Windows Analysis Report
D8wwrB9ZCB.exe

Overview

General Information

Sample name:	D8wwrB9ZCB.exe (renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name:	22b90d638d1da32f8e2f2fdbecf4cad4
Analysis ID:	1524643
MD5:	22b90d638d1da32f8e2f2fdbecf4cad4
SHA1:	d333c074053ee90bb2f7a5a2f4923285e8c92952
SHA256:	dc2535caf6f685dbaadc3a18c6fcfabc043d75a1b76245247eab02bf766c9320

Errors Corrupt sample or wrongly selected analyzer. Details: 36b1

Detection

Score:	3
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Detected potential crypto function

Found potential string decryption / allocating functions

PE file contains more sections than normal

PE file contains sections with non-standard names

Program does not show much activity (idle)

Sample file is different than original file name gathered from version info

Classification

Signatures

Source: D8wwrB9ZCB.exe

Static PE information: certificate valid

Source: D8wwrB9ZCB.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:

Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\initialexe\chrome.exe.pdb source: D8wwrB9ZCB.exe

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3696F0 GetLastError,FindNextFileW,GetLastError,FindClose,GetFileAttributesW,FindFirstFileExW,		0_2_00007FF69B3696F0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4E6630 FindFirstFileExW,GetLastError,		0_2_00007FF69B4E6630

Source: D8wwrB9ZCB.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://ocsp.digicert.com0
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://www.digicert.com/CPS0
Source: D8wwrB9ZCB.exe	String found in binary or memory: https://crashpad.chromium.org/
Source: D8wwrB9ZCB.exe	String found in binary or memory: https://crashpad.chromium.org/bug/new
Source: D8wwrB9ZCB.exe	String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new

