Windows Analysis Report
chromedriver.exe

Overview

General Information

Sample name:	chromedriver.exe
Analysis ID:	1523249
MD5:	d99868a7ff7b7962e2ee2c9bfb1ba83b
SHA1:	57ea6d6362b70fd74c06e422c2f2f369773bcaff
SHA256:	b8501e5fe73cb422c80c3b97b9d2c0398d5d15b415eaba973fd09d198d3d56ef
Infos:

Detection

Score:	22
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

AI detected suspicious sample

PE file contains sections with non-standard names

Program does not show much activity (idle)

Sample execution stops while process was sleeping (likely an evasion)

Uses 32bit PE files

Classification

Signatures

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 96.4% probability

Uses 32bit PE files

Source: chromedriver.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: chromedriver.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\chromedriver.exe.pdb source: chromedriver.exe
Source:	Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\chromedriver.exe.pdb@+P+`+p+ source: chromedriver.exe

Source: chromedriver.exe

String found in binary or memory: .doubleclick.net.googlevideo.comeusercontent.com.googleuserconteesyndication.com.googlesyndicatile-analytics.com.google-analyticleadservices.com.googleadservice%s:%d%s:%i.google.com.youtube.com.gmail.com.doubleclick.net.gstatic.com.googlevideo.com.googleusercontent.com.googlesyndication.com.google-analytics.com.googleadservices.com.googleapis.com.ytimg.comgoogle.comwww.google.com.localhostTHROTTLEDIDLELOWESTHIGHESTUNKNOWN_PRIORITY equals www.youtube.com (Youtube)

Source: chromedriver.exe	String found in binary or memory: http://.css
Source: chromedriver.exe	String found in binary or memory: http://.jpg
Source: chromedriver.exe	String found in binary or memory: http://certificates.godaddy.com/repository/gd_intermediate.crt0
Source: chromedriver.exe	String found in binary or memory: http://certificates.godaddy.com/repository100.
Source: chromedriver.exe	String found in binary or memory: http://clients3.google.com/cert_upload_json
Source: chromedriver.exe	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: chromedriver.exe	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: chromedriver.exe	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: chromedriver.exe	String found in binary or memory: http://crl.godaddy.com/gds1-20
Source: chromedriver.exe	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: chromedriver.exe	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: chromedriver.exe	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: chromedriver.exe	String found in binary or memory: http://html4/loose.dtd
Source: chromedriver.exe	String found in binary or memory: http://httpswsswsdevtools/browser/json/versionjson/liststring_view::substr..
Source: chromedriver.exe	String found in binary or memory: http://ocsp.accv.es0
Source: chromedriver.exe	String found in binary or memory: http://ocsp.godaddy.com/0J
Source: chromedriver.exe	String found in binary or memory: http://report-example.test/test
Source: chromedriver.exe	String found in binary or memory: http://repository.swisssign.com/0
Source: chromedriver.exe	String found in binary or memory: http://tools.ietf.org/html/rfc3986#section-2.1)
Source: chromedriver.exe	String found in binary or memory: http://wpad/wpad.dat
Source: chromedriver.exe	String found in binary or memory: http://wpad/wpad.dat..
Source: chromedriver.exe	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: chromedriver.exe	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: chromedriver.exe	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: chromedriver.exe	String found in binary or memory: http://www.accv.es00
Source: chromedriver.exe	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromedriver.exe	String found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: chromedriver.exe	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: chromedriver.exe	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: chromedriver.exe	String found in binary or memory: http://www.w3.
Source: chromedriver.exe	String found in binary or memory: http://www.w3.o
Source: chromedriver.exe	String found in binary or memory: http://www.w3.or
Source: chromedriver.exe	String found in binary or memory: https://%s:%d/.well-known/masque/udp/%s/%d/
Source: chromedriver.exe	String found in binary or memory: https://%s:%d/.well-known/masque/udp/%s/%d/Net.QuicStreamFactory.DefaultNetworkMatchNet.QuicSession.
Source: chromedriver.exe	String found in binary or memory: https://alekberg.net/privacy
Source: chromedriver.exe	String found in binary or memory: https://alekberg.net/privacyalekberg.net
Source: chromedriver.exe	String found in binary or memory: https://bit.ly/3rpDuEX.
Source: chromedriver.exe	String found in binary or memory: https://bit.ly/3rpDuEX.X-Content-Type-OptionsInvalid
Source: chromedriver.exe	String found in binary or memory: https://chrome.cloudflare-dns.com/dns-query
Source: chromedriver.exe	String found in binary or memory: https://chrome.cloudflare-dns.com/dns-queryone.one.one.one1dot1dot1dot1.cloudflare-dns.com1.1.1.11.0
Source: chromedriver.exe, ConDrv.0.dr, ConDrv.4.dr, ConDrv.2.dr	String found in binary or memory: https://chromedriver.chromium.org/security-considerations
Source: chromedriver.exe	String found in binary or memory: https://chromium.dns.nextdns.io
Source: chromedriver.exe	String found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: chromedriver.exe	String found in binary or memory: https://cleanbrowsing.org/privacy
Source: chromedriver.exe	String found in binary or memory: https://cleanbrowsing.org/privacyCleanBrowsing
Source: chromedriver.exe	String found in binary or memory: https://crbug.com/1154140
Source: chromedriver.exe	String found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
Source: chromedriver.exe	String found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflare
Source: chromedriver.exe	String found in binary or memory: https://developers.google.com/speed/public-dns/privacy
Source: chromedriver.exe	String found in binary or memory: https://developers.google.com/speed/public-dns/privacyGoogle
Source: chromedriver.exe	String found in binary or memory: https://dns.google/dns-query
Source: chromedriver.exe	String found in binary or memory: https://dns.levonet.sk/dns-query
Source: chromedriver.exe	String found in binary or memory: https://dns.quad9.net/dns-query
Source: chromedriver.exe	String found in binary or memory: https://dns.quad9.net/dns-querydns.quad9.netdns9.quad9.net9.9.9.9149.112.112.1122620:fe::fe2620:fe::
Source: chromedriver.exe	String found in binary or memory: https://dns.sb/privacy/
Source: chromedriver.exe	String found in binary or memory: https://dns.sb/privacy/DNS.SBhttps://doh.dns.sb/dns-query
Source: chromedriver.exe	String found in binary or memory: https://dns10.quad9.net/dns-query
Source: chromedriver.exe	String found in binary or memory: https://dns10.quad9.net/dns-querydns10.quad9.net9.9.9.10149.112.112.102620:fe::102620:fe::fe:10
Source: chromedriver.exe	String found in binary or memory: https://dns11.quad9.net/dns-query
Source: chromedriver.exe	String found in binary or memory: https://dns11.quad9.net/dns-querydns11.quad9.net9.9.9.11149.112.112.112620:fe::112620:fe::fe:11
Source: chromedriver.exe	String found in binary or memory: https://dns64.dns.google/dns-query
Source: chromedriver.exe	String found in binary or memory: https://dnsnl.alekberg.net/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh-01.spectrum.com/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh-02.spectrum.com/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh.cleanbrowsing.org/doh/adult-filter
Source: chromedriver.exe	String found in binary or memory: https://doh.cleanbrowsing.org/doh/family-filter
Source: chromedriver.exe	String found in binary or memory: https://doh.cleanbrowsing.org/doh/security-filter
Source: chromedriver.exe	String found in binary or memory: https://doh.cox.net/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh.cox.net/dns-querydot.cox.net68.105.28.1168.105.28.122001:578:3f::30V
Source: chromedriver.exe	String found in binary or memory: https://doh.dns.sb/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh.familyshield.opendns.com/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh.opendns.com/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh.quickline.ch/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh.xfinity.com/dns-query
Source: chromedriver.exe	String found in binary or memory: https://github.com/GoogleChromeLabs/chromium-bidi
Source: chromedriver.exe	String found in binary or memory: https://nextdns.io/privacy
Source: chromedriver.exe	String found in binary or memory: https://nextdns.io/privacyNextDNShttps://chromium.dns.nextdns.ioNextDnshttps://www.cisco.com/c/en/us
Source: chromedriver.exe	String found in binary or memory: https://odvr.nic.cz/doh
Source: chromedriver.exe	String found in binary or memory: https://odvr.nic.cz/dohodvr.nic.cz185.43.135.1193.17.47.12001:148f:fffe::12001:148f:ffff::1
Source: chromedriver.exe	String found in binary or memory: https://public.dns.iij.jp/
Source: chromedriver.exe	String found in binary or memory: https://public.dns.iij.jp/IIJ
Source: chromedriver.exe	String found in binary or memory: https://public.dns.iij.jp/dns-query
Source: chromedriver.exe	String found in binary or memory: https://public.dns.iij.jp/dns-queryIij109.236.119.2109.236.120.22a02:6ca3:0:1::22a02:6ca3:0:2::2
Source: chromedriver.exe	String found in binary or memory: https://tools.ietf.org/html/rfc3492)
Source: chromedriver.exe	String found in binary or memory: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
Source: chromedriver.exe	String found in binary or memory: https://www.nic.cz/odvr/
Source: chromedriver.exe	String found in binary or memory: https://www.nic.cz/odvr/CZ.NIC
Source: chromedriver.exe	String found in binary or memory: https://www.quad9.net/home/privacy/
Source: chromedriver.exe	String found in binary or memory: https://www.quad9.net/home/privacy/Quad9
Source: chromedriver.exe	String found in binary or memory: https://wwww.certigna.fr/autorites/0m

Uses 32bit PE files

Source: chromedriver.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: sus22.winEXE@6/3@0/0

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4504:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5552:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2344:120:WilError_03

Source: C:\Users\user\Desktop\chromedriver.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: chromedriver.exe, 00000000.00000002.2977819084.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000000.00000000.1674710156.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000002.2977878181.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000000.1698028039.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000002.2977801746.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000000.1723402276.0000000000F48000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: chromedriver.exe, 00000000.00000002.2977819084.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000000.00000000.1674710156.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000002.2977878181.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000000.1698028039.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000002.2977801746.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000000.1723402276.0000000000F48000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: chromedriver.exe, 00000000.00000002.2977819084.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000000.00000000.1674710156.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000002.2977878181.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000000.1698028039.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000002.2977801746.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000000.1723402276.0000000000F48000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: chromedriver.exe, 00000000.00000002.2977819084.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000000.00000000.1674710156.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000002.2977878181.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000000.1698028039.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000002.2977801746.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000000.1723402276.0000000000F48000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: chromedriver.exe, 00000000.00000002.2977819084.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000000.00000000.1674710156.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000002.2977878181.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000000.1698028039.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000002.2977801746.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000000.1723402276.0000000000F48000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: chromedriver.exe, 00000000.00000002.2977819084.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000000.00000000.1674710156.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000002.2977878181.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000000.1698028039.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000002.2977801746.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000000.1723402276.0000000000F48000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);

Source: chromedriver.exe	String found in binary or memory: am force-stop
Source: chromedriver.exe	String found in binary or memory: device;localabstract:forward:tcp:. : Failed to forward ports to device Failed to forward ports to device %s. No port chosen: %s. Perhaps your adb version is out of date. %s 2.39 and newer require adb version 1.0.38 or newer. Run 'adb version' in your terminal of the host device to find your version of adb.Failed to forward ports to device %s with thespecified port: %d.killforward:tcp:Failed to kill forward port of device ..\..\chrome\test\chromedriver\chrome\adb_impl.ccSending command line file: SetCommandLineFilepm path is not installed on device pm clear Success on device Failed to clear data for am set-debug-app --persistent getprop ro.build.version.release android.permission.POST_NOTIFICATIONSpm grant am start -W -n CompleteFailed to start am force-stop ps && ps -AFailed to get PID for the following process: ' /proc/net/unixgrep -a 'Failed to get sockets matching: Sending adb command: ExecuteCommandReceived adb response: :host-serial:\|shell:host:transport:ANDROID_SERIALout_of_range was thrown in -fno-exceptions mode with message "%s"Adb command timed out after %d seconds>.. Is the adb server running? Extra response: <Failed to run adb command with networking error: The adb command failed. Extra response: <me.bindingCalledRuntime.bindingCsendBidiResponseRuntime.bindingCallednameRuntime.bindingCalled missing 'name'sendBidiResponsepayloadRuntime.bindingCalled missing 'payload'channelchannel is missing in the payloadno callback is set in BidiTrackerproductversion doesn't include 'Browser'version info not in JSONversion info not a dictionaryAndroid-Package'Android-Package' is not a stringBrowserwebSocketDebuggerUrlWebKit-Versionversion doesn't include 'WebKit-Version'content shellwebviewunrecognized %s version: %s.unrecognized browser version: unrecognized Blink version string: unrecognized Blink revision: Cast.sinksUpdatedCast.issueUpdateCast.enablesinksissueMessageoperation is unsupported on AndroidANDROID[window.screenX, window.screenY, window.outerWidth, window.outerHeight]Unable to maximize window on Android platformUnable to minimize window on Android platformFullscreen mode is not supported on Android platform..\..\chrome\test\chromedriver\chrome\chrome_desktop_impl.cc quit unexpectedly, leaving behind temporary directoriesfor debugging: user data directory: automation extension directory: page could not be found: log-net-logBrowser.closecannot kill %s..\..\chrome\test\chromedriver\chrome\chrome_finder.ccBrowser search. Trying... Browser search. Found at Unknown browser name: Unsupported platform.Browser search. Not found.chrome-headless-shell.exechrome.exechromium.exeGoogle\Chrome\ApplicationGoogle\Chrome for Testing\ApplicationChromium\ApplicationPATHlefttopwidthheightwindowStateoperation unsupportedunable to discover open window in chromeweb view not foundabout:blankurlnewWindowbackgroundTarget.createTargettargetIdno targetId from createTargetBrowser.getWindowForTargetmaximizedminimizedfullscreenxywindowIdBrowser.getWindowBoundsnormal
Source: chromedriver.exe	String found in binary or memory: session/:sessionId/%s/cast/stop_casting
Source: chromedriver.exe	String found in binary or memory: session/:sessionId/%s/cast/stop_casting
Source: chromedriver.exe	String found in binary or memory: Sec-Private-State-Tokens-Additional-Signing-Data
Source: chromedriver.exe	String found in binary or memory: 128.0.6613.119Sec-SignatureSec-Redemption-RecordSec-TimeSec-Private-State-TokenSec-Private-State-Token-Crypto-VersionSec-Private-State-Tokens-Additional-Signing-DataSec-Private-State-Token-Lifetime
Source: chromedriver.exe	String found in binary or memory: ip-address-space-overrides
Source: chromedriver.exe	String found in binary or memory: SimpleURLLoaderUseReadAndDiscardBodyOption..\..\services\network\public\cpp\simple_url_loader.ccSimpleURLLoader_BodyReader mojo callbackOnBodyHandlerProgressStartRequestOnDataReadOnDoneDeleteFileOnFileSequenceDestroyStartWritingStartWritingOnFileSequenceNet.OnTransferSizeUpdated.Experimental.OverridenByunsafely-treat-insecure-origin-as-secureip-address-space-overrides..\..\services\network\public\cpp\is_potentially_trustworthy.ccAllowlisted secure origin pattern is not valid; ignoring.http://%s:80BlockAcceptClientHintsBlockedSite
Source: chromedriver.exe	String found in binary or memory: partition_alloc/address_space
Source: chromedriver.exe	String found in binary or memory: treat-as-public-address
Source: chromedriver.exe	String found in binary or memory: 'allow-duplicates'content-security-policycontent-security-policy-report-onlyAllow-CSP-FromThe 'Allow-CSP-From' header contains neither '*' nor a valid origin.The query component, including the '?', will be ignored.The fragment identifier, including the '#', will be ignored.The source list for Content Security Policy directive '%s' contains a source with an invalid path: '%s'. %sbase-uriblock-all-mixed-contentchild-srcconnect-srcdefault-srcfenced-frame-srcframe-ancestorsframe-srcfont-srcform-actionimg-srcmanifest-srcmedia-srcobject-srcreport-urirequire-trusted-types-forscript-srcscript-src-attrscript-src-elemstyle-srcstyle-src-attrstyle-src-elemupgrade-insecure-requeststreat-as-public-addresstrusted-typesworker-srcreport-tonavigate-toThe Content-Security-Policy directive name '%s' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.Ignoring duplicate Content-Security-Policy directive '%s'.The value for the Content-Security-Policy directive '%s' contains one or more invalid characters. In a source expression, non-whitespace characters outside ASCII 0x21-0x7E must be Punycode-encoded, as described in RFC 3492 (https://tools.ietf.org/html/rfc3492), if part of the hostname and percent-encoded, as described in RFC 3986, section 2.1 (http://tools.ietf.org/html/rfc3986#section-2.1), if part of the path.The Content Security Policy directive '%s' is ignored when delivered in a report-only policy.The Content Security Policy directive '%s' is ignored when delivered via a <meta> element.Error while parsing the 'sandbox' Content Security Policy directive: The 'allow' directive has been replaced with 'default-src'. Please use that directive instead, as 'allow' has no effect.The 'options' directive has been replaced with the 'unsafe-inline' and 'unsafe-eval' source expressions for the 'script-src' and 'style-src' directives. Please use those directives instead, as 'options' has no effect.policy-uriThe 'policy-uri' directive has been removed from the specification. Please specify a complete policy via the Content-Security-Policy header.plugin-typesThe Content-Security-Policy directive 'plugin-types' has been removed from the specification. If you want to block plugins, consider specifying "object-src 'none'" instead.Unrecognized Content-Security-Policy directive '%s'.'none''self'The Content-Security-Policy directive '%s' contains '%s' as a source expression. Did you want to add it as a directive and forget a semicolon?The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '%s''unsafe-inline''inline-speculation-rules'The Content-Security-Policy directive '%s' contains '%s' as a source expression that is permitted only for 'script-src' and 'script-src-elem' directives. It will be ignored.'unsafe-eval''wasm-eval''wasm-unsafe-eval''unsafe-allow-redirects''strict-dynamic''unsafe-hashes''report-sample'The source list for the Content Security Policy directive '%s
Source: chromedriver.exe	String found in binary or memory: allowed-by-target-ip-address-space
Source: chromedriver.exe	String found in binary or memory: blocked-by-target-ip-address-space
Source: chromedriver.exe	String found in binary or memory: blocked-by-inconsistent-ip-address-space
Source: chromedriver.exe	String found in binary or memory: ..\..\services\network\p2p\socket_tcp.ccError from connecting socket, result=P2PSocketTcpBase::OnConnected: unable to get localP2PSocketTcpBase::OnConnected: unable to get peerRemote address: Remote address is unknown since connection is proxied before STUN binding is finished. Terminating connection.Ignoring empty RTP-over-TCP frame.WebRTC.ICE.TcpSocketWriteErrorCodeError when sending data in TCP socket: Error when reading from TCP socket: Remote peer has shutdown TCP socket.sec-ch-sec-fetch-Sec-Fetch-SiteSec-Fetch-ModeSec-Fetch-UserSec-Fetch-Destallowed-missing-client-security-stateallowed-no-less-publicallowed-by-policy-allowallowed-by-policy-warnallowed-by-target-ip-address-spaceblocked-by-load-optioninsecure-private-networkblocked-by-target-ip-address-spaceblocked-by-policy-preflight-warnblocked-by-policy-preflight-blockallowed-by-policy-preflight-warnblocked-by-inconsistent-ip-address-spaceallowed-potentially-trustworthy-same-origin%O
Source: chromedriver.exe	String found in binary or memory: overflow:hidden;img src="http://addEventListenerresponsible for s.js"></script>

Source: unknown	Process created: C:\Users\user\Desktop\chromedriver.exe "C:\Users\user\Desktop\chromedriver.exe" -install
Source: C:\Users\user\Desktop\chromedriver.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\Desktop\chromedriver.exe "C:\Users\user\Desktop\chromedriver.exe" /install
Source: C:\Users\user\Desktop\chromedriver.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\Desktop\chromedriver.exe "C:\Users\user\Desktop\chromedriver.exe" /load
Source: C:\Users\user\Desktop\chromedriver.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: mswsock.dll	Jump to behavior

Source: chromedriver.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: chromedriver.exe

Static file information: File size 15887360 > 1048576

Source: chromedriver.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0xb06200
Source: chromedriver.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x3b0400

Source: chromedriver.exe

Static PE information: More than 200 imports for KERNEL32.dll

Source: chromedriver.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: chromedriver.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: chromedriver.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: chromedriver.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: chromedriver.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: chromedriver.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: chromedriver.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: chromedriver.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\chromedriver.exe.pdb source: chromedriver.exe
Source:	Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\chromedriver.exe.pdb@+P+`+p+ source: chromedriver.exe

Source: chromedriver.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: chromedriver.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: chromedriver.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: chromedriver.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: chromedriver.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

PE file contains sections with non-standard names

Source: chromedriver.exe	Static PE information: section name: .rodata
Source: chromedriver.exe	Static PE information: section name: malloc_h

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: chromedriver.exe	Binary or memory string: VMnet
Source: chromedriver.exe	Binary or memory string: chrome.exeDefaultFirst RunLocal StatePreferences..\..\net\base\network_interfaces_win.ccVMnetGetAdaptersAddresses failed: ..\..\net\url_request\url_request_context_getter.cc
Source: chromedriver.exe, 00000002.00000002.2978521040.0000000005458000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: chromedriver.exe, 00000000.00000002.2978758016.0000000005A98000.00000004.00000020.00020000.00000000.sdmp, chromedriver.exe, 00000004.00000002.2978543403.0000000005958000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Name	Type	MD5	SHA1	SHA256
\Device\ConDrv	ASCII text, with CRLF line terminators	D33B04F0F17D686758625F494C8C2633	C31725E352D23BFBB57CC1F68A1651E5EECE2646	8D6AD099946ADF6A1FDFF067DE0A91E860D4FB24B589046B5A9E942CA6FC1094

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 96.4% probability

Uses 32bit PE files

Source: chromedriver.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: chromedriver.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\chromedriver.exe.pdb source: chromedriver.exe
Source:	Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\chromedriver.exe.pdb@+P+`+p+ source: chromedriver.exe

Source: chromedriver.exe

Source: chromedriver.exe	String found in binary or memory: http://.css
Source: chromedriver.exe	String found in binary or memory: http://.jpg
Source: chromedriver.exe	String found in binary or memory: http://certificates.godaddy.com/repository/gd_intermediate.crt0
Source: chromedriver.exe	String found in binary or memory: http://certificates.godaddy.com/repository100.
Source: chromedriver.exe	String found in binary or memory: http://clients3.google.com/cert_upload_json
Source: chromedriver.exe	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: chromedriver.exe	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: chromedriver.exe	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: chromedriver.exe	String found in binary or memory: http://crl.godaddy.com/gds1-20
Source: chromedriver.exe	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: chromedriver.exe	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: chromedriver.exe	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: chromedriver.exe	String found in binary or memory: http://html4/loose.dtd
Source: chromedriver.exe	String found in binary or memory: http://httpswsswsdevtools/browser/json/versionjson/liststring_view::substr..
Source: chromedriver.exe	String found in binary or memory: http://ocsp.accv.es0
Source: chromedriver.exe	String found in binary or memory: http://ocsp.godaddy.com/0J
Source: chromedriver.exe	String found in binary or memory: http://report-example.test/test
Source: chromedriver.exe	String found in binary or memory: http://repository.swisssign.com/0
Source: chromedriver.exe	String found in binary or memory: http://tools.ietf.org/html/rfc3986#section-2.1)
Source: chromedriver.exe	String found in binary or memory: http://wpad/wpad.dat
Source: chromedriver.exe	String found in binary or memory: http://wpad/wpad.dat..
Source: chromedriver.exe	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: chromedriver.exe	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: chromedriver.exe	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: chromedriver.exe	String found in binary or memory: http://www.accv.es00
Source: chromedriver.exe	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromedriver.exe	String found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: chromedriver.exe	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: chromedriver.exe	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: chromedriver.exe	String found in binary or memory: http://www.w3.
Source: chromedriver.exe	String found in binary or memory: http://www.w3.o
Source: chromedriver.exe	String found in binary or memory: http://www.w3.or
Source: chromedriver.exe	String found in binary or memory: https://%s:%d/.well-known/masque/udp/%s/%d/
Source: chromedriver.exe	String found in binary or memory: https://%s:%d/.well-known/masque/udp/%s/%d/Net.QuicStreamFactory.DefaultNetworkMatchNet.QuicSession.
Source: chromedriver.exe	String found in binary or memory: https://alekberg.net/privacy
Source: chromedriver.exe	String found in binary or memory: https://alekberg.net/privacyalekberg.net
Source: chromedriver.exe	String found in binary or memory: https://bit.ly/3rpDuEX.
Source: chromedriver.exe	String found in binary or memory: https://bit.ly/3rpDuEX.X-Content-Type-OptionsInvalid
Source: chromedriver.exe	String found in binary or memory: https://chrome.cloudflare-dns.com/dns-query
Source: chromedriver.exe	String found in binary or memory: https://chrome.cloudflare-dns.com/dns-queryone.one.one.one1dot1dot1dot1.cloudflare-dns.com1.1.1.11.0
Source: chromedriver.exe, ConDrv.0.dr, ConDrv.4.dr, ConDrv.2.dr	String found in binary or memory: https://chromedriver.chromium.org/security-considerations
Source: chromedriver.exe	String found in binary or memory: https://chromium.dns.nextdns.io
Source: chromedriver.exe	String found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: chromedriver.exe	String found in binary or memory: https://cleanbrowsing.org/privacy
Source: chromedriver.exe	String found in binary or memory: https://cleanbrowsing.org/privacyCleanBrowsing
Source: chromedriver.exe	String found in binary or memory: https://crbug.com/1154140
Source: chromedriver.exe	String found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
Source: chromedriver.exe	String found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflare
Source: chromedriver.exe	String found in binary or memory: https://developers.google.com/speed/public-dns/privacy
Source: chromedriver.exe	String found in binary or memory: https://developers.google.com/speed/public-dns/privacyGoogle
Source: chromedriver.exe	String found in binary or memory: https://dns.google/dns-query
Source: chromedriver.exe	String found in binary or memory: https://dns.levonet.sk/dns-query
Source: chromedriver.exe	String found in binary or memory: https://dns.quad9.net/dns-query
Source: chromedriver.exe	String found in binary or memory: https://dns.quad9.net/dns-querydns.quad9.netdns9.quad9.net9.9.9.9149.112.112.1122620:fe::fe2620:fe::
Source: chromedriver.exe	String found in binary or memory: https://dns.sb/privacy/
Source: chromedriver.exe	String found in binary or memory: https://dns.sb/privacy/DNS.SBhttps://doh.dns.sb/dns-query
Source: chromedriver.exe	String found in binary or memory: https://dns10.quad9.net/dns-query
Source: chromedriver.exe	String found in binary or memory: https://dns10.quad9.net/dns-querydns10.quad9.net9.9.9.10149.112.112.102620:fe::102620:fe::fe:10
Source: chromedriver.exe	String found in binary or memory: https://dns11.quad9.net/dns-query
Source: chromedriver.exe	String found in binary or memory: https://dns11.quad9.net/dns-querydns11.quad9.net9.9.9.11149.112.112.112620:fe::112620:fe::fe:11
Source: chromedriver.exe	String found in binary or memory: https://dns64.dns.google/dns-query
Source: chromedriver.exe	String found in binary or memory: https://dnsnl.alekberg.net/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh-01.spectrum.com/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh-02.spectrum.com/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh.cleanbrowsing.org/doh/adult-filter
Source: chromedriver.exe	String found in binary or memory: https://doh.cleanbrowsing.org/doh/family-filter
Source: chromedriver.exe	String found in binary or memory: https://doh.cleanbrowsing.org/doh/security-filter
Source: chromedriver.exe	String found in binary or memory: https://doh.cox.net/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh.cox.net/dns-querydot.cox.net68.105.28.1168.105.28.122001:578:3f::30V
Source: chromedriver.exe	String found in binary or memory: https://doh.dns.sb/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh.familyshield.opendns.com/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh.opendns.com/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh.quickline.ch/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh.xfinity.com/dns-query
Source: chromedriver.exe	String found in binary or memory: https://github.com/GoogleChromeLabs/chromium-bidi
Source: chromedriver.exe	String found in binary or memory: https://nextdns.io/privacy
Source: chromedriver.exe	String found in binary or memory: https://nextdns.io/privacyNextDNShttps://chromium.dns.nextdns.ioNextDnshttps://www.cisco.com/c/en/us
Source: chromedriver.exe	String found in binary or memory: https://odvr.nic.cz/doh
Source: chromedriver.exe	String found in binary or memory: https://odvr.nic.cz/dohodvr.nic.cz185.43.135.1193.17.47.12001:148f:fffe::12001:148f:ffff::1
Source: chromedriver.exe	String found in binary or memory: https://public.dns.iij.jp/
Source: chromedriver.exe	String found in binary or memory: https://public.dns.iij.jp/IIJ
Source: chromedriver.exe	String found in binary or memory: https://public.dns.iij.jp/dns-query
Source: chromedriver.exe	String found in binary or memory: https://public.dns.iij.jp/dns-queryIij109.236.119.2109.236.120.22a02:6ca3:0:1::22a02:6ca3:0:2::2
Source: chromedriver.exe	String found in binary or memory: https://tools.ietf.org/html/rfc3492)
Source: chromedriver.exe	String found in binary or memory: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
Source: chromedriver.exe	String found in binary or memory: https://www.nic.cz/odvr/
Source: chromedriver.exe	String found in binary or memory: https://www.nic.cz/odvr/CZ.NIC
Source: chromedriver.exe	String found in binary or memory: https://www.quad9.net/home/privacy/
Source: chromedriver.exe	String found in binary or memory: https://www.quad9.net/home/privacy/Quad9
Source: chromedriver.exe	String found in binary or memory: https://wwww.certigna.fr/autorites/0m

Uses 32bit PE files

Source: chromedriver.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: sus22.winEXE@6/3@0/0

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4504:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5552:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2344:120:WilError_03

Source: C:\Users\user\Desktop\chromedriver.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: chromedriver.exe, 00000000.00000002.2977819084.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000000.00000000.1674710156.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000002.2977878181.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000000.1698028039.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000002.2977801746.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000000.1723402276.0000000000F48000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: chromedriver.exe, 00000000.00000002.2977819084.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000000.00000000.1674710156.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000002.2977878181.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000000.1698028039.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000002.2977801746.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000000.1723402276.0000000000F48000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: chromedriver.exe, 00000000.00000002.2977819084.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000000.00000000.1674710156.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000002.2977878181.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000000.1698028039.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000002.2977801746.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000000.1723402276.0000000000F48000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: chromedriver.exe, 00000000.00000002.2977819084.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000000.00000000.1674710156.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000002.2977878181.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000000.1698028039.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000002.2977801746.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000000.1723402276.0000000000F48000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: chromedriver.exe, 00000000.00000002.2977819084.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000000.00000000.1674710156.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000002.2977878181.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000000.1698028039.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000002.2977801746.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000000.1723402276.0000000000F48000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: chromedriver.exe, 00000000.00000002.2977819084.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000000.00000000.1674710156.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000002.2977878181.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000000.1698028039.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000002.2977801746.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000000.1723402276.0000000000F48000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);

Source: chromedriver.exe	String found in binary or memory: am force-stop
Source: chromedriver.exe	String found in binary or memory: device;localabstract:forward:tcp:. : Failed to forward ports to device Failed to forward ports to device %s. No port chosen: %s. Perhaps your adb version is out of date. %s 2.39 and newer require adb version 1.0.38 or newer. Run 'adb version' in your terminal of the host device to find your version of adb.Failed to forward ports to device %s with thespecified port: %d.killforward:tcp:Failed to kill forward port of device ..\..\chrome\test\chromedriver\chrome\adb_impl.ccSending command line file: SetCommandLineFilepm path is not installed on device pm clear Success on device Failed to clear data for am set-debug-app --persistent getprop ro.build.version.release android.permission.POST_NOTIFICATIONSpm grant am start -W -n CompleteFailed to start am force-stop ps && ps -AFailed to get PID for the following process: ' /proc/net/unixgrep -a 'Failed to get sockets matching: Sending adb command: ExecuteCommandReceived adb response: :host-serial:\|shell:host:transport:ANDROID_SERIALout_of_range was thrown in -fno-exceptions mode with message "%s"Adb command timed out after %d seconds>.. Is the adb server running? Extra response: <Failed to run adb command with networking error: The adb command failed. Extra response: <me.bindingCalledRuntime.bindingCsendBidiResponseRuntime.bindingCallednameRuntime.bindingCalled missing 'name'sendBidiResponsepayloadRuntime.bindingCalled missing 'payload'channelchannel is missing in the payloadno callback is set in BidiTrackerproductversion doesn't include 'Browser'version info not in JSONversion info not a dictionaryAndroid-Package'Android-Package' is not a stringBrowserwebSocketDebuggerUrlWebKit-Versionversion doesn't include 'WebKit-Version'content shellwebviewunrecognized %s version: %s.unrecognized browser version: unrecognized Blink version string: unrecognized Blink revision: Cast.sinksUpdatedCast.issueUpdateCast.enablesinksissueMessageoperation is unsupported on AndroidANDROID[window.screenX, window.screenY, window.outerWidth, window.outerHeight]Unable to maximize window on Android platformUnable to minimize window on Android platformFullscreen mode is not supported on Android platform..\..\chrome\test\chromedriver\chrome\chrome_desktop_impl.cc quit unexpectedly, leaving behind temporary directoriesfor debugging: user data directory: automation extension directory: page could not be found: log-net-logBrowser.closecannot kill %s..\..\chrome\test\chromedriver\chrome\chrome_finder.ccBrowser search. Trying... Browser search. Found at Unknown browser name: Unsupported platform.Browser search. Not found.chrome-headless-shell.exechrome.exechromium.exeGoogle\Chrome\ApplicationGoogle\Chrome for Testing\ApplicationChromium\ApplicationPATHlefttopwidthheightwindowStateoperation unsupportedunable to discover open window in chromeweb view not foundabout:blankurlnewWindowbackgroundTarget.createTargettargetIdno targetId from createTargetBrowser.getWindowForTargetmaximizedminimizedfullscreenxywindowIdBrowser.getWindowBoundsnormal
Source: chromedriver.exe	String found in binary or memory: session/:sessionId/%s/cast/stop_casting
Source: chromedriver.exe	String found in binary or memory: session/:sessionId/%s/cast/stop_casting
Source: chromedriver.exe	String found in binary or memory: Sec-Private-State-Tokens-Additional-Signing-Data
Source: chromedriver.exe	String found in binary or memory: 128.0.6613.119Sec-SignatureSec-Redemption-RecordSec-TimeSec-Private-State-TokenSec-Private-State-Token-Crypto-VersionSec-Private-State-Tokens-Additional-Signing-DataSec-Private-State-Token-Lifetime
Source: chromedriver.exe	String found in binary or memory: ip-address-space-overrides
Source: chromedriver.exe	String found in binary or memory: SimpleURLLoaderUseReadAndDiscardBodyOption..\..\services\network\public\cpp\simple_url_loader.ccSimpleURLLoader_BodyReader mojo callbackOnBodyHandlerProgressStartRequestOnDataReadOnDoneDeleteFileOnFileSequenceDestroyStartWritingStartWritingOnFileSequenceNet.OnTransferSizeUpdated.Experimental.OverridenByunsafely-treat-insecure-origin-as-secureip-address-space-overrides..\..\services\network\public\cpp\is_potentially_trustworthy.ccAllowlisted secure origin pattern is not valid; ignoring.http://%s:80BlockAcceptClientHintsBlockedSite
Source: chromedriver.exe	String found in binary or memory: partition_alloc/address_space
Source: chromedriver.exe	String found in binary or memory: treat-as-public-address
Source: chromedriver.exe	String found in binary or memory: 'allow-duplicates'content-security-policycontent-security-policy-report-onlyAllow-CSP-FromThe 'Allow-CSP-From' header contains neither '*' nor a valid origin.The query component, including the '?', will be ignored.The fragment identifier, including the '#', will be ignored.The source list for Content Security Policy directive '%s' contains a source with an invalid path: '%s'. %sbase-uriblock-all-mixed-contentchild-srcconnect-srcdefault-srcfenced-frame-srcframe-ancestorsframe-srcfont-srcform-actionimg-srcmanifest-srcmedia-srcobject-srcreport-urirequire-trusted-types-forscript-srcscript-src-attrscript-src-elemstyle-srcstyle-src-attrstyle-src-elemupgrade-insecure-requeststreat-as-public-addresstrusted-typesworker-srcreport-tonavigate-toThe Content-Security-Policy directive name '%s' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.Ignoring duplicate Content-Security-Policy directive '%s'.The value for the Content-Security-Policy directive '%s' contains one or more invalid characters. In a source expression, non-whitespace characters outside ASCII 0x21-0x7E must be Punycode-encoded, as described in RFC 3492 (https://tools.ietf.org/html/rfc3492), if part of the hostname and percent-encoded, as described in RFC 3986, section 2.1 (http://tools.ietf.org/html/rfc3986#section-2.1), if part of the path.The Content Security Policy directive '%s' is ignored when delivered in a report-only policy.The Content Security Policy directive '%s' is ignored when delivered via a <meta> element.Error while parsing the 'sandbox' Content Security Policy directive: The 'allow' directive has been replaced with 'default-src'. Please use that directive instead, as 'allow' has no effect.The 'options' directive has been replaced with the 'unsafe-inline' and 'unsafe-eval' source expressions for the 'script-src' and 'style-src' directives. Please use those directives instead, as 'options' has no effect.policy-uriThe 'policy-uri' directive has been removed from the specification. Please specify a complete policy via the Content-Security-Policy header.plugin-typesThe Content-Security-Policy directive 'plugin-types' has been removed from the specification. If you want to block plugins, consider specifying "object-src 'none'" instead.Unrecognized Content-Security-Policy directive '%s'.'none''self'The Content-Security-Policy directive '%s' contains '%s' as a source expression. Did you want to add it as a directive and forget a semicolon?The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '%s''unsafe-inline''inline-speculation-rules'The Content-Security-Policy directive '%s' contains '%s' as a source expression that is permitted only for 'script-src' and 'script-src-elem' directives. It will be ignored.'unsafe-eval''wasm-eval''wasm-unsafe-eval''unsafe-allow-redirects''strict-dynamic''unsafe-hashes''report-sample'The source list for the Content Security Policy directive '%s
Source: chromedriver.exe	String found in binary or memory: allowed-by-target-ip-address-space
Source: chromedriver.exe	String found in binary or memory: blocked-by-target-ip-address-space
Source: chromedriver.exe	String found in binary or memory: blocked-by-inconsistent-ip-address-space
Source: chromedriver.exe	String found in binary or memory: ..\..\services\network\p2p\socket_tcp.ccError from connecting socket, result=P2PSocketTcpBase::OnConnected: unable to get localP2PSocketTcpBase::OnConnected: unable to get peerRemote address: Remote address is unknown since connection is proxied before STUN binding is finished. Terminating connection.Ignoring empty RTP-over-TCP frame.WebRTC.ICE.TcpSocketWriteErrorCodeError when sending data in TCP socket: Error when reading from TCP socket: Remote peer has shutdown TCP socket.sec-ch-sec-fetch-Sec-Fetch-SiteSec-Fetch-ModeSec-Fetch-UserSec-Fetch-Destallowed-missing-client-security-stateallowed-no-less-publicallowed-by-policy-allowallowed-by-policy-warnallowed-by-target-ip-address-spaceblocked-by-load-optioninsecure-private-networkblocked-by-target-ip-address-spaceblocked-by-policy-preflight-warnblocked-by-policy-preflight-blockallowed-by-policy-preflight-warnblocked-by-inconsistent-ip-address-spaceallowed-potentially-trustworthy-same-origin%O
Source: chromedriver.exe	String found in binary or memory: overflow:hidden;img src="http://addEventListenerresponsible for s.js"></script>

Source: unknown	Process created: C:\Users\user\Desktop\chromedriver.exe "C:\Users\user\Desktop\chromedriver.exe" -install
Source: C:\Users\user\Desktop\chromedriver.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\Desktop\chromedriver.exe "C:\Users\user\Desktop\chromedriver.exe" /install
Source: C:\Users\user\Desktop\chromedriver.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\Desktop\chromedriver.exe "C:\Users\user\Desktop\chromedriver.exe" /load
Source: C:\Users\user\Desktop\chromedriver.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: mswsock.dll	Jump to behavior

Source: chromedriver.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: chromedriver.exe

Static file information: File size 15887360 > 1048576

Source: chromedriver.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0xb06200
Source: chromedriver.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x3b0400

Source: chromedriver.exe

Static PE information: More than 200 imports for KERNEL32.dll

Source: chromedriver.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: chromedriver.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: chromedriver.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: chromedriver.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: chromedriver.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: chromedriver.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: chromedriver.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: chromedriver.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\chromedriver.exe.pdb source: chromedriver.exe
Source:	Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\chromedriver.exe.pdb@+P+`+p+ source: chromedriver.exe

Source: chromedriver.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: chromedriver.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: chromedriver.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: chromedriver.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: chromedriver.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

PE file contains sections with non-standard names

Source: chromedriver.exe	Static PE information: section name: .rodata
Source: chromedriver.exe	Static PE information: section name: malloc_h

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: chromedriver.exe	Binary or memory string: VMnet
Source: chromedriver.exe	Binary or memory string: chrome.exeDefaultFirst RunLocal StatePreferences..\..\net\base\network_interfaces_win.ccVMnetGetAdaptersAddresses failed: ..\..\net\url_request\url_request_context_getter.cc
Source: chromedriver.exe, 00000002.00000002.2978521040.0000000005458000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: chromedriver.exe, 00000000.00000002.2978758016.0000000005A98000.00000004.00000020.00020000.00000000.sdmp, chromedriver.exe, 00000004.00000002.2978543403.0000000005958000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

ID:	1523249
Product:	CloudBasic
Start time:	11:00:36
Start date:	01.10.2024
Sample:	chromedriver.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	d99868a7ff7b7962e2ee2c9bfb1ba83b
SHA1:	57ea6d6362b70fd74c06e422c2f2f369773bcaff
SHA256:	b8501e5fe73cb422c80c3b97b9d2c0398d5d15b415eaba973fd09d198d3d56ef
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
chromedriver.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Screenshots

Behavior Graph

Network Map

Windows Analysis Report chromedriver.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
chromedriver.exe