Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\chromedriver.exe

"C:\Users\user\Desktop\chromedriver.exe" -install

Details

Is windows:	false
Is dropped:	false
PID:	3612
Target ID:	0
Parent PID:	2580
Name:	chromedriver.exe
Path:	C:\Users\user\Desktop\chromedriver.exe
Commandline:	"C:\Users\user\Desktop\chromedriver.exe" -install
Size:	15887360
MD5:	D99868A7FF7B7962E2EE2C9BFB1BA83B
Time:	05:01:26
Date:	01/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x440000
Modulesize:	16023552
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Found strings which match to known social media urls	Networking
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file imports many functions	System Summary
PE file has a big raw section	System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	4504
Target ID:	1
Parent PID:	3612
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	05:01:26
Date:	01/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Users\user\Desktop\chromedriver.exe

"C:\Users\user\Desktop\chromedriver.exe" /install

Details

Is windows:	false
Is dropped:	false
PID:	4040
Target ID:	2
Parent PID:	2580
Name:	chromedriver.exe
Path:	C:\Users\user\Desktop\chromedriver.exe
Commandline:	"C:\Users\user\Desktop\chromedriver.exe" /install
Size:	15887360
MD5:	D99868A7FF7B7962E2EE2C9BFB1BA83B
Time:	05:01:28
Date:	01/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x440000
Modulesize:	16023552
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Found strings which match to known social media urls	Networking
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file imports many functions	System Summary
PE file has a big raw section	System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	2344
Target ID:	3
Parent PID:	4040
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	05:01:28
Date:	01/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Users\user\Desktop\chromedriver.exe

"C:\Users\user\Desktop\chromedriver.exe" /load

Details

Is windows:	false
Is dropped:	false
PID:	2416
Target ID:	4
Parent PID:	2580
Name:	chromedriver.exe
Path:	C:\Users\user\Desktop\chromedriver.exe
Commandline:	"C:\Users\user\Desktop\chromedriver.exe" /load
Size:	15887360
MD5:	D99868A7FF7B7962E2EE2C9BFB1BA83B
Time:	05:01:31
Date:	01/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x440000
Modulesize:	16023552
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Found strings which match to known social media urls	Networking
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file imports many functions	System Summary
PE file has a big raw section	System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	5552
Target ID:	5
Parent PID:	2416
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	05:01:31
Date:	01/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://html4/loose.dtd

unknown

https://bit.ly/3rpDuEX.X-Content-Type-OptionsInvalid

unknown

https://dns10.quad9.net/dns-query

unknown

https://chromium.dns.nextdns.io

unknown

https://doh.familyshield.opendns.com/dns-query

unknown

http://crl.dhimyotis.com/certignarootca.crl0

unknown

http://clients3.google.com/cert_upload_json

unknown

https://doh.cleanbrowsing.org/doh/security-filter

unknown

http://www.firmaprofesional.com/cps0

unknown

https://dns.google/dns-query

unknown

http://certificates.godaddy.com/repository100.

unknown

https://public.dns.iij.jp/

unknown

http://repository.swisssign.com/0

unknown

http://.css

unknown

http://crl.securetrust.com/SGCA.crl0

unknown

http://crl.securetrust.com/STCA.crl0

unknown

https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflare

unknown

http://www.w3.

unknown

https://doh.cox.net/dns-query

unknown

https://doh.quickline.ch/dns-query

unknown

https://%s:%d/.well-known/masque/udp/%s/%d/

unknown

https://chromedriver.chromium.org/security-considerations

unknown

https://nextdns.io/privacyNextDNShttps://chromium.dns.nextdns.ioNextDnshttps://www.cisco.com/c/en/us

unknown

https://www.nic.cz/odvr/

unknown

https://developers.google.com/speed/public-dns/privacy

unknown

https://dns11.quad9.net/dns-query

unknown

http://www.quovadisglobal.com/cps0

unknown

https://%s:%d/.well-known/masque/udp/%s/%d/Net.QuicStreamFactory.DefaultNetworkMatchNet.QuicSession.

unknown

https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/

unknown

http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0

unknown

https://www.nic.cz/odvr/CZ.NIC

unknown

http://www.w3.o

unknown

https://doh-02.spectrum.com/dns-query

unknown

https://www.quad9.net/home/privacy/Quad9

unknown

http://.jpg

unknown

https://chromium.googlesource.com/chromium/src/

unknown

https://dns.levonet.sk/dns-query

unknown

https://public.dns.iij.jp/IIJ

unknown

https://doh.cox.net/dns-querydot.cox.net68.105.28.1168.105.28.122001:578:3f::30V

unknown

http://www.apache.org/licenses/LICENSE-2.0

unknown

https://dns10.quad9.net/dns-querydns10.quad9.net9.9.9.10149.112.112.102620:fe::102620:fe::fe:10

unknown

https://cleanbrowsing.org/privacyCleanBrowsing

unknown

https://nextdns.io/privacy

unknown

https://odvr.nic.cz/doh

unknown

https://doh.cleanbrowsing.org/doh/family-filter

unknown

https://github.com/GoogleChromeLabs/chromium-bidi

unknown

http://www.accv.es/legislacion_c.htm0U

unknown

https://bit.ly/3rpDuEX.

unknown

https://doh.xfinity.com/dns-query

unknown

https://alekberg.net/privacyalekberg.net

unknown

https://cleanbrowsing.org/privacy

unknown

https://wwww.certigna.fr/autorites/0m

unknown

http://ocsp.accv.es0

unknown

https://www.quad9.net/home/privacy/

unknown

https://developers.google.com/speed/public-dns/privacyGoogle

unknown

https://chrome.cloudflare-dns.com/dns-queryone.one.one.one1dot1dot1dot1.cloudflare-dns.com1.1.1.11.0

unknown

http://www.w3.or

unknown

https://crbug.com/1154140

unknown

https://dns64.dns.google/dns-query

unknown

https://doh.cleanbrowsing.org/doh/adult-filter

unknown

https://doh.opendns.com/dns-query

unknown

https://doh-01.spectrum.com/dns-query

unknown

https://dns.quad9.net/dns-query

unknown

https://www.cisco.com/c/en/us/about/legal/privacy-full.html

unknown

http://certificates.godaddy.com/repository/gd_intermediate.crt0

unknown

http://tools.ietf.org/html/rfc3986#section-2.1)

unknown

http://wpad/wpad.dat..

unknown

https://dns.quad9.net/dns-querydns.quad9.netdns9.quad9.net9.9.9.9149.112.112.1122620:fe::fe2620:fe::

unknown

http://report-example.test/test

unknown

https://dns.sb/privacy/DNS.SBhttps://doh.dns.sb/dns-query

unknown

https://chrome.cloudflare-dns.com/dns-query

unknown

https://odvr.nic.cz/dohodvr.nic.cz185.43.135.1193.17.47.12001:148f:fffe::12001:148f:ffff::1

unknown

https://public.dns.iij.jp/dns-queryIij109.236.119.2109.236.120.22a02:6ca3:0:1::22a02:6ca3:0:2::2

unknown

http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0

unknown

https://public.dns.iij.jp/dns-query

unknown

http://crl.xrampsecurity.com/XGCA.crl0

unknown

http://crl.certigna.fr/certignarootca.crl01

unknown

http://wpad/wpad.dat

unknown

https://dns.sb/privacy/

unknown

https://doh.dns.sb/dns-query

unknown

http://httpswsswsdevtools/browser/json/versionjson/liststring_view::substr..

unknown

http://www.accv.es00

unknown

http://www.cert.fnmt.es/dpcs/0

unknown

http://crl.godaddy.com/gds1-20

unknown

https://alekberg.net/privacy

unknown

https://dnsnl.alekberg.net/dns-query

unknown

https://tools.ietf.org/html/rfc3492)

unknown

https://dns11.quad9.net/dns-querydns11.quad9.net9.9.9.11149.112.112.112620:fe::112620:fe::fe:11

unknown

There are 78 hidden URLs, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

4D604000

direct allocation

page read and write

3A87C000

direct allocation

page read and write

44604000

direct allocation

page read and write

12FD000

unkown

page write copy

440000

unkown

page readonly

20608000

direct allocation

page read and write

5780000

heap

page read and write

2060C000

direct allocation

page read and write

5780000

heap

page read and write

3302C000

direct allocation

page read and write

3A88C000

direct allocation

page read and write

76AE000

stack

page read and write

290F8000

direct allocation

page read and write

12FD000

unkown

page write copy

57D0000

heap

page read and write

5860000

heap

page read and write

77AE000

stack

page read and write

58F0000

heap

page read and write

4D608000

direct allocation

page read and write

2908C000

direct allocation

page read and write

441000

unkown

page execute read

3302C000

direct allocation

page read and write

29001000

direct allocation

page read and write

766E000

stack

page read and write

330E0000

direct allocation

page read and write

12FD000

unkown

page write copy

29024000

direct allocation

page read and write

3A8F0000

direct allocation

page read and write

290A4000

direct allocation

page read and write

1323000

unkown

page readonly

3306C000

direct allocation

page read and write

3A86C000

direct allocation

page read and write

3A8E0000

direct allocation

page read and write

3A8C8000

direct allocation

page read and write

12F9000

unkown

page write copy

290D0000

direct allocation

page read and write

792E000

stack

page read and write

77EE000

stack

page read and write

3A82C000

direct allocation

page read and write

E41000

unkown

page execute read

3A90C000

direct allocation

page read and write

792E000

stack

page read and write

5A90000

heap

page read and write

2907C000

direct allocation

page read and write

E41000

unkown

page execute read

5A10000

heap

page read and write

1323000

unkown

page readonly

3A914000

direct allocation

page read and write

440000

unkown

page readonly

73CE000

stack

page read and write

756E000

stack

page read and write

F48000

unkown

page readonly

33014000

direct allocation

page read and write

77ED000

stack

page read and write

330E4000

direct allocation

page read and write

3305C000

direct allocation

page read and write

563C000

stack

page read and write

F48000

unkown

page readonly

3A840000

direct allocation

page read and write

440000

unkown

page readonly

3A8B0000

direct allocation

page read and write

58F5000

heap

page read and write

12F9000

unkown

page read and write

131B000

unkown

page read and write

5450000

heap

page read and write

33024000

direct allocation

page read and write

290F0000

direct allocation

page read and write

1320000

unkown

page execute read

29014000

direct allocation

page read and write

3A8A4000

direct allocation

page read and write

710F000

stack

page read and write

2905C000

direct allocation

page read and write

290B8000

direct allocation

page read and write

3300C000

direct allocation

page read and write

E41000

unkown

page execute read

5A40000

heap

page read and write

1320000

unkown

page execute read

57E5000

heap

page read and write

7A2F000

stack

page read and write

3A828000

direct allocation

page read and write

1320000

unkown

page execute read

1322000

unkown

page execute read

12FF000

unkown

page read and write

5390000

heap

page read and write

1312000

unkown

page read and write

594E000

stack

page read and write

441000

unkown

page execute read

1314000

unkown

page read and write

5958000

heap

page read and write

131B000

unkown

page read and write

5420000

heap

page read and write

3A8C4000

direct allocation

page read and write

5950000

heap

page read and write

2906C000

direct allocation

page read and write

3A85C000

direct allocation

page read and write

E41000

unkown

page execute read

78ED000

stack

page read and write

752E000

stack

page read and write

3A801000

direct allocation

page read and write

4460C000

direct allocation

page read and write

33034000

direct allocation

page read and write

441000

unkown

page execute read

1300000

unkown

page write copy

20604000

direct allocation

page read and write

33114000

direct allocation

page read and write

74D0000

heap

page read and write

762F000

stack

page read and write

E41000

unkown

page execute read

290C8000

direct allocation

page read and write

441000

unkown

page execute read

3A8B8000

direct allocation

page read and write

77AF000

stack

page read and write

441000

unkown

page execute read

1323000

unkown

page readonly

2910C000

direct allocation

page read and write

1304000

unkown

page read and write

3A824000

direct allocation

page read and write

F48000

unkown

page readonly

738E000

stack

page read and write

3A834000

direct allocation

page read and write

573C000

stack

page read and write

441000

unkown

page execute read

3A814000

direct allocation

page read and write

12FF000

unkown

page read and write

2902C000

direct allocation

page read and write

1323000

unkown

page readonly

78ED000

stack

page read and write

1314000

unkown

page read and write

1304000

unkown

page read and write

330B8000

direct allocation

page read and write

1322000

unkown

page execute read

405000

heap

page read and write

29078000

direct allocation

page read and write

290E4000

direct allocation

page read and write

724F000

stack

page read and write

5A8E000

stack

page read and write

7A2F000

stack

page read and write

12F9000

unkown

page write copy

1314000

unkown

page read and write

33104000

direct allocation

page read and write

440000

unkown

page readonly

330A4000

direct allocation

page read and write

766E000

stack

page read and write

3A8A4000

direct allocation

page read and write

3A854000

direct allocation

page read and write

29054000

direct allocation

page read and write

44608000

direct allocation

page read and write

440000

unkown

page readonly

290C4000

direct allocation

page read and write

1304000

unkown

page read and write

290E0000

direct allocation

page read and write

3A904000

direct allocation

page read and write

5D80000

heap

page read and write

29114000

direct allocation

page read and write

330F0000

direct allocation

page read and write

58E0000

heap

page read and write

1312000

unkown

page read and write

1322000

unkown

page execute read

1322000

unkown

page execute read

29040000

direct allocation

page read and write

330C4000

direct allocation

page read and write

29028000

direct allocation

page read and write

3A82C000

direct allocation

page read and write

F48000

unkown

page readonly

33028000

direct allocation

page read and write

1323000

unkown

page readonly

12F9000

unkown

page read and write

3A8E4000

direct allocation

page read and write

573C000

stack

page read and write

3A868000

direct allocation

page read and write

1300000

unkown

page write copy

290B0000

direct allocation

page read and write

33078000

direct allocation

page read and write

752F000

stack

page read and write

728E000

stack

page read and write

330A4000

direct allocation

page read and write

2900C000

direct allocation

page read and write

33054000

direct allocation

page read and write

330D0000

direct allocation

page read and write

3308C000

direct allocation

page read and write

F48000

unkown

page readonly

33001000

direct allocation

page read and write

1CC000

stack

page read and write

12F9000

unkown

page read and write

CC000

stack

page read and write

5D4F000

stack

page read and write

29068000

direct allocation

page read and write

12FF000

unkown

page read and write

1320000

unkown

page execute read

330C8000

direct allocation

page read and write

3310C000

direct allocation

page read and write

330F8000

direct allocation

page read and write

5D50000

heap

page read and write

E41000

unkown

page execute read

2902C000

direct allocation

page read and write

441000

unkown

page execute read

714E000

stack

page read and write

1320000

unkown

page execute read

F48000

unkown

page readonly

3A80C000

direct allocation

page read and write

5458000

heap

page read and write

5A98000

heap

page read and write

441000

unkown

page execute read

3307C000

direct allocation

page read and write

29104000

direct allocation

page read and write

585E000

stack

page read and write

3A804000

direct allocation

page read and write

563C000

stack

page read and write

33068000

direct allocation

page read and write

131B000

unkown

page read and write

290A4000

direct allocation

page read and write

76AE000

stack

page read and write

3A878000

direct allocation

page read and write

74CD000

stack

page read and write

57E0000

heap

page read and write

33040000

direct allocation

page read and write

440000

unkown

page readonly

441000

unkown

page execute read

33004000

direct allocation

page read and write

29004000

direct allocation

page read and write

29034000

direct allocation

page read and write

12F9000

unkown

page write copy

1312000

unkown

page read and write

3A8F8000

direct allocation

page read and write

1300000

unkown

page write copy

756E000

stack

page read and write

400000

heap

page read and write

330B0000

direct allocation

page read and write

1322000

unkown

page execute read

3A8D0000

direct allocation

page read and write

290A0000

direct allocation

page read and write

1320000

unkown

page execute read

1323000

unkown

page readonly

1322000

unkown

page execute read

3A8A0000

direct allocation

page read and write

330A0000

direct allocation

page read and write

4D60C000

direct allocation

page read and write

There are 227 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
chromedriver.exe

Files

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportchromedriver.exe

Files

Processes

URLs

Memdumps

IOC Report
chromedriver.exe