Detected potential crypto function

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B46DC8C	0_2_00007FF69B46DC8C
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B34CCB0	0_2_00007FF69B34CCB0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B42EC60	0_2_00007FF69B42EC60
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B491CF8	0_2_00007FF69B491CF8
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B332CC0	0_2_00007FF69B332CC0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B33FCD0	0_2_00007FF69B33FCD0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B389CE0	0_2_00007FF69B389CE0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B46BB78	0_2_00007FF69B46BB78
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B469B70	0_2_00007FF69B469B70
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B351C20	0_2_00007FF69B351C20
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B417BD0	0_2_00007FF69B417BD0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B34BBF0	0_2_00007FF69B34BBF0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B46DA80	0_2_00007FF69B46DA80
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B40BA60	0_2_00007FF69B40BA60
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B404B30	0_2_00007FF69B404B30
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B35CAD0	0_2_00007FF69B35CAD0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B35DAE0	0_2_00007FF69B35DAE0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B46F980	0_2_00007FF69B46F980
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4C79B0	0_2_00007FF69B4C79B0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3DD9A0	0_2_00007FF69B3DD9A0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4CF9A0	0_2_00007FF69B4CF9A0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B33E940	0_2_00007FF69B33E940
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3C5960	0_2_00007FF69B3C5960
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4B8960	0_2_00007FF69B4B8960
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3C7A10	0_2_00007FF69B3C7A10
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B36AA10	0_2_00007FF69B36AA10
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4769CC	0_2_00007FF69B4769CC
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B34B9D0	0_2_00007FF69B34B9D0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B43F090	0_2_00007FF69B43F090
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B381090	0_2_00007FF69B381090
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3C3050	0_2_00007FF69B3C3050
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B469F78	0_2_00007FF69B469F78
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B350F90	0_2_00007FF69B350F90
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3F7FA0	0_2_00007FF69B3F7FA0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B401F40	0_2_00007FF69B401F40
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B42BF70	0_2_00007FF69B42BF70
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B409F70	0_2_00007FF69B409F70
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B345020	0_2_00007FF69B345020
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B415FD0	0_2_00007FF69B415FD0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B441E90	0_2_00007FF69B441E90
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B46DE98	0_2_00007FF69B46DE98
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3FEEB0	0_2_00007FF69B3FEEB0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B36CEB0	0_2_00007FF69B36CEB0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3EFF00	0_2_00007FF69B3EFF00
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3C7F10	0_2_00007FF69B3C7F10
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B430ED0	0_2_00007FF69B430ED0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B341ED0	0_2_00007FF69B341ED0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3F1D80	0_2_00007FF69B3F1D80
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B42AD80	0_2_00007FF69B42AD80
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B451D40	0_2_00007FF69B451D40
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B469D74	0_2_00007FF69B469D74
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B474E30	0_2_00007FF69B474E30
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4CFE20	0_2_00007FF69B4CFE20
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B44CDE0	0_2_00007FF69B44CDE0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B488494	0_2_00007FF69B488494
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B499480	0_2_00007FF69B499480
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4514B0	0_2_00007FF69B4514B0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4944A0	0_2_00007FF69B4944A0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B35C440	0_2_00007FF69B35C440
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3EE450	0_2_00007FF69B3EE450
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B46F474	0_2_00007FF69B46F474
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B347460	0_2_00007FF69B347460
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B34E460	0_2_00007FF69B34E460
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B480510	0_2_00007FF69B480510
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B456510	0_2_00007FF69B456510
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B33E530	0_2_00007FF69B33E530
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B40E520	0_2_00007FF69B40E520
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B48E51C	0_2_00007FF69B48E51C
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3394D0	0_2_00007FF69B3394D0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3374E0	0_2_00007FF69B3374E0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B46A380	0_2_00007FF69B46A380
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3C43A0	0_2_00007FF69B3C43A0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4CF360	0_2_00007FF69B4CF360
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B48F408	0_2_00007FF69B48F408
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3E4410	0_2_00007FF69B3E4410
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3D0420	0_2_00007FF69B3D0420
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B44B3E0	0_2_00007FF69B44B3E0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B47228C	0_2_00007FF69B47228C
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3452A0	0_2_00007FF69B3452A0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3D3250	0_2_00007FF69B3D3250
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B378260	0_2_00007FF69B378260
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B40D2D0	0_2_00007FF69B40D2D0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3692C0	0_2_00007FF69B3692C0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4672D0	0_2_00007FF69B4672D0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4C32F0	0_2_00007FF69B4C32F0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B46A17C	0_2_00007FF69B46A17C
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3ED190	0_2_00007FF69B3ED190
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4881AC	0_2_00007FF69B4881AC
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B34D1A0	0_2_00007FF69B34D1A0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3EE150	0_2_00007FF69B3EE150
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B331150	0_2_00007FF69B331150
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B43D170	0_2_00007FF69B43D170
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3C8200	0_2_00007FF69B3C8200
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B466230	0_2_00007FF69B466230
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3401C0	0_2_00007FF69B3401C0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B407880	0_2_00007FF69B407880
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B48888C	0_2_00007FF69B48888C
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B431850	0_2_00007FF69B431850
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B467868	0_2_00007FF69B467868
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3F0870	0_2_00007FF69B3F0870
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B344910	0_2_00007FF69B344910
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3F88C0	0_2_00007FF69B3F88C0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4B88E0	0_2_00007FF69B4B88E0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4268E0	0_2_00007FF69B4268E0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4BC780	0_2_00007FF69B4BC780
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B42C780	0_2_00007FF69B42C780
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B40D780	0_2_00007FF69B40D780
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B34D7A0	0_2_00007FF69B34D7A0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B381750	0_2_00007FF69B381750
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3CC760	0_2_00007FF69B3CC760
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B377760	0_2_00007FF69B377760
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B401820	0_2_00007FF69B401820
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B429820	0_2_00007FF69B429820
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B43D820	0_2_00007FF69B43D820
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4667E0	0_2_00007FF69B4667E0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3A8680	0_2_00007FF69B3A8680
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3CE690	0_2_00007FF69B3CE690
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4DC6A0	0_2_00007FF69B4DC6A0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3CD640	0_2_00007FF69B3CD640
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B411670	0_2_00007FF69B411670
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3E1710	0_2_00007FF69B3E1710
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B42E700	0_2_00007FF69B42E700
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3696F0	0_2_00007FF69B3696F0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B46A584	0_2_00007FF69B46A584
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B37B5A0	0_2_00007FF69B37B5A0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B419550	0_2_00007FF69B419550
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3EC560	0_2_00007FF69B3EC560
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3EA620	0_2_00007FF69B3EA620
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B396630	0_2_00007FF69B396630
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4035D0	0_2_00007FF69B4035D0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B43C5E0	0_2_00007FF69B43C5E0

