-20c6-45e0-b075-274ecbeb4b04.tmp

Filesize
166KB

MD5
7905df5429a7810b9f7a1f078d596a16

SHA1
5ecac5f04d02e32dc0f0603f9fe4043884137045

SHA256
289277bff0b8c06e0794c72a0faf064a7720ed48c35e1eb0e6bf6b5c448e4619

SHA512
a0864d60f01569db64ae3b6407dac67d3c2e0380458a9640ffd975a3514d44c766269666b6b1f2cb9cdc496ccfec2e40606c616227a48c95ca9b05d81e778548

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Local State

Filesize
2KB

MD5
44fc8d1b5c2c8422605685424eb1b378

SHA1
614779aede57f77ed8157eecb25c67892195b127

SHA256
c112948354a57b0b3c37744f117dbb65c8111e9dc54344b8c93faebb32407329

SHA512
e1bbd5fc2952987bf4964a92f097715bd75529d8c50eb426601dd54351104c2e81d3bae14a2596f56f7d6964a1f721cd99f79513028ae37082a09603a123d8e1

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Local State

Filesize
2KB

MD5
82c21e82870fcdc24f77b24a128d3413

SHA1
21dacaf40a3e74dc2a2cfa3424f09e2110aeaae7

SHA256
196d630919be127d8ce973a2be5be42896674e01e5d506636bd661bac60ff458

SHA512
5c09e10adf24b7076c8341ad9f7a271e640216f15d0d2b9304bd5d337f533effa56c7e31730be2682ac8cafe07186feb5b97f85b77fbaaf20e0e5a49917b611e

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Local State

Filesize
2KB

MD5
2889c1c393d516232cabf69b3b8d9877

SHA1
8e982fb1f1909a9a9f312a2821d6375802ee57e8

SHA256
0ec687ed4a0d2ca7919c0c0ec805532ef25c778b82ba5e9add544540c33a75cc

SHA512
184bfacfc5107a5c0d0ec34ecc4234e9307e98a7453ca6b3b0cd97a4f37eb9af6318b974561f373ec1c85a3ce7669250e327d1fb0c862e6258473e4b0229c062

Download Submit
C:\Users\Admin\AppData\Local\Temp\Paranoid checker\chrome-win\debug.log

Filesize
7KB

MD5
820a337a885b1a529e77d854f4ee9f48

SHA1
e2c2b5bb882423e78e666a4ef8a189668c3a79ff

SHA256
462d0155bab6a9833e8eb89e640d85f78eb367e19e84c4c90483dff38f164e0d

SHA512
79934d4c7e34b9dd622b9bcd58efdd3ec64a84ab752abe2a439bc611c276a8f273921a8d520015865a47545848dc5307c83e465df4e491594059cbe434d00e59

Download Submit
memory/2348-1-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/2348-37-0x00000000779E0000-0x00000000779E1000-memory.dmp

Filesize
4KB

Download
memory/2672-45-0x0000000004C50000-0x0000000004C51000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads