Edit tour

Windows Analysis Report
chromedriver.exe

Overview

General Information

Sample name:	chromedriver.exe
Analysis ID:	1523249
MD5:	d99868a7ff7b7962e2ee2c9bfb1ba83b
SHA1:	57ea6d6362b70fd74c06e422c2f2f369773bcaff
SHA256:	b8501e5fe73cb422c80c3b97b9d2c0398d5d15b415eaba973fd09d198d3d56ef
Infos:

Detection

Score:	22
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

AI detected suspicious sample

PE file contains sections with non-standard names

Program does not show much activity (idle)

Sample execution stops while process was sleeping (likely an evasion)

Uses 32bit PE files

Classification

Process Tree

System is w10x64

chromedriver.exe (PID: 3612 cmdline: "C:\Users\user\Desktop\chromedriver.exe" -install MD5: D99868A7FF7B7962E2EE2C9BFB1BA83B)

conhost.exe (PID: 4504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chromedriver.exe (PID: 4040 cmdline: "C:\Users\user\Desktop\chromedriver.exe" /install MD5: D99868A7FF7B7962E2EE2C9BFB1BA83B)

conhost.exe (PID: 2344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chromedriver.exe (PID: 2416 cmdline: "C:\Users\user\Desktop\chromedriver.exe" /load MD5: D99868A7FF7B7962E2EE2C9BFB1BA83B)

conhost.exe (PID: 5552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

String found in binary or memory: .doubleclick.net.googlevideo.comeusercontent.com.googleuserconteesyndication.com.googlesyndicatile-analytics.com.google-analyticleadservices.com.googleadservice%s:%d%s:%i.google.com.youtube.com.gmail.com.doubleclick.net.gstatic.com.googlevideo.com.googleusercontent.com.googlesyndication.com.google-analytics.com.googleadservices.com.googleapis.com.ytimg.comgoogle.comwww.google.com.localhostTHROTTLEDIDLELOWESTHIGHESTUNKNOWN_PRIORITY equals www.youtube.com (Youtube)

Source: chromedriver.exe	String found in binary or memory: http://.css
Source: chromedriver.exe	String found in binary or memory: http://.jpg
Source: chromedriver.exe	String found in binary or memory: http://certificates.godaddy.com/repository/gd_intermediate.crt0
Source: chromedriver.exe	String found in binary or memory: http://certificates.godaddy.com/repository100.
Source: chromedriver.exe	String found in binary or memory: http://clients3.google.com/cert_upload_json
Source: chromedriver.exe	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: chromedriver.exe	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: chromedriver.exe	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: chromedriver.exe	String found in binary or memory: http://crl.godaddy.com/gds1-20
Source: chromedriver.exe	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: chromedriver.exe	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: chromedriver.exe	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: chromedriver.exe	String found in binary or memory: http://html4/loose.dtd
Source: chromedriver.exe	String found in binary or memory: http://httpswsswsdevtools/browser/json/versionjson/liststring_view::substr..
Source: chromedriver.exe	String found in binary or memory: http://ocsp.accv.es0
Source: chromedriver.exe	String found in binary or memory: http://ocsp.godaddy.com/0J
Source: chromedriver.exe	String found in binary or memory: http://report-example.test/test
Source: chromedriver.exe	String found in binary or memory: http://repository.swisssign.com/0
Source: chromedriver.exe	String found in binary or memory: http://tools.ietf.org/html/rfc3986#section-2.1)
Source: chromedriver.exe	String found in binary or memory: http://wpad/wpad.dat
Source: chromedriver.exe	String found in binary or memory: http://wpad/wpad.dat..
Source: chromedriver.exe	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: chromedriver.exe	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: chromedriver.exe	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: chromedriver.exe	String found in binary or memory: http://www.accv.es00
Source: chromedriver.exe	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromedriver.exe	String found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: chromedriver.exe	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: chromedriver.exe	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: chromedriver.exe	String found in binary or memory: http://www.w3.
Source: chromedriver.exe	String found in binary or memory: http://www.w3.o
Source: chromedriver.exe	String found in binary or memory: http://www.w3.or
Source: chromedriver.exe	String found in binary or memory: https://%s:%d/.well-known/masque/udp/%s/%d/
Source: chromedriver.exe	String found in binary or memory: https://%s:%d/.well-known/masque/udp/%s/%d/Net.QuicStreamFactory.DefaultNetworkMatchNet.QuicSession.
Source: chromedriver.exe	String found in binary or memory: https://alekberg.net/privacy
Source: chromedriver.exe	String found in binary or memory: https://alekberg.net/privacyalekberg.net
Source: chromedriver.exe	String found in binary or memory: https://bit.ly/3rpDuEX.
Source: chromedriver.exe	String found in binary or memory: https://bit.ly/3rpDuEX.X-Content-Type-OptionsInvalid
Source: chromedriver.exe	String found in binary or memory: https://chrome.cloudflare-dns.com/dns-query
Source: chromedriver.exe	String found in binary or memory: https://chrome.cloudflare-dns.com/dns-queryone.one.one.one1dot1dot1dot1.cloudflare-dns.com1.1.1.11.0
Source: chromedriver.exe, ConDrv.0.dr, ConDrv.4.dr, ConDrv.2.dr	String found in binary or memory: https://chromedriver.chromium.org/security-considerations
Source: chromedriver.exe	String found in binary or memory: https://chromium.dns.nextdns.io
Source: chromedriver.exe	String found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: chromedriver.exe	String found in binary or memory: https://cleanbrowsing.org/privacy
Source: chromedriver.exe	String found in binary or memory: https://cleanbrowsing.org/privacyCleanBrowsing
Source: chromedriver.exe	String found in binary or memory: https://crbug.com/1154140
Source: chromedriver.exe	String found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
Source: chromedriver.exe	String found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflare
Source: chromedriver.exe	String found in binary or memory: https://developers.google.com/speed/public-dns/privacy
Source: chromedriver.exe	String found in binary or memory: https://developers.google.com/speed/public-dns/privacyGoogle
Source: chromedriver.exe	String found in binary or memory: https://dns.google/dns-query
Source: chromedriver.exe	String found in binary or memory: https://dns.levonet.sk/dns-query
Source: chromedriver.exe	String found in binary or memory: https://dns.quad9.net/dns-query
Source: chromedriver.exe	String found in binary or memory: https://dns.quad9.net/dns-querydns.quad9.netdns9.quad9.net9.9.9.9149.112.112.1122620:fe::fe2620:fe::
Source: chromedriver.exe	String found in binary or memory: https://dns.sb/privacy/
Source: chromedriver.exe	String found in binary or memory: https://dns.sb/privacy/DNS.SBhttps://doh.dns.sb/dns-query
Source: chromedriver.exe	String found in binary or memory: https://dns10.quad9.net/dns-query
Source: chromedriver.exe	String found in binary or memory: https://dns10.quad9.net/dns-querydns10.quad9.net9.9.9.10149.112.112.102620:fe::102620:fe::fe:10
Source: chromedriver.exe	String found in binary or memory: https://dns11.quad9.net/dns-query
Source: chromedriver.exe	String found in binary or memory: https://dns11.quad9.net/dns-querydns11.quad9.net9.9.9.11149.112.112.112620:fe::112620:fe::fe:11
Source: chromedriver.exe	String found in binary or memory: https://dns64.dns.google/dns-query
Source: chromedriver.exe	String found in binary or memory: https://dnsnl.alekberg.net/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh-01.spectrum.com/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh-02.spectrum.com/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh.cleanbrowsing.org/doh/adult-filter
Source: chromedriver.exe	String found in binary or memory: https://doh.cleanbrowsing.org/doh/family-filter
Source: chromedriver.exe	String found in binary or memory: https://doh.cleanbrowsing.org/doh/security-filter
Source: chromedriver.exe	String found in binary or memory: https://doh.cox.net/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh.cox.net/dns-querydot.cox.net68.105.28.1168.105.28.122001:578:3f::30V
Source: chromedriver.exe	String found in binary or memory: https://doh.dns.sb/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh.familyshield.opendns.com/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh.opendns.com/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh.quickline.ch/dns-query
Source: chromedriver.exe	String found in binary or memory: https://doh.xfinity.com/dns-query
Source: chromedriver.exe	String found in binary or memory: https://github.com/GoogleChromeLabs/chromium-bidi
Source: chromedriver.exe	String found in binary or memory: https://nextdns.io/privacy
Source: chromedriver.exe	String found in binary or memory: https://nextdns.io/privacyNextDNShttps://chromium.dns.nextdns.ioNextDnshttps://www.cisco.com/c/en/us
Source: chromedriver.exe	String found in binary or memory: https://odvr.nic.cz/doh
Source: chromedriver.exe	String found in binary or memory: https://odvr.nic.cz/dohodvr.nic.cz185.43.135.1193.17.47.12001:148f:fffe::12001:148f:ffff::1
Source: chromedriver.exe	String found in binary or memory: https://public.dns.iij.jp/
Source: chromedriver.exe	String found in binary or memory: https://public.dns.iij.jp/IIJ
Source: chromedriver.exe	String found in binary or memory: https://public.dns.iij.jp/dns-query
Source: chromedriver.exe	String found in binary or memory: https://public.dns.iij.jp/dns-queryIij109.236.119.2109.236.120.22a02:6ca3:0:1::22a02:6ca3:0:2::2
Source: chromedriver.exe	String found in binary or memory: https://tools.ietf.org/html/rfc3492)
Source: chromedriver.exe	String found in binary or memory: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
Source: chromedriver.exe	String found in binary or memory: https://www.nic.cz/odvr/
Source: chromedriver.exe	String found in binary or memory: https://www.nic.cz/odvr/CZ.NIC
Source: chromedriver.exe	String found in binary or memory: https://www.quad9.net/home/privacy/
Source: chromedriver.exe	String found in binary or memory: https://www.quad9.net/home/privacy/Quad9
Source: chromedriver.exe	String found in binary or memory: https://wwww.certigna.fr/autorites/0m