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: String function: 00007FF69B44EDF0 appears 62 times
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: String function: 00007FF69B362290 appears 31 times
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: String function: 00007FF69B49D6D0 appears 42 times

PE file contains more sections than normal

Source: D8wwrB9ZCB.exe

Static PE information: Number of sections : 12 > 10

Sample file is different than original file name gathered from version info

Source: D8wwrB9ZCB.exe, 00000000.00000000.1667099125.00007FF69B58B000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamechrome.exe< vs D8wwrB9ZCB.exe
Source: D8wwrB9ZCB.exe	Binary or memory string: OriginalFilenamechrome.exe< vs D8wwrB9ZCB.exe

Source: D8wwrB9ZCB.exe	Binary string: \Device\DeviceApi
Source: D8wwrB9ZCB.exe	Binary string: \Device\KsecDD
Source: D8wwrB9ZCB.exe	Binary string: PathSystemDriveSystemRootTEMPTMPCHROME_CRASHPAD_PIPE_NAMEprocessIdtaglockdownLeveljobLeveldesiredIntegrityLeveldesiredMitigationsplatformMitigationscomponentFiltersappContainerSidappContainerCapabilitiesappContainerInitialCapabilitieslowboxSidpolicyRulesdisabledenableddisconnectCsrsszeroAppShimhandlesToCloseLockdownLimitedInteractiveRestricted Same AccessRestricted Non AdminLimited UserUnprotectedS-1-16-16384 SystemS-1-16-12288 HighS-1-16-8192 MediumS-1-16-6144 Medium LowS-1-16-4096 LowS-1-16-2048 Below LowS-1-16-0 Untrusted%016llx%016llx%016llx%08lx!(p[%d] == %xp[%d] == %pp[%d] & %x(p[%d], '%ls')exactprefixscanendsaskBrokerdenyalarmfakeSuccessfakeDeniedUnusedPing1Ping2NtOpenFileNtSetInfoRenameGdiDllInitializeGetStockObjectRegisterClassW*\windows_shell_global_counters\Device\DeviceApi\Device\KsecDDALPC Port

Source: classification engine

Classification label: unknown3.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe

Code function: 0_2_00007FF69B4BA080 FormatMessageW,LocalFree,GetLastError,

0_2_00007FF69B4BA080

Source: D8wwrB9ZCB.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: D8wwrB9ZCB.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: D8wwrB9ZCB.exe	String found in binary or memory: partition_alloc/address_space
Source: D8wwrB9ZCB.exe	String found in binary or memory: --help display this help and exit
Source: D8wwrB9ZCB.exe	String found in binary or memory: --help display this help and exit
Source: D8wwrB9ZCB.exe	String found in binary or memory: free-invalid-address
Source: D8wwrB9ZCB.exe	String found in binary or memory: ..\..\components\gwp_asan\crash_handler\crash_handler.ccDetected GWP-ASan crash with missing metadata.Detected GWP-ASan crash for allocation at 0x) of type Invalid address passed to free() is Experienced internal error: partitionallocunexpected allocator typeheap-use-after-freeheap-buffer-underflowheap-buffer-overflowdouble-freefree-invalid-addressunexpected error type

