Overview

overview

6

Static

static

1

ChromeSetup.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    103s
  • max time network
    108s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-06-2024 17:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ChromeSetup.exe

  • Size

    8.3MB

  • MD5

    312911d08509513c51b6a0a4c8cb2f31

  • SHA1

    60ae39c099af8e5e1a9d393331b2c77bd9da0849

  • SHA256

    bebccc4395aa8e8a77f2b373101851aaf195d9c944208fd12d4de555e91ae326

  • SHA512

    4fe0f4a5cd37ed625acf54ca7fb9e5e4f8ced775cf5e0fe71dc9feeb3d1e559052a677aa42340d3bf110fc16895decf72461b271de5a52bb503244797c295ce3

  • SSDEEP

    196608:8gt5LKUjY+A1QtCopK7ogW5o35+VqmXaEvNTWc3KFKxJSv:8A5WUs+A1OCopRX5y54qmXaEvNTx3KFv

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Drops file in Program Files directory 64 IoCs
  • Executes dropped EXE 9 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Program Files (x86)\Google1704_1155047318\bin\updater.exe
      "C:\Program Files (x86)\Google1704_1155047318\bin\updater.exe" --install=appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={1FB14C0B-CCD9-DA61-8172-497BB456A97D}&lang=en-GB&browser=5&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&brand=VDKB&installdataindex=empty --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/updater/*=2
      2⤵
      • Checks whether UAC is enabled
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1216
      • C:\Program Files (x86)\Google1704_1155047318\bin\updater.exe
        "C:\Program Files (x86)\Google1704_1155047318\bin\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x52758c,0x527598,0x5275a4
        3⤵
        • Drops file in Program Files directory
        • Executes dropped EXE
        PID:3128
  • C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
    "C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --system --windows-service --service=update-internal
    1⤵
    • Checks whether UAC is enabled
    • Drops file in Program Files directory
    • Executes dropped EXE
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4512
    • C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
      "C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x280,0x284,0x288,0x25c,0x28c,0xc8758c,0xc87598,0xc875a4
      2⤵
      • Drops file in Program Files directory
      • Executes dropped EXE
      PID:816
  • C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
    "C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --system --windows-service --service=update
    1⤵
    • Checks whether UAC is enabled
    • Drops file in Program Files directory
    • Executes dropped EXE
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2680
    • C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
      "C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0xc8758c,0xc87598,0xc875a4
      2⤵
      • Drops file in Program Files directory
      • Executes dropped EXE
      PID:4612
    • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2680_615630671\125.0.6422.142_chrome_installer.exe
      "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2680_615630671\125.0.6422.142_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2680_615630671\d44843cd-d9e3-4494-a7b6-430538f53577.tmp"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2516
      • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2680_615630671\CR_83335.tmp\setup.exe
        "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2680_615630671\CR_83335.tmp\setup.exe" --install-archive="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2680_615630671\CR_83335.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2680_615630671\d44843cd-d9e3-4494-a7b6-430538f53577.tmp"
        3⤵
        • Drops file in Program Files directory
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:2112
        • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2680_615630671\CR_83335.tmp\setup.exe
          "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2680_615630671\CR_83335.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.142 --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x7ff6e5a32698,0x7ff6e5a326a4,0x7ff6e5a326b0
          4⤵
          • Executes dropped EXE
          PID:4212
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1400 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4304

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Google1704_1155047318\bin\updater.exe
      Filesize

      4.6MB

      MD5

      675c9a53a09d5385bbdb3a43a88f2493

      SHA1

      71d1c311eadd4d5949c0b48def8ad0f2186bc243

      SHA256

      ebb428a4c1e29192617e7699513ec78512735110bba68bbee54dee34807094ae

      SHA512

      e3b1d8351b6d208678673e4c69aea745de5b2576a43d2cf9e06c1ea0780dcbc2ca56d5d5fc712b80309ba7950b90130ca2780185b71c990ea6c6062bd29f5136

      Download Submit

    • C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad\settings.dat
      Filesize

      40B

      MD5

      c6dd225d2fe32685ed0774af3e379bef

      SHA1

      e07171c9a9e6c6560a107b4d762515d251e735a2

      SHA256

      2e6987628e65d4ca96b68feb23e496401af9c95085b3963fb74c274ba46470f9

      SHA512

      1da5d99a5e4aa10d0699e4de7f77562d05948e627b032356f16a29b6442669d7fa7bb0ad3b7414a6872b91f3e5590794c26f2bd5f55faa077c5fa0a8dda18ec0

      Download Submit

    • C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
      Filesize

      520B

      MD5

      6efa09a68400da1c664b4910ec359f24

      SHA1

      e7f105dc8da560325354d451752cc9b41f1f3f80

      SHA256

      9bbb618bdf14006678c5bd4dec336793d22d7eaf1b3701308522a9c1e12a0c64

      SHA512

      e78539c5e4841c6d7c7fd50e0f50e6a2bff15c1468bd5ddbd99d3e5976be5be484ee187d5f5472878a2c611b2e9f58902feb99171063a30713a48f7d514f92da

      Download Submit

    • C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
      Filesize

      49B

      MD5

      bdce395b453a0a3ffcf742feb2a210ae

      SHA1

      8bfc909ac17238d49d93a3668256b92766391452

      SHA256

      82f7226a5b6be7356507c368ca2468c5d9b7d4a4036fa18d85c6a99e2f0eae41

      SHA512

      cf4d12cecd6d749990265779d1f9ec5e505b54cf283580f611cd346aaca17816b4c58547bb61c451190c07b651d967f2d03c13b74e2210195514f8087b92288e

      Download Submit

    • C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
      Filesize

      354B

      MD5

      a77be5eb49240bf473ebd8a582783d52

      SHA1

      926d0e169ca0201ed81a2483fd9e8c933c26033f

      SHA256

      bf89a88452ba464b5b98485553aab3eb3597eef80cda56eb3b55cf38b06ce4dc

      SHA512

      8cf37d81d599efef4a1f7a6c8897df8bcfcf945bc36ff03484d978d450e9d7a0687b6409486ac05c6ec7826a1b2b5f0063b1b24ac56af8987175d99be4454b2d

      Download Submit

    • C:\Program Files (x86)\Google\GoogleUpdater\updater.log
      Filesize

      4KB

      MD5

      8fd36c4fc89225f962d51d544bc640d9

      SHA1

      33963dd1cf1494b3d70d04c08d1299f8426fd1bd

      SHA256

      f0d4cdf9905e4579cc03eef712d3fd18b8f3bcd8962425039f8ad9f526800258

      SHA512

      52791c6a732e5f67114a80b60c74a3668d4a0caf10275e83dc8cc2f99511da6c5a07f6a475d18f11114ea28307f3c54c46c3e1e4b9ea8a9f17c62265d6ca9dd2

      Download Submit

    • C:\Program Files (x86)\Google\GoogleUpdater\updater.log
      Filesize

      6KB

      MD5

      182bc9b2d1858ee00f1feed0960d7d5c

      SHA1

      4322a604f194a67c350f8a0f48180d4fc1b64d6e

      SHA256

      e16c3b22cd30c2aefc211d832b81cf61412cfc1cc4d71395264f5c7d00cff4d3

      SHA512

      65713d6d47db441670364eb0d52e6abc431bf3b6d84f3ee6e2357fea3a54172c6498d3c375785d5c4e5b6cafe476e24b8f227ce490233b50a9d08f24adb06fa0

      Download Submit

    • C:\Program Files (x86)\Google\GoogleUpdater\updater.log
      Filesize

      10KB

      MD5

      66fade3eb18696f3674b5a74ba2b6927

      SHA1

      076ced6dc5cd85b69ce4e55f901cdd1ff59f45d4

      SHA256

      8cf0cafa6f4cb60e74d628145510d268e34077ed7ce43cc050f59d99cb8b7505

      SHA512

      f1ff783b9b968face11bf9e27aa71cfcc66109ecdbed2e12bbabc44ffd776a7d24fe695c474017d6d614ef6410a8d9bf2cbaa2bc5c4694c22e34bf1aa356838d

      Download Submit

    • C:\Program Files (x86)\Google\GoogleUpdater\updater.log
      Filesize

      12KB

      MD5

      d1056ea2dc7bfc60990f66c1e922bc22

      SHA1

      b496559f3b131b61a9d2a8c94329c3b4a44a1ae2

      SHA256

      5ac2e901f234f6975eb1fce72fcc6c0509d6d31fa4c7ed10f845680978b6c824

      SHA512

      3faca592e0d6aa6a7573bc7f69f60db8f44dc406c8624cf169e34c1e81f872c60ab9f7f30f2cec053160a44abda52fceadade128bb51fdf7f474e23ab207e0a4

      Download Submit

    • C:\Program Files (x86)\Google\GoogleUpdater\updater.log
      Filesize

      940B

      MD5

      8cc76522a858321bddd411c48b0d7de0

      SHA1

      d36bece522eae6f254f2ecc3487f96a6cb41fba4

      SHA256

      80d4960122cb97960fb3db35de4f017df3b57f8f5471746cc22a4db568606746

      SHA512

      794b59688fbf882fcaf88cc1a97649f25705351151ac80fbe6404873fdac7d847b3c5cf0de9ad79dc0fdd0c03512760f1fde92d780cca1b60f1aeeb7880c144c

      Download Submit

    • C:\Program Files (x86)\Google\GoogleUpdater\updater.log
      Filesize

      2KB

      MD5

      fe2c74104ff49074cf8f0dcafc3a93a1

      SHA1

      84eb079bbeb51f21e5d1b0fd500a612208008a35

      SHA256

      3f7829a5ade498671b5449967ff3a09f3955434b53b4ccc9da565911ea077857

      SHA512

      24ff2bc327ea8c798565e0a0f8d53b24d3e1e872c77756fd0662ed8c92617b40f6d34e8405ef9f5981007ace00b885708ac7300c58415bd9b14a33d90a0a8b2e

      Download Submit

    • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2680_615630671\CR_83335.tmp\setup.exe
      Filesize

      4.0MB

      MD5

      782b0870300882f2977bed8dd60130dc

      SHA1

      7d081e093c8b1ab6a35e0afdf7fa265dccd7bd3c

      SHA256

      997e3f4f45950f00532b7cb8b3d9f4a5305a4dfee3bbc426de7b5ebf82774be8

      SHA512

      149d4fab0e8d110e477f38995d792f401ea4c66894d33488d6249a7b83137b9f08341ed77a3e1f755be034448c0caa8018e6d19572085d0a648c0e538664440d

      Download Submit

    • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2680_615630671\d44843cd-d9e3-4494-a7b6-430538f53577.tmp
      Filesize

      632KB

      MD5

      e46307058c04464c70608ce487d0b0a9

      SHA1

      c66be1360a89fdb898ae828f453e0c6f4a797e2b

      SHA256

      868bbf9c55f2386021f2ec37d7af787bcc40c1ac78c9d2f43be28bbbef85f975

      SHA512

      35f9d5c88b47c518f8a1700382440caf9e99ebe9144b650cdacfbf4e51a9df147b4b933e2eb77ce253e8f4870fca995fc1e43d709f9cbae35aa4909906067ff5

      Download Submit