Source: chromedriver.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: sus22.winEXE@6/3@0/0

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4504:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5552:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2344:120:WilError_03

Source: C:\Users\user\Desktop\chromedriver.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: chromedriver.exe, 00000000.00000002.2977819084.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000000.00000000.1674710156.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000002.2977878181.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000000.1698028039.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000002.2977801746.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000000.1723402276.0000000000F48000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: chromedriver.exe, 00000000.00000002.2977819084.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000000.00000000.1674710156.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000002.2977878181.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000000.1698028039.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000002.2977801746.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000000.1723402276.0000000000F48000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: chromedriver.exe, 00000000.00000002.2977819084.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000000.00000000.1674710156.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000002.2977878181.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000000.1698028039.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000002.2977801746.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000000.1723402276.0000000000F48000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: chromedriver.exe, 00000000.00000002.2977819084.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000000.00000000.1674710156.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000002.2977878181.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000000.1698028039.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000002.2977801746.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000000.1723402276.0000000000F48000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: chromedriver.exe, 00000000.00000002.2977819084.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000000.00000000.1674710156.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000002.2977878181.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000000.1698028039.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000002.2977801746.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000000.1723402276.0000000000F48000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: chromedriver.exe, 00000000.00000002.2977819084.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000000.00000000.1674710156.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000002.2977878181.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000002.00000000.1698028039.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000002.2977801746.0000000000F48000.00000002.00000001.01000000.00000003.sdmp, chromedriver.exe, 00000004.00000000.1723402276.0000000000F48000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);

Source: chromedriver.exe	String found in binary or memory: am force-stop
Source: chromedriver.exe	String found in binary or memory: device;localabstract:forward:tcp:. : Failed to forward ports to device Failed to forward ports to device %s. No port chosen: %s. Perhaps your adb version is out of date. %s 2.39 and newer require adb version 1.0.38 or newer. Run 'adb version' in your terminal of the host device to find your version of adb.Failed to forward ports to device %s with thespecified port: %d.killforward:tcp:Failed to kill forward port of device ..\..\chrome\test\chromedriver\chrome\adb_impl.ccSending command line file: SetCommandLineFilepm path is not installed on device pm clear Success on device Failed to clear data for am set-debug-app --persistent getprop ro.build.version.release android.permission.POST_NOTIFICATIONSpm grant am start -W -n CompleteFailed to start am force-stop ps && ps -AFailed to get PID for the following process: ' /proc/net/unixgrep -a 'Failed to get sockets matching: Sending adb command: ExecuteCommandReceived adb response: :host-serial:\|shell:host:transport:ANDROID_SERIALout_of_range was thrown in -fno-exceptions mode with message "%s"Adb command timed out after %d seconds>.. Is the adb server running? Extra response: <Failed to run adb command with networking error: The adb command failed. Extra response: <me.bindingCalledRuntime.bindingCsendBidiResponseRuntime.bindingCallednameRuntime.bindingCalled missing 'name'sendBidiResponsepayloadRuntime.bindingCalled missing 'payload'channelchannel is missing in the payloadno callback is set in BidiTrackerproductversion doesn't include 'Browser'version info not in JSONversion info not a dictionaryAndroid-Package'Android-Package' is not a stringBrowserwebSocketDebuggerUrlWebKit-Versionversion doesn't include 'WebKit-Version'content shellwebviewunrecognized %s version: %s.unrecognized browser version: unrecognized Blink version string: unrecognized Blink revision: Cast.sinksUpdatedCast.issueUpdateCast.enablesinksissueMessageoperation is unsupported on AndroidANDROID[window.screenX, window.screenY, window.outerWidth, window.outerHeight]Unable to maximize window on Android platformUnable to minimize window on Android platformFullscreen mode is not supported on Android platform..\..\chrome\test\chromedriver\chrome\chrome_desktop_impl.cc quit unexpectedly, leaving behind temporary directoriesfor debugging: user data directory: automation extension directory: page could not be found: log-net-logBrowser.closecannot kill %s..\..\chrome\test\chromedriver\chrome\chrome_finder.ccBrowser search. Trying... Browser search. Found at Unknown browser name: Unsupported platform.Browser search. Not found.chrome-headless-shell.exechrome.exechromium.exeGoogle\Chrome\ApplicationGoogle\Chrome for Testing\ApplicationChromium\ApplicationPATHlefttopwidthheightwindowStateoperation unsupportedunable to discover open window in chromeweb view not foundabout:blankurlnewWindowbackgroundTarget.createTargettargetIdno targetId from createTargetBrowser.getWindowForTargetmaximizedminimizedfullscreenxywindowIdBrowser.getWindowBoundsnormal
Source: chromedriver.exe	String found in binary or memory: session/:sessionId/%s/cast/stop_casting
Source: chromedriver.exe	String found in binary or memory: session/:sessionId/%s/cast/stop_casting
Source: chromedriver.exe	String found in binary or memory: Sec-Private-State-Tokens-Additional-Signing-Data
Source: chromedriver.exe	String found in binary or memory: 128.0.6613.119Sec-SignatureSec-Redemption-RecordSec-TimeSec-Private-State-TokenSec-Private-State-Token-Crypto-VersionSec-Private-State-Tokens-Additional-Signing-DataSec-Private-State-Token-Lifetime
Source: chromedriver.exe	String found in binary or memory: ip-address-space-overrides
Source: chromedriver.exe	String found in binary or memory: SimpleURLLoaderUseReadAndDiscardBodyOption..\..\services\network\public\cpp\simple_url_loader.ccSimpleURLLoader_BodyReader mojo callbackOnBodyHandlerProgressStartRequestOnDataReadOnDoneDeleteFileOnFileSequenceDestroyStartWritingStartWritingOnFileSequenceNet.OnTransferSizeUpdated.Experimental.OverridenByunsafely-treat-insecure-origin-as-secureip-address-space-overrides..\..\services\network\public\cpp\is_potentially_trustworthy.ccAllowlisted secure origin pattern is not valid; ignoring.http://%s:80BlockAcceptClientHintsBlockedSite
Source: chromedriver.exe	String found in binary or memory: partition_alloc/address_space
Source: chromedriver.exe	String found in binary or memory: treat-as-public-address
Source: chromedriver.exe	String found in binary or memory: 'allow-duplicates'content-security-policycontent-security-policy-report-onlyAllow-CSP-FromThe 'Allow-CSP-From' header contains neither '*' nor a valid origin.The query component, including the '?', will be ignored.The fragment identifier, including the '#', will be ignored.The source list for Content Security Policy directive '%s' contains a source with an invalid path: '%s'. %sbase-uriblock-all-mixed-contentchild-srcconnect-srcdefault-srcfenced-frame-srcframe-ancestorsframe-srcfont-srcform-actionimg-srcmanifest-srcmedia-srcobject-srcreport-urirequire-trusted-types-forscript-srcscript-src-attrscript-src-elemstyle-srcstyle-src-attrstyle-src-elemupgrade-insecure-requeststreat-as-public-addresstrusted-typesworker-srcreport-tonavigate-toThe Content-Security-Policy directive name '%s' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.Ignoring duplicate Content-Security-Policy directive '%s'.The value for the Content-Security-Policy directive '%s' contains one or more invalid characters. In a source expression, non-whitespace characters outside ASCII 0x21-0x7E must be Punycode-encoded, as described in RFC 3492 (https://tools.ietf.org/html/rfc3492), if part of the hostname and percent-encoded, as described in RFC 3986, section 2.1 (http://tools.ietf.org/html/rfc3986#section-2.1), if part of the path.The Content Security Policy directive '%s' is ignored when delivered in a report-only policy.The Content Security Policy directive '%s' is ignored when delivered via a <meta> element.Error while parsing the 'sandbox' Content Security Policy directive: The 'allow' directive has been replaced with 'default-src'. Please use that directive instead, as 'allow' has no effect.The 'options' directive has been replaced with the 'unsafe-inline' and 'unsafe-eval' source expressions for the 'script-src' and 'style-src' directives. Please use those directives instead, as 'options' has no effect.policy-uriThe 'policy-uri' directive has been removed from the specification. Please specify a complete policy via the Content-Security-Policy header.plugin-typesThe Content-Security-Policy directive 'plugin-types' has been removed from the specification. If you want to block plugins, consider specifying "object-src 'none'" instead.Unrecognized Content-Security-Policy directive '%s'.'none''self'The Content-Security-Policy directive '%s' contains '%s' as a source expression. Did you want to add it as a directive and forget a semicolon?The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '%s''unsafe-inline''inline-speculation-rules'The Content-Security-Policy directive '%s' contains '%s' as a source expression that is permitted only for 'script-src' and 'script-src-elem' directives. It will be ignored.'unsafe-eval''wasm-eval''wasm-unsafe-eval''unsafe-allow-redirects''strict-dynamic''unsafe-hashes''report-sample'The source list for the Content Security Policy directive '%s
Source: chromedriver.exe	String found in binary or memory: allowed-by-target-ip-address-space
Source: chromedriver.exe	String found in binary or memory: blocked-by-target-ip-address-space
Source: chromedriver.exe	String found in binary or memory: blocked-by-inconsistent-ip-address-space
Source: chromedriver.exe	String found in binary or memory: ..\..\services\network\p2p\socket_tcp.ccError from connecting socket, result=P2PSocketTcpBase::OnConnected: unable to get localP2PSocketTcpBase::OnConnected: unable to get peerRemote address: Remote address is unknown since connection is proxied before STUN binding is finished. Terminating connection.Ignoring empty RTP-over-TCP frame.WebRTC.ICE.TcpSocketWriteErrorCodeError when sending data in TCP socket: Error when reading from TCP socket: Remote peer has shutdown TCP socket.sec-ch-sec-fetch-Sec-Fetch-SiteSec-Fetch-ModeSec-Fetch-UserSec-Fetch-Destallowed-missing-client-security-stateallowed-no-less-publicallowed-by-policy-allowallowed-by-policy-warnallowed-by-target-ip-address-spaceblocked-by-load-optioninsecure-private-networkblocked-by-target-ip-address-spaceblocked-by-policy-preflight-warnblocked-by-policy-preflight-blockallowed-by-policy-preflight-warnblocked-by-inconsistent-ip-address-spaceallowed-potentially-trustworthy-same-origin%O
Source: chromedriver.exe	String found in binary or memory: overflow:hidden;img src="http://addEventListenerresponsible for s.js"></script>

Source: unknown	Process created: C:\Users\user\Desktop\chromedriver.exe "C:\Users\user\Desktop\chromedriver.exe" -install
Source: C:\Users\user\Desktop\chromedriver.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\Desktop\chromedriver.exe "C:\Users\user\Desktop\chromedriver.exe" /install
Source: C:\Users\user\Desktop\chromedriver.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\Desktop\chromedriver.exe "C:\Users\user\Desktop\chromedriver.exe" /load
Source: C:\Users\user\Desktop\chromedriver.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\chromedriver.exe	Section loaded: mswsock.dll	Jump to behavior

Source: chromedriver.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: chromedriver.exe

Static file information: File size 15887360 > 1048576

Source: chromedriver.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0xb06200
Source: chromedriver.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x3b0400

Source: chromedriver.exe

Static PE information: More than 200 imports for KERNEL32.dll

Source: chromedriver.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: chromedriver.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: chromedriver.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: chromedriver.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: chromedriver.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: chromedriver.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: chromedriver.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: chromedriver.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\chromedriver.exe.pdb source: chromedriver.exe
Source:	Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\chromedriver.exe.pdb@+P+`+p+ source: chromedriver.exe

Source: chromedriver.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: chromedriver.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: chromedriver.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: chromedriver.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: chromedriver.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: chromedriver.exe	Static PE information: section name: .rodata
Source: chromedriver.exe	Static PE information: section name: malloc_h

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: chromedriver.exe	Binary or memory string: VMnet
Source: chromedriver.exe	Binary or memory string: chrome.exeDefaultFirst RunLocal StatePreferences..\..\net\base\network_interfaces_win.ccVMnetGetAdaptersAddresses failed: ..\..\net\url_request\url_request_context_getter.cc
Source: chromedriver.exe, 00000002.00000002.2978521040.0000000005458000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: chromedriver.exe, 00000000.00000002.2978758016.0000000005A98000.00000004.00000020.00020000.00000000.sdmp, chromedriver.exe, 00000004.00000002.2978543403.0000000005958000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	1 Process Injection	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 DLL Side-Loading	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
chromedriver.exe	1%	Virustotal		Browse
chromedriver.exe	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
http://crl.securetrust.com/STCA.crl0	0%	URL Reputation	safe
http://www.quovadisglobal.com/cps0	0%	URL Reputation	safe
https://chrome.cloudflare-dns.com/dns-query	0%	URL Reputation	safe
https://bit.ly/3rpDuEX.X-Content-Type-OptionsInvalid	1%	Virustotal		Browse
https://doh.familyshield.opendns.com/dns-query	0%	Virustotal		Browse
http://clients3.google.com/cert_upload_json	0%	Virustotal		Browse
https://chromium.dns.nextdns.io	0%	Virustotal		Browse
https://dns10.quad9.net/dns-query	0%	Virustotal		Browse
http://www.firmaprofesional.com/cps0	0%	Virustotal		Browse
http://crl.dhimyotis.com/certignarootca.crl0	0%	Virustotal		Browse
https://dns.google/dns-query	0%	Virustotal		Browse
http://certificates.godaddy.com/repository100.	0%	Virustotal		Browse
https://public.dns.iij.jp/	0%	Virustotal		Browse
http://repository.swisssign.com/0	0%	Virustotal		Browse
http://crl.securetrust.com/SGCA.crl0	0%	Virustotal		Browse
https://doh.cleanbrowsing.org/doh/security-filter	0%	Virustotal		Browse
https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflare	0%	Virustotal		Browse
https://doh.cox.net/dns-query	0%	Virustotal		Browse
https://chromedriver.chromium.org/security-considerations	0%	Virustotal		Browse
https://www.nic.cz/odvr/	0%	Virustotal		Browse
https://nextdns.io/privacyNextDNShttps://chromium.dns.nextdns.ioNextDnshttps://www.cisco.com/c/en/us	0%	Virustotal		Browse
https://dns11.quad9.net/dns-query	0%	Virustotal		Browse
https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/	0%	Virustotal		Browse
https://doh.quickline.ch/dns-query	0%	Virustotal		Browse
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0	0%	Virustotal		Browse
https://developers.google.com/speed/public-dns/privacy	0%	Virustotal		Browse
https://doh-02.spectrum.com/dns-query	0%	Virustotal		Browse
https://www.nic.cz/odvr/CZ.NIC	0%	Virustotal		Browse
https://www.quad9.net/home/privacy/Quad9	0%	Virustotal		Browse
https://chromium.googlesource.com/chromium/src/	0%	Virustotal		Browse
http://www.w3.o	0%	Virustotal		Browse
https://dns.levonet.sk/dns-query	0%	Virustotal		Browse
https://doh.cox.net/dns-querydot.cox.net68.105.28.1168.105.28.122001:578:3f::30V	0%	Virustotal		Browse
https://public.dns.iij.jp/IIJ	0%	Virustotal		Browse
http://www.apache.org/licenses/LICENSE-2.0	0%	Virustotal		Browse
https://dns10.quad9.net/dns-querydns10.quad9.net9.9.9.10149.112.112.102620:fe::102620:fe::fe:10	1%	Virustotal		Browse

Name	Source	Malicious	Antivirus Detection	Reputation
http://html4/loose.dtd	chromedriver.exe	false		unknown
https://bit.ly/3rpDuEX.X-Content-Type-OptionsInvalid	chromedriver.exe	false	1%, Virustotal, Browse	unknown
https://dns10.quad9.net/dns-query	chromedriver.exe	false	0%, Virustotal, Browse	unknown
https://chromium.dns.nextdns.io	chromedriver.exe	false	0%, Virustotal, Browse	unknown
https://doh.familyshield.opendns.com/dns-query	chromedriver.exe	false	0%, Virustotal, Browse	unknown
http://crl.dhimyotis.com/certignarootca.crl0	chromedriver.exe	false	0%, Virustotal, Browse	unknown
http://clients3.google.com/cert_upload_json	chromedriver.exe	false	0%, Virustotal, Browse	unknown
https://doh.cleanbrowsing.org/doh/security-filter	chromedriver.exe	false	0%, Virustotal, Browse	unknown
http://www.firmaprofesional.com/cps0	chromedriver.exe	false	0%, Virustotal, Browse	unknown
https://dns.google/dns-query	chromedriver.exe	false	0%, Virustotal, Browse	unknown
http://certificates.godaddy.com/repository100.	chromedriver.exe	false	0%, Virustotal, Browse	unknown
https://public.dns.iij.jp/	chromedriver.exe	false	0%, Virustotal, Browse	unknown
http://repository.swisssign.com/0	chromedriver.exe	false	0%, Virustotal, Browse	unknown
http://.css	chromedriver.exe	false		unknown
http://crl.securetrust.com/SGCA.crl0	chromedriver.exe	false	0%, Virustotal, Browse	unknown
http://crl.securetrust.com/STCA.crl0	chromedriver.exe	false	URL Reputation: safe	unknown
https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflare	chromedriver.exe	false	0%, Virustotal, Browse	unknown
http://www.w3.	chromedriver.exe	false		unknown
https://doh.cox.net/dns-query	chromedriver.exe	false	0%, Virustotal, Browse	unknown
https://doh.quickline.ch/dns-query	chromedriver.exe	false	0%, Virustotal, Browse	unknown
https://%s:%d/.well-known/masque/udp/%s/%d/	chromedriver.exe	false		unknown
https://chromedriver.chromium.org/security-considerations	chromedriver.exe, ConDrv.0.dr, ConDrv.4.dr, ConDrv.2.dr	false	0%, Virustotal, Browse	unknown
https://nextdns.io/privacyNextDNShttps://chromium.dns.nextdns.ioNextDnshttps://www.cisco.com/c/en/us	chromedriver.exe	false	0%, Virustotal, Browse	unknown
https://www.nic.cz/odvr/	chromedriver.exe	false	0%, Virustotal, Browse	unknown
https://developers.google.com/speed/public-dns/privacy	chromedriver.exe	false	0%, Virustotal, Browse	unknown
https://dns11.quad9.net/dns-query	chromedriver.exe	false	0%, Virustotal, Browse	unknown
http://www.quovadisglobal.com/cps0	chromedriver.exe	false	URL Reputation: safe	unknown
https://%s:%d/.well-known/masque/udp/%s/%d/Net.QuicStreamFactory.DefaultNetworkMatchNet.QuicSession.	chromedriver.exe	false		unknown
https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/	chromedriver.exe	false	0%, Virustotal, Browse	unknown
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0	chromedriver.exe	false	0%, Virustotal, Browse	unknown
https://www.nic.cz/odvr/CZ.NIC	chromedriver.exe	false	0%, Virustotal, Browse	unknown
http://www.w3.o	chromedriver.exe	false	0%, Virustotal, Browse	unknown
https://doh-02.spectrum.com/dns-query	chromedriver.exe	false	0%, Virustotal, Browse	unknown
https://www.quad9.net/home/privacy/Quad9	chromedriver.exe	false	0%, Virustotal, Browse	unknown
http://.jpg	chromedriver.exe	false		unknown
https://chromium.googlesource.com/chromium/src/	chromedriver.exe	false	0%, Virustotal, Browse	unknown
https://dns.levonet.sk/dns-query	chromedriver.exe	false	0%, Virustotal, Browse	unknown
https://public.dns.iij.jp/IIJ	chromedriver.exe	false	0%, Virustotal, Browse	unknown
https://doh.cox.net/dns-querydot.cox.net68.105.28.1168.105.28.122001:578:3f::30V	chromedriver.exe	false	0%, Virustotal, Browse	unknown
http://www.apache.org/licenses/LICENSE-2.0	chromedriver.exe	false	0%, Virustotal, Browse	unknown
https://dns10.quad9.net/dns-querydns10.quad9.net9.9.9.10149.112.112.102620:fe::102620:fe::fe:10	chromedriver.exe	false	1%, Virustotal, Browse	unknown
https://cleanbrowsing.org/privacyCleanBrowsing	chromedriver.exe	false		unknown
https://nextdns.io/privacy	chromedriver.exe	false		unknown
https://odvr.nic.cz/doh	chromedriver.exe	false		unknown
https://doh.cleanbrowsing.org/doh/family-filter	chromedriver.exe	false		unknown
https://github.com/GoogleChromeLabs/chromium-bidi	chromedriver.exe	false		unknown
http://www.accv.es/legislacion_c.htm0U	chromedriver.exe	false		unknown
https://bit.ly/3rpDuEX.	chromedriver.exe	false		unknown
https://doh.xfinity.com/dns-query	chromedriver.exe	false		unknown
https://alekberg.net/privacyalekberg.net	chromedriver.exe	false		unknown
https://cleanbrowsing.org/privacy	chromedriver.exe	false		unknown
https://wwww.certigna.fr/autorites/0m	chromedriver.exe	false		unknown
http://ocsp.accv.es0	chromedriver.exe	false		unknown
https://www.quad9.net/home/privacy/	chromedriver.exe	false		unknown
https://developers.google.com/speed/public-dns/privacyGoogle	chromedriver.exe	false		unknown
https://chrome.cloudflare-dns.com/dns-queryone.one.one.one1dot1dot1dot1.cloudflare-dns.com1.1.1.11.0	chromedriver.exe	false		unknown
http://www.w3.or	chromedriver.exe	false		unknown
https://crbug.com/1154140	chromedriver.exe	false		unknown
https://dns64.dns.google/dns-query	chromedriver.exe	false		unknown
https://doh.cleanbrowsing.org/doh/adult-filter	chromedriver.exe	false		unknown
https://doh.opendns.com/dns-query	chromedriver.exe	false		unknown
https://doh-01.spectrum.com/dns-query	chromedriver.exe	false		unknown
https://dns.quad9.net/dns-query	chromedriver.exe	false		unknown
https://www.cisco.com/c/en/us/about/legal/privacy-full.html	chromedriver.exe	false		unknown
http://certificates.godaddy.com/repository/gd_intermediate.crt0	chromedriver.exe	false		unknown
http://tools.ietf.org/html/rfc3986#section-2.1)	chromedriver.exe	false		unknown
http://wpad/wpad.dat..	chromedriver.exe	false		unknown
https://dns.quad9.net/dns-querydns.quad9.netdns9.quad9.net9.9.9.9149.112.112.1122620:fe::fe2620:fe::	chromedriver.exe	false		unknown
http://report-example.test/test	chromedriver.exe	false		unknown
https://dns.sb/privacy/DNS.SBhttps://doh.dns.sb/dns-query	chromedriver.exe	false		unknown
https://chrome.cloudflare-dns.com/dns-query	chromedriver.exe	false	URL Reputation: safe	unknown
https://odvr.nic.cz/dohodvr.nic.cz185.43.135.1193.17.47.12001:148f:fffe::12001:148f:ffff::1	chromedriver.exe	false		unknown
https://public.dns.iij.jp/dns-queryIij109.236.119.2109.236.120.22a02:6ca3:0:1::22a02:6ca3:0:2::2	chromedriver.exe	false		unknown
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0	chromedriver.exe	false		unknown
https://public.dns.iij.jp/dns-query	chromedriver.exe	false		unknown
http://crl.xrampsecurity.com/XGCA.crl0	chromedriver.exe	false		unknown
http://crl.certigna.fr/certignarootca.crl01	chromedriver.exe	false		unknown
http://wpad/wpad.dat	chromedriver.exe	false		unknown
https://dns.sb/privacy/	chromedriver.exe	false		unknown
https://doh.dns.sb/dns-query	chromedriver.exe	false		unknown
http://httpswsswsdevtools/browser/json/versionjson/liststring_view::substr..	chromedriver.exe	false		unknown
http://www.accv.es00	chromedriver.exe	false		unknown
http://www.cert.fnmt.es/dpcs/0	chromedriver.exe	false		unknown
http://crl.godaddy.com/gds1-20	chromedriver.exe	false		unknown
https://alekberg.net/privacy	chromedriver.exe	false		unknown
https://dnsnl.alekberg.net/dns-query	chromedriver.exe	false		unknown
https://tools.ietf.org/html/rfc3492)	chromedriver.exe	false		unknown
https://dns11.quad9.net/dns-querydns11.quad9.net9.9.9.11149.112.112.112620:fe::112620:fe::fe:11	chromedriver.exe	false		unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1523249
Start date and time:	2024-10-01 11:00:36 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 56s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Cmdline fuzzy
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	chromedriver.exe
Detection:	SUS
Classification:	sus22.winEXE@6/3@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Process:	C:\Users\user\Desktop\chromedriver.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	329
Entropy (8bit):	5.0452603154948275
Encrypted:	false
SSDEEP:	6:j8NaGXFUSWIEo2UwTz1zL+CZqEqz9+hOVYIa9hECr+IIKVGLv8xwECAZ2AGN8Jwy:j8NPFR92UwH1zL+CZ/qz9+h9IchHVMv0
MD5:	D33B04F0F17D686758625F494C8C2633
SHA1:	C31725E352D23BFBB57CC1F68A1651E5EECE2646
SHA-256:	8D6AD099946ADF6A1FDFF067DE0A91E860D4FB24B589046B5A9E942CA6FC1094
SHA-512:	41E4BC0B9408BBDFADD3C0DA63EDB1B1E90D559216880CEAD2124534064CF1863D6A7DFE958069FDA9E7791257F49596731B7AD197692661652BF2F3172C8DF8
Malicious:	false
Reputation:	low
Preview:	Starting ChromeDriver 128.0.6613.119 (6e439cfca4deda5954b0c74cde9b521c03cb31ad-refs/branch-heads/6613@{#1464}) on port 0..Only local connections are allowed...Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe...ChromeDriver was started successfully on port 49732...

Static File Info

General

File type:	PE32 executable (console) Intel 80386, for MS Windows
Entropy (8bit):	7.092076216477605
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	chromedriver.exe
File size:	15'887'360 bytes
MD5:	d99868a7ff7b7962e2ee2c9bfb1ba83b
SHA1:	57ea6d6362b70fd74c06e422c2f2f369773bcaff
SHA256:	b8501e5fe73cb422c80c3b97b9d2c0398d5d15b415eaba973fd09d198d3d56ef
SHA512:	5e74a4121c53c7dffa0cfd562087c94f226865fb7775d269b70f5c3a819f946a62b1dddafc2e2d59ec425344aca8582223c61c95fe60eca99901ceeb060c76d0
SSDEEP:	393216:mJv+3cNIzMmSu5h+YzhuZqkjVfP9hyxDObfcWTggnLABF:mJvZIMW5vhujjdbdgd
TLSH:	47F6C002F5106074C80631B2382DBF3E6D2506679B298ED7DBD85CE46FB86D2263E75B
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......f.........."......b....B.....PT]...........@.......................................@.........................l+..s....+.....

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x9d5450
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:	0x66D217E7 [Fri Aug 30 19:05:11 2024 UTC]
TLS Callbacks:	0x6d5700, 0x9d4880, 0x64ae40, 0x9d4030, 0x570d60, 0x6dcfe0
CLR (.Net) Version:
OS Version Major:	10
OS Version Minor:	0
File Version Major:	10
File Version Minor:	0
Subsystem Version Major:	10
Subsystem Version Minor:	0
Import Hash:	07935545a3128df1568badd63d527eb2

Entrypoint Preview

Instruction
call 00007F84B0B3734Ah
jmp 00007F84B0B371ADh
mov ecx, dword ptr [012B9040h]
push esi
push edi
mov edi, BB40E64Eh
mov esi, FFFF0000h
cmp ecx, edi
je 00007F84B0B37346h
test esi, ecx
jne 00007F84B0B37368h
call 00007F84B0B37371h
mov ecx, eax
cmp ecx, edi
jne 00007F84B0B37349h
mov ecx, BB40E64Fh
jmp 00007F84B0B37350h
test esi, ecx
jne 00007F84B0B3734Ch
or eax, 00004711h
shl eax, 10h
or ecx, eax
mov dword ptr [012B9040h], ecx
not ecx
pop edi
mov dword ptr [012B9080h], ecx
pop esi
ret
push ebp
mov ebp, esp
sub esp, 14h
and dword ptr [ebp-0Ch], 00000000h
lea eax, dword ptr [ebp-0Ch]
and dword ptr [ebp-08h], 00000000h
push eax
call dword ptr [012B366Ch]
mov eax, dword ptr [ebp-08h]
xor eax, dword ptr [ebp-0Ch]
mov dword ptr [ebp-04h], eax
call dword ptr [012B35A8h]
xor dword ptr [ebp-04h], eax
call dword ptr [012B35A0h]
xor dword ptr [ebp-04h], eax
lea eax, dword ptr [ebp-14h]
push eax
call dword ptr [012B3748h]
mov eax, dword ptr [ebp-10h]
lea ecx, dword ptr [ebp-04h]
xor eax, dword ptr [ebp-14h]
xor eax, dword ptr [ebp-04h]
xor eax, ecx
leave
ret
mov eax, 00004000h
ret
int3
int3
int3
int3
int3
int3
int3
int3
mov al, 01h
ret
push 00030000h
push 00010000h
push 00000000h
call 00007F84B0B470D4h
add esp, 0Ch

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0xeb2b6c	0x73	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0xeb2be0	0x190	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xee3000	0xebe0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xef2000	0x55bb8	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xea6c8c	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xea6980	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xb08590	0xc0	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xeb335c	0x5ec	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xb06170	0xb06200	a9962421829ce694e0f1de38040bcf1d	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0xb08000	0x3b02f4	0x3b0400	866b6def9ba0b24d4493a49ddd10ae22	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xeb9000	0x267a0	0xb400	dad0ce621f441664dda5d9072ba85fd6	False	0.180859375	data	4.4893328081569805	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rodata	0xee0000	0xe0	0x200	b9127bdf9c33b3123c8c2dbd4946c596	False	0.12109375	StarOffice Gallery theme \004, 262148 objects, 1st \212\214\212\214\212\214\212\214\212\214\212\214\212\214\212{N{N{N{N{N{N{N{N\214\212\214\212\214\212\214\212\220\220\220\220\220\220\220\220{N{N{N{N\220\220\220\220\220\220\220\220\004	2.122182890299402	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.tls	0xee1000	0x1c1	0x200	346289e99a70f3b5b809464ab8887a87	False	0.07421875	data	0.35898472513537405	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
malloc_h	0xee2000	0xb9	0x200	967eaafec2e8d0e5c231111509fabb48	False	0.369140625	data	3.0732738453377997	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xee3000	0xebe0	0xec00	c84fe1216974422fbba5d2d3666ee0d6	False	0.05703787076271186	data	1.535109754488772	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xef2000	0x55bb8	0x55c00	f2afb83282bad169ef51c99c6c898444	False	0.5994755603134111	GLS_BINARY_LSB_FIRST	6.679156823008208	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_CURSOR	0xee38d0	0x134	data			0.4837662337662338
RT_CURSOR	0xee3a20	0x134	data			0.22402597402597402
RT_CURSOR	0xee3b70	0x134	Targa image data - RLE 64 x 65536 x 1 +32 "\001"			0.2077922077922078
RT_CURSOR	0xee3cc0	0x134	data			0.461038961038961
RT_CURSOR	0xee3e10	0x134	data			0.39935064935064934
RT_CURSOR	0xee3f48	0xcac	data			0.08446362515413071
RT_CURSOR	0xee4c20	0x134	data			0.32142857142857145
RT_CURSOR	0xee4d58	0xcac	data			0.06103575832305795
RT_CURSOR	0xee5a30	0x10ac	Targa image data 64 x 65536 x 1 +32 " "			0.03280224929709466
RT_CURSOR	0xee6af8	0x10ac	Targa image data 64 x 65536 x 1 +32 " "			0.07966260543580131
RT_CURSOR	0xee7bc0	0x10ac	Targa image data 64 x 65536 x 1 +32 " "			0.07872539831302718
RT_CURSOR	0xee8c88	0x10ac	Targa image data 64 x 65536 x 1 +32 " "			0.07591377694470477
RT_CURSOR	0xee9d50	0x10ac	Targa image data 64 x 65536 x 1 +32 " "			0.03420805998125586
RT_CURSOR	0xeeae18	0x10ac	Targa image data 64 x 65536 x 1 +32 " "			0.03655107778819119
RT_CURSOR	0xeebee0	0x10ac	Targa image data 64 x 65536 x 1 +32 " "			0.03795688847235239
RT_CURSOR	0xeecfa8	0x10ac	Targa image data 64 x 65536 x 1 +32 " "			0.03303655107778819
RT_CURSOR	0xeee070	0x10ac	Targa image data 64 x 65536 x 1 +32 " "			0.036785379568884724
RT_CURSOR	0xeef138	0x10ac	Targa image data 64 x 65536 x 1 +32 " "			0.03608247422680412
RT_CURSOR	0xef0200	0x10ac	Targa image data 64 x 65536 x 1 +32 " "			0.042877225866916585
RT_CURSOR	0xef12c8	0x134	Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"			0.23376623376623376
RT_CURSOR	0xef1418	0x134	Targa image data - Mono 64 x 65536 x 1 +32 "\001"			0.1590909090909091
RT_CURSOR	0xef1568	0x134	data			0.3181818181818182
RT_CURSOR	0xef16b8	0x134	data			0.30194805194805197
RT_GROUP_CURSOR	0xee3a08	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.25
RT_GROUP_CURSOR	0xee3b58	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.25
RT_GROUP_CURSOR	0xee3ca8	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0xee3df8	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0xee4bf8	0x22	Lotus unknown worksheet or configuration, revision 0x2			1.0
RT_GROUP_CURSOR	0xee5a08	0x22	Lotus unknown worksheet or configuration, revision 0x2			1.0
RT_GROUP_CURSOR	0xee6ae0	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.2
RT_GROUP_CURSOR	0xee7ba8	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.2
RT_GROUP_CURSOR	0xee8c70	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.2
RT_GROUP_CURSOR	0xee9d38	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.2
RT_GROUP_CURSOR	0xeeae00	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.2
RT_GROUP_CURSOR	0xeebec8	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.2
RT_GROUP_CURSOR	0xeecf90	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.2
RT_GROUP_CURSOR	0xeee058	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.2
RT_GROUP_CURSOR	0xeef120	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.2
RT_GROUP_CURSOR	0xef01e8	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.2
RT_GROUP_CURSOR	0xef12b0	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.2
RT_GROUP_CURSOR	0xef1400	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0xef1550	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0xef16a0	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0xef17f0	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_MANIFEST	0xef1808	0x3d2	XML 1.0 document, ASCII text, with very long lines (864)	English	United States	0.5398773006134969

Imports

DLL	Import
ADVAPI32.dll	BuildTrusteeWithSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertStringSidToSidW, CreateProcessAsUserW, GetLengthSid, GetNamedSecurityInfoW, GetSecurityDescriptorControl, GetSecurityDescriptorDacl, GetSecurityDescriptorGroup, GetSecurityDescriptorOwner, GetSecurityDescriptorSacl, InitializeAcl, InitializeSecurityDescriptor, IsValidAcl, IsValidSecurityDescriptor, IsValidSid, RegCloseKey, RegCreateKeyExW, RegEnumKeyExW, RegNotifyChangeKeyValue, RegOpenKeyExW, RegQueryInfoKeyW, RegQueryValueExW, SetEntriesInAclW, SetNamedSecurityInfoW, SetSecurityDescriptorDacl, SetSecurityInfo
dbghelp.dll	SymCleanup, SymFromAddr, SymGetLineFromAddr64, SymGetSearchPathW, SymInitialize, SymSetOptions, SymSetSearchPathW
USER32.dll	AllowSetForegroundWindow, CreateWindowExW, DefWindowProcW, DestroyWindow, DispatchMessageW, GetActiveWindow, GetQueueStatus, KillTimer, LoadKeyboardLayoutW, MapVirtualKeyW, MsgWaitForMultipleObjectsEx, PeekMessageW, PostMessageW, PostQuitMessage, RegisterClassExW, SetTimer, ToUnicode, TranslateMessage, UnregisterClassW, VkKeyScanW
WS2_32.dll	WSACloseEvent, WSACreateEvent, WSAEnumNetworkEvents, WSAEventSelect, WSAGetLastError, WSAGetOverlappedResult, WSAIoctl, WSARecvFrom, WSAResetEvent, WSASend, WSASendTo, WSASetLastError, WSASocketW, WSAStartup, accept, bind, closesocket, connect, freeaddrinfo, getaddrinfo, gethostname, getpeername, getsockname, getsockopt, htonl, htons, inet_ntop, ioctlsocket, listen, ntohs, recv, recvfrom, sendto, setsockopt, shutdown, socket
KERNEL32.dll	AcquireSRWLockExclusive, AcquireSRWLockShared, AreFileApisANSI, AssignProcessToJobObject, CancelIo, CancelIoEx, CloseHandle, CompareStringW, ConnectNamedPipe, CreateDirectoryW, CreateEventW, CreateFileA, CreateFileMappingW, CreateFileW, CreateIoCompletionPort, CreateMutexW, CreateNamedPipeW, CreatePipe, CreateProcessW, CreateSemaphoreA, CreateThread, DecodePointer, DeleteCriticalSection, DeleteFileA, DeleteFileW, DeleteProcThreadAttributeList, DuplicateHandle, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, ExpandEnvironmentStringsW, FileTimeToSystemTime, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FlushViewOfFile, FormatMessageA, FormatMessageW, FreeEnvironmentStringsW, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrencyFormatEx, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetDateFormatEx, GetDateFormatW, GetDiskFreeSpaceA, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetDriveTypeW, GetDynamicTimeZoneInformation, GetEnvironmentStringsW, GetEnvironmentVariableW, GetExitCodeProcess, GetFileAttributesA, GetFileAttributesExW, GetFileAttributesW, GetFileInformationByHandle, GetFileSize, GetFileSizeEx, GetFileType, GetFullPathNameA, GetFullPathNameW, GetGeoInfoW, GetLastError, GetLocalTime, GetLocaleInfoEx, GetLocaleInfoW, GetLogicalProcessorInformation, GetLogicalProcessorInformationEx, GetLongPathNameW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetNamedPipeClientProcessId, GetNamedPipeServerProcessId, GetNativeSystemInfo, GetNumberFormatEx, GetOEMCP, GetProcAddress, GetProcessHeap, GetProcessId, GetProcessTimes, GetProductInfo, GetQueuedCompletionStatus, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemDirectoryW, GetSystemInfo, GetSystemTime, GetSystemTimeAsFileTime, GetTempPathA, GetTempPathW, GetThreadId, GetThreadPriority, GetTickCount, GetTimeFormatEx, GetTimeFormatW, GetTimeZoneInformation, GetUserDefaultLCID, GetUserGeoID, GetVersionExW, GetWindowsDirectoryW, GlobalFree, GlobalMemoryStatusEx, HeapAlloc, HeapCompact, HeapCreate, HeapDestroy, HeapFree, HeapReAlloc, HeapSize, HeapValidate, InitOnceExecuteOnce, InitializeConditionVariable, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InitializeProcThreadAttributeList, InitializeSListHead, InitializeSRWLock, InterlockedPushEntrySList, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, IsWow64Process, K32GetModuleInformation, K32QueryWorkingSetEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LocalFree, LockFile, LockFileEx, MapViewOfFile, MoveFileExW, MoveFileW, MultiByteToWideChar, OpenProcess, OutputDebugStringA, OutputDebugStringW, PostQueuedCompletionStatus, PrefetchVirtualMemory, QueryPerformanceCounter, QueryPerformanceFrequency, QueryThreadCycleTime, RaiseException, ReadConsoleW, ReadFile, RegisterWaitForSingleObject, ReleaseSRWLockExclusive, ReleaseSRWLockShared, ReleaseSemaphore, RemoveDirectoryW, ReplaceFileW, ResetEvent, ResolveLocaleName, RtlCaptureStackBackTrace, RtlUnwind, SetEndOfFile, SetEnvironmentVariableW, SetEvent, SetFileAttributesW, SetFileInformationByHandle, SetFilePointer, SetFilePointerEx, SetFileTime, SetHandleInformation, SetLastError, SetStdHandle, SetThreadInformation, SetThreadPriority, SetUnhandledExceptionFilter, Sleep, SleepConditionVariableSRW, SwitchToThread, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, TryEnterCriticalSection, TzSpecificLocalTimeToSystemTime, UnhandledExceptionFilter, UnlockFile, UnlockFileEx, UnmapViewOfFile, UnregisterWaitEx, UpdateProcThreadAttribute, VirtualAlloc, VirtualFree, VirtualProtect, VirtualQuery, WaitForMultipleObjects, WaitForSingleObject, WaitForSingleObjectEx, WaitNamedPipeW, WakeAllConditionVariable, WakeConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile
IPHLPAPI.DLL	GetAdaptersAddresses
ntdll.dll	RtlGetLastNtStatus
USERENV.dll	CreateEnvironmentBlock, DestroyEnvironmentBlock
SHELL32.dll	CommandLineToArgvW, SHGetFolderPathW, SHGetKnownFolderPath, ShellExecuteExW
SHLWAPI.dll	PathMatchSpecW
WINMM.dll	timeBeginPeriod, timeEndPeriod, timeGetTime
ole32.dll	CoInitializeEx, CoRegisterInitializeSpy, CoRevokeInitializeSpy, CoTaskMemFree, CoUninitialize
Secur32.dll	AcquireCredentialsHandleW, DeleteSecurityContext, FreeContextBuffer, FreeCredentialsHandle, InitializeSecurityContextW, QueryContextAttributesW, QuerySecurityPackageInfoW
WINHTTP.dll	WinHttpCloseHandle, WinHttpGetIEProxyConfigForCurrentUser, WinHttpGetProxyForUrl, WinHttpOpen, WinHttpSetTimeouts
api-ms-win-core-winrt-l1-1-0.dll	RoInitialize, RoUninitialize
urlmon.dll	CoInternetCreateSecurityManager
CRYPT32.dll	CertAddStoreToCollection, CertCloseStore, CertControlStore, CertEnumCertificatesInStore, CertFindCertificateInStore, CertGetEnhancedKeyUsage, CertOpenStore
dhcpcsvc.DLL	DhcpCApiInitialize, DhcpRequestParams
ncrypt.dll	NCryptCreatePersistedKey, NCryptExportKey, NCryptFinalizeKey, NCryptFreeObject, NCryptGetProperty, NCryptImportKey, NCryptIsAlgSupported, NCryptOpenStorageProvider, NCryptSignHash

Exports

Name	Ordinal	Address
GetHandleVerifier	1	0x631be0
sqlite3_dbdata_init	2	0xbc6cb0

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Target ID:	0
Start time:	05:01:26
Start date:	01/10/2024
Path:	C:\Users\user\Desktop\chromedriver.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\chromedriver.exe" -install
Imagebase:	0x440000
File size:	15'887'360 bytes
MD5 hash:	D99868A7FF7B7962E2EE2C9BFB1BA83B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	05:01:26
Start date:	01/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	05:01:28
Start date:	01/10/2024
Path:	C:\Users\user\Desktop\chromedriver.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\chromedriver.exe" /install
Imagebase:	0x440000
File size:	15'887'360 bytes
MD5 hash:	D99868A7FF7B7962E2EE2C9BFB1BA83B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	05:01:28
Start date:	01/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	05:01:31
Start date:	01/10/2024
Path:	C:\Users\user\Desktop\chromedriver.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\chromedriver.exe" /load
Imagebase:	0x440000
File size:	15'887'360 bytes
MD5 hash:	D99868A7FF7B7962E2EE2C9BFB1BA83B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	05:01:31
Start date:	01/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report chromedriver.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

\Device\ConDrv

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: chromedriver.exePID: 3612, Parent PID: 2580

General

Chronological Activities

Analysis Process: conhost.exePID: 4504, Parent PID: 3612

General

Chronological Activities

Analysis Process: chromedriver.exePID: 4040, Parent PID: 2580

General

Windows Analysis Report
chromedriver.exe