Source: D8wwrB9ZCB.exe

Static PE information: certificate valid

Source: D8wwrB9ZCB.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: D8wwrB9ZCB.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: D8wwrB9ZCB.exe

Static file information: File size 2762856 > 1048576

Source: D8wwrB9ZCB.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1eb600

Source: D8wwrB9ZCB.exe

Static PE information: More than 200 imports for KERNEL32.dll

Source: D8wwrB9ZCB.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: D8wwrB9ZCB.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: D8wwrB9ZCB.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: D8wwrB9ZCB.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: D8wwrB9ZCB.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: D8wwrB9ZCB.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: D8wwrB9ZCB.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: D8wwrB9ZCB.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\initialexe\chrome.exe.pdb source: D8wwrB9ZCB.exe

Source: D8wwrB9ZCB.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: D8wwrB9ZCB.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: D8wwrB9ZCB.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: D8wwrB9ZCB.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: D8wwrB9ZCB.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe

Code function: 0_2_00007FF69B3D2C80 LoadLibraryW,GetProcAddress,

0_2_00007FF69B3D2C80

PE file contains sections with non-standard names

Source: D8wwrB9ZCB.exe	Static PE information: section name: .gxfg
Source: D8wwrB9ZCB.exe	Static PE information: section name: .retplne
Source: D8wwrB9ZCB.exe	Static PE information: section name: CPADinfo
Source: D8wwrB9ZCB.exe	Static PE information: section name: _RDATA
Source: D8wwrB9ZCB.exe	Static PE information: section name: malloc_h

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe

Code function: 0_2_00007FF69B41D9B0 rdtsc

0_2_00007FF69B41D9B0

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3696F0 GetLastError,FindNextFileW,GetLastError,FindClose,GetFileAttributesW,FindFirstFileExW,		0_2_00007FF69B3696F0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4E6630 FindFirstFileExW,GetLastError,		0_2_00007FF69B4E6630

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe

Code function: 0_2_00007FF69B41D9B0 rdtsc

0_2_00007FF69B41D9B0

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe

Code function: 0_2_00007FF69B487BDC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF69B487BDC

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe

Code function: 0_2_00007FF69B3D2C80 LoadLibraryW,GetProcAddress,

0_2_00007FF69B3D2C80

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B487BDC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_00007FF69B487BDC
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B463828 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_00007FF69B463828

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00007FF69B48BC78
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: EnumSystemLocalesW,	0_2_00007FF69B486B68
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: EnumSystemLocalesW,	0_2_00007FF69B48B9E8
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00007FF69B48B3CC
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: GetLocaleInfoW,	0_2_00007FF69B486334
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: EnumSystemLocalesW,	0_2_00007FF69B48B6CC

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe

Code function: 0_2_00007FF69B463AD4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF69B463AD4

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe

Code function: 0_2_00007FF69B47BB64 _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

0_2_00007FF69B47BB64

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe

Code function: 0_2_00007FF69B33CC90 GetVersionExW,GetProductInfo,GetNativeSystemInfo,

0_2_00007FF69B33CC90

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Source: D8wwrB9ZCB.exe

Static PE information: certificate valid

Source: D8wwrB9ZCB.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:

Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\initialexe\chrome.exe.pdb source: D8wwrB9ZCB.exe

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3696F0 GetLastError,FindNextFileW,GetLastError,FindClose,GetFileAttributesW,FindFirstFileExW,		0_2_00007FF69B3696F0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4E6630 FindFirstFileExW,GetLastError,		0_2_00007FF69B4E6630

Source: D8wwrB9ZCB.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://ocsp.digicert.com0
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: D8wwrB9ZCB.exe	String found in binary or memory: http://www.digicert.com/CPS0
Source: D8wwrB9ZCB.exe	String found in binary or memory: https://crashpad.chromium.org/
Source: D8wwrB9ZCB.exe	String found in binary or memory: https://crashpad.chromium.org/bug/new
Source: D8wwrB9ZCB.exe	String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new

