Overview

overview

6

Static

static

1

ChromeSetup.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    22s
  • max time network
    17s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 14:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ChromeSetup.exe

  • Size

    8.3MB

  • MD5

    672649a124a69062e87c4aacf0deaa04

  • SHA1

    292eea1a049e68f53ddab10525394042eaf9777a

  • SHA256

    2d433bd6de1ad8c702c2034c07b38d87df5aac3f997894c94b26f389e76dd8b7

  • SHA512

    c0902e32a8fb765734eda556531c5ec24bb33855eec17392fc71240794a423141bd5cb01f8d921040ddfb464e413f176ff1a4fd7a262715893d9c7cbde428425

  • SSDEEP

    196608:8gt5LKUjY+A1QtCopK7ogW5o35+VqmXaEvNTWc3KFKxJS7:8A5WUs+A1OCopRX5y54qmXaEvNTx3KF7

Score
6/10
discoveryevasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Executes dropped EXE 9 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3008
    • C:\Program Files (x86)\Google3008_1909972653\bin\updater.exe
      "C:\Program Files (x86)\Google3008_1909972653\bin\updater.exe" --install=appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={7D955970-B94C-28CA-4D5E-CC05711682B3}&lang=en&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&installdataindex=empty --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/updater/*=2
      2⤵
      • Checks whether UAC is enabled
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2028
      • C:\Program Files (x86)\Google3008_1909972653\bin\updater.exe
        "C:\Program Files (x86)\Google3008_1909972653\bin\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0xd8758c,0xd87598,0xd875a4
        3⤵
        • Drops file in Program Files directory
        • Executes dropped EXE
        PID:4940
  • C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
    "C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --system --windows-service --service=update-internal
    1⤵
    • Checks whether UAC is enabled
    • Drops file in Program Files directory
    • Executes dropped EXE
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4100
    • C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
      "C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x11a758c,0x11a7598,0x11a75a4
      2⤵
      • Executes dropped EXE
      PID:3088
  • C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
    "C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --system --windows-service --service=update
    1⤵
    • Checks whether UAC is enabled
    • Drops file in Program Files directory
    • Executes dropped EXE
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1272
    • C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
      "C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x11a758c,0x11a7598,0x11a75a4
      2⤵
      • Executes dropped EXE
      PID:4604
    • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1272_1148519520\126.0.6478.57_chrome_installer.exe
      "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1272_1148519520\126.0.6478.57_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1272_1148519520\ec6af39f-1816-46b3-b898-1f18f54270a1.tmp"
      2⤵
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2472
      • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1272_1148519520\CR_81A9D.tmp\setup.exe
        "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1272_1148519520\CR_81A9D.tmp\setup.exe" --install-archive="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1272_1148519520\CR_81A9D.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1272_1148519520\ec6af39f-1816-46b3-b898-1f18f54270a1.tmp"
        3⤵
        • Drops file in Program Files directory
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:4832
        • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1272_1148519520\CR_81A9D.tmp\setup.exe
          "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1272_1148519520\CR_81A9D.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=126.0.6478.57 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff7e87b46a8,0x7ff7e87b46b4,0x7ff7e87b46c0
          4⤵
          • Executes dropped EXE
          PID:3536

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Google3008_1909972653\bin\updater.exe
    Filesize

    4.6MB

    MD5

    675c9a53a09d5385bbdb3a43a88f2493

    SHA1

    71d1c311eadd4d5949c0b48def8ad0f2186bc243

    SHA256

    ebb428a4c1e29192617e7699513ec78512735110bba68bbee54dee34807094ae

    SHA512

    e3b1d8351b6d208678673e4c69aea745de5b2576a43d2cf9e06c1ea0780dcbc2ca56d5d5fc712b80309ba7950b90130ca2780185b71c990ea6c6062bd29f5136

    Download Submit
  • C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad\settings.dat
    Filesize

    40B

    MD5

    a9758deae5b85215228493c450051979

    SHA1

    ad02dbc170452ac3ec53e79756781bc4cf2595a4

    SHA256

    9569a052696a9b46699fbde52b7856ba8b7cac62afabd6cf2c997a4cad3ba8db

    SHA512

    9720a2c729c89d7969e4330a8bf1161d370956e6be01ab54a4073ddfa6115229ad037125e08d533a480230f46b8d9a58d7666e35a2478aab9d5fda32597870c1

    Download Submit
  • C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
    Filesize

    354B

    MD5

    7136b45ffcac6b52d6873f2864471ea9

    SHA1

    7afb956fccbfa48ec7fcac07cde0f6059a51a534

    SHA256

    78f60448736dd9d298a2bc503571a91a8f0c342e95ff8cc589d546e84e7384c2

    SHA512

    66755a95e16371a527df8b702ba8d686a08678aa0d3257ec4775c5fef8c81d422d7a6ce8aa1fa1c150ebe02f14a0df23776dabc42b6da5ed83b79be956fc2ac7

    Download Submit
  • C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
    Filesize

    520B

    MD5

    7392c7ef1db8fb5faab620d1a8d78ce6

    SHA1

    dd98934897fcabde2b2205b355d25b83980da81b

    SHA256

    eea1c984955e41b162c08d6283bd43007b43e6fb9ad8e87803c6f5e3302b216d

    SHA512

    c7d19bef95ac7f9f7bbbeab1424a32b5ebc708351bc01aa2edb41ec33f612b10db66ff60f1d090dcb5e83938f13d1631d888658658d3bdc2140bf85f69a83639

    Download Submit
  • C:\Program Files (x86)\Google\GoogleUpdater\prefs.json
    Filesize

    49B

    MD5

    bdce395b453a0a3ffcf742feb2a210ae

    SHA1

    8bfc909ac17238d49d93a3668256b92766391452

    SHA256

    82f7226a5b6be7356507c368ca2468c5d9b7d4a4036fa18d85c6a99e2f0eae41

    SHA512

    cf4d12cecd6d749990265779d1f9ec5e505b54cf283580f611cd346aaca17816b4c58547bb61c451190c07b651d967f2d03c13b74e2210195514f8087b92288e

    Download Submit
  • C:\Program Files (x86)\Google\GoogleUpdater\updater.log
    Filesize

    7KB

    MD5

    4fe3949748eac6d6b93c88baeb102a1c

    SHA1

    6ac903aab9bea32ca1e3f6e2822383ed9538326f

    SHA256

    4f7585c9f4e2325f850a8083824f7ba65e57c8fd83190ede6a23e051056dea4d

    SHA512

    23622f368bf5343d9d106c9c5c45a2e38cac23c419550555d9acbdc90fee77ebcb5c5110b6acdf682291f0db017e8f0279f58b5c344ac038c6f04634b89eb446

    Download Submit
  • C:\Program Files (x86)\Google\GoogleUpdater\updater.log
    Filesize

    10KB

    MD5

    37bb74f1381daefae39b10ad4ad2a1ef

    SHA1

    95679411c25f1833c855e7a9f7b423e35567cf8f

    SHA256

    a922576567b621cf54bb13773db3ca7db2390b89ffa691ca8de1311d9e2547e5

    SHA512

    055ccddec5356a29323a9d4fcfa4bb52dcad9973b888306444d7c860651566d5b6f60f29b8e8cd2f4717db7e443f2803c2ee46e82717a584d98e8322977695e3

    Download Submit
  • C:\Program Files (x86)\Google\GoogleUpdater\updater.log
    Filesize

    13KB

    MD5

    8a0da18cb624641375c39a654eead249

    SHA1

    962b077b7e9ee3f8421b2c68798fe92a04e26789

    SHA256

    f06a48832cb880df2af74900d3a382510d29c5bb84259d888eedd1b26708230e

    SHA512

    576fa0b985526f260e121820d45cb861d6446f21122c3b4f69e76586d4663acbbfc5d639a22043320339d6802d5f6eb6b2aea027490c96f8d2e9c5d2d4661f87

    Download Submit
  • C:\Program Files (x86)\Google\GoogleUpdater\updater.log
    Filesize

    1KB

    MD5

    190166d1d9a591ec8b865b30aa773469

    SHA1

    c21255274dd12c70c9c8bdd5eb288fd775797727

    SHA256

    0949e972b09cd5d8efe71c3d561e4ceef1adfd86d4a6103dc2b99f0ac2303a47

    SHA512

    46f18aaf9a95f9429a4b63285ce1d9fdcbc8ea222631895943b964915a8031b2dfea3654046aa26a084385c04b214a1e2b1e5626ad3d3f4a9391eecd9a7e6941

    Download Submit
  • C:\Program Files (x86)\Google\GoogleUpdater\updater.log
    Filesize

    3KB

    MD5

    689175ae38b16c8b9eeee222e0aa30d8

    SHA1

    a5be2cb7673701f4b573dcf96413beb1d4b2b1b0

    SHA256

    315dd85315c0b56fa5cede35ec96c5fc2ae0f74f1b1a7e8e61118b5e7bf501cb

    SHA512

    088f6bea4ed8004627ebbc16ecea499a59d5081f04d69c62ea0532cc89ae35280cdee730738ce9f6b90f1a98dc9e3efbb15e579df569183de295dda1d3504739

    Download Submit
  • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1272_1148519520\CR_81A9D.tmp\setup.exe
    Filesize

    4.0MB

    MD5

    09ba2c4154f599d13685aab590b74194

    SHA1

    64625a9a2cb44a7281486b98c44952b785146280

    SHA256

    c8471a651c778d6221ab09362a399b30e0e40a959fad0bb1a84eb10ad6e16189

    SHA512

    9ee665db8e757f32caa711ae03f34152743a7890c83917fe37d51ec1285921fbc8f0ce9dbcff515ec112291e368d661ffc27e039f7e2e58808822d4ab4830996

    Download Submit
  • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1272_1148519520\ec6af39f-1816-46b3-b898-1f18f54270a1.tmp
    Filesize

    636KB

    MD5

    314a3819f90af93bc51ee4794fe31764

    SHA1

    7ef4700158312badb70eb1ae187c05832067ef8f

    SHA256

    df3c1390b922a16285e7a8482c526c89dea16b7c0f425cb057b6d2d8563682c8

    SHA512

    51df2ac2ff486386bbcfaa3094f1310fd3a5266a11d8919bf84432c59f00e0036aeb486e155885eff436d623812563b6cee724ea462c9dfb5afd06279bce414d

    Download Submit