Detected potential crypto function

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B46DC8C	0_2_00007FF69B46DC8C
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B34CCB0	0_2_00007FF69B34CCB0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B42EC60	0_2_00007FF69B42EC60
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B491CF8	0_2_00007FF69B491CF8
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B332CC0	0_2_00007FF69B332CC0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B33FCD0	0_2_00007FF69B33FCD0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B389CE0	0_2_00007FF69B389CE0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B46BB78	0_2_00007FF69B46BB78
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B469B70	0_2_00007FF69B469B70
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B351C20	0_2_00007FF69B351C20
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B417BD0	0_2_00007FF69B417BD0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B34BBF0	0_2_00007FF69B34BBF0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B46DA80	0_2_00007FF69B46DA80
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B40BA60	0_2_00007FF69B40BA60
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B404B30	0_2_00007FF69B404B30
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B35CAD0	0_2_00007FF69B35CAD0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B35DAE0	0_2_00007FF69B35DAE0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B46F980	0_2_00007FF69B46F980
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4C79B0	0_2_00007FF69B4C79B0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3DD9A0	0_2_00007FF69B3DD9A0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4CF9A0	0_2_00007FF69B4CF9A0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B33E940	0_2_00007FF69B33E940
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3C5960	0_2_00007FF69B3C5960
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4B8960	0_2_00007FF69B4B8960
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3C7A10	0_2_00007FF69B3C7A10
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B36AA10	0_2_00007FF69B36AA10
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4769CC	0_2_00007FF69B4769CC
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B34B9D0	0_2_00007FF69B34B9D0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B43F090	0_2_00007FF69B43F090
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B381090	0_2_00007FF69B381090
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3C3050	0_2_00007FF69B3C3050
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B469F78	0_2_00007FF69B469F78
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B350F90	0_2_00007FF69B350F90
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3F7FA0	0_2_00007FF69B3F7FA0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B401F40	0_2_00007FF69B401F40
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B42BF70	0_2_00007FF69B42BF70
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B409F70	0_2_00007FF69B409F70
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B345020	0_2_00007FF69B345020
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B415FD0	0_2_00007FF69B415FD0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B441E90	0_2_00007FF69B441E90
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B46DE98	0_2_00007FF69B46DE98
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3FEEB0	0_2_00007FF69B3FEEB0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B36CEB0	0_2_00007FF69B36CEB0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3EFF00	0_2_00007FF69B3EFF00
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3C7F10	0_2_00007FF69B3C7F10
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B430ED0	0_2_00007FF69B430ED0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B341ED0	0_2_00007FF69B341ED0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3F1D80	0_2_00007FF69B3F1D80
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B42AD80	0_2_00007FF69B42AD80
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B451D40	0_2_00007FF69B451D40
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B469D74	0_2_00007FF69B469D74
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B474E30	0_2_00007FF69B474E30
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4CFE20	0_2_00007FF69B4CFE20
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B44CDE0	0_2_00007FF69B44CDE0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B488494	0_2_00007FF69B488494
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B499480	0_2_00007FF69B499480
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4514B0	0_2_00007FF69B4514B0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4944A0	0_2_00007FF69B4944A0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B35C440	0_2_00007FF69B35C440
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3EE450	0_2_00007FF69B3EE450
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B46F474	0_2_00007FF69B46F474
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B347460	0_2_00007FF69B347460
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B34E460	0_2_00007FF69B34E460
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B480510	0_2_00007FF69B480510
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B456510	0_2_00007FF69B456510
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B33E530	0_2_00007FF69B33E530
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B40E520	0_2_00007FF69B40E520
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B48E51C	0_2_00007FF69B48E51C
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3394D0	0_2_00007FF69B3394D0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3374E0	0_2_00007FF69B3374E0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B46A380	0_2_00007FF69B46A380
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3C43A0	0_2_00007FF69B3C43A0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4CF360	0_2_00007FF69B4CF360
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B48F408	0_2_00007FF69B48F408
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3E4410	0_2_00007FF69B3E4410
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3D0420	0_2_00007FF69B3D0420
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B44B3E0	0_2_00007FF69B44B3E0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B47228C	0_2_00007FF69B47228C
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3452A0	0_2_00007FF69B3452A0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3D3250	0_2_00007FF69B3D3250
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B378260	0_2_00007FF69B378260
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B40D2D0	0_2_00007FF69B40D2D0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3692C0	0_2_00007FF69B3692C0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4672D0	0_2_00007FF69B4672D0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4C32F0	0_2_00007FF69B4C32F0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B46A17C	0_2_00007FF69B46A17C
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3ED190	0_2_00007FF69B3ED190
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4881AC	0_2_00007FF69B4881AC
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B34D1A0	0_2_00007FF69B34D1A0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3EE150	0_2_00007FF69B3EE150
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B331150	0_2_00007FF69B331150
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B43D170	0_2_00007FF69B43D170
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3C8200	0_2_00007FF69B3C8200
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B466230	0_2_00007FF69B466230
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3401C0	0_2_00007FF69B3401C0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B407880	0_2_00007FF69B407880
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B48888C	0_2_00007FF69B48888C
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B431850	0_2_00007FF69B431850
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B467868	0_2_00007FF69B467868
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3F0870	0_2_00007FF69B3F0870
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B344910	0_2_00007FF69B344910
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3F88C0	0_2_00007FF69B3F88C0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4B88E0	0_2_00007FF69B4B88E0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4268E0	0_2_00007FF69B4268E0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4BC780	0_2_00007FF69B4BC780
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B42C780	0_2_00007FF69B42C780
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B40D780	0_2_00007FF69B40D780
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B34D7A0	0_2_00007FF69B34D7A0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B381750	0_2_00007FF69B381750
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3CC760	0_2_00007FF69B3CC760
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B377760	0_2_00007FF69B377760
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B401820	0_2_00007FF69B401820
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B429820	0_2_00007FF69B429820
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B43D820	0_2_00007FF69B43D820
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4667E0	0_2_00007FF69B4667E0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3A8680	0_2_00007FF69B3A8680
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3CE690	0_2_00007FF69B3CE690
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4DC6A0	0_2_00007FF69B4DC6A0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3CD640	0_2_00007FF69B3CD640
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B411670	0_2_00007FF69B411670
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3E1710	0_2_00007FF69B3E1710
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B42E700	0_2_00007FF69B42E700
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3696F0	0_2_00007FF69B3696F0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B46A584	0_2_00007FF69B46A584
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B37B5A0	0_2_00007FF69B37B5A0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B419550	0_2_00007FF69B419550
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3EC560	0_2_00007FF69B3EC560
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3EA620	0_2_00007FF69B3EA620
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B396630	0_2_00007FF69B396630
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4035D0	0_2_00007FF69B4035D0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B43C5E0	0_2_00007FF69B43C5E0

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: String function: 00007FF69B44EDF0 appears 62 times
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: String function: 00007FF69B362290 appears 31 times
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: String function: 00007FF69B49D6D0 appears 42 times

PE file contains more sections than normal

Source: D8wwrB9ZCB.exe

Static PE information: Number of sections : 12 > 10

Sample file is different than original file name gathered from version info

Source: D8wwrB9ZCB.exe, 00000000.00000000.1667099125.00007FF69B58B000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamechrome.exe< vs D8wwrB9ZCB.exe
Source: D8wwrB9ZCB.exe	Binary or memory string: OriginalFilenamechrome.exe< vs D8wwrB9ZCB.exe

Source: D8wwrB9ZCB.exe	Binary string: \Device\DeviceApi
Source: D8wwrB9ZCB.exe	Binary string: \Device\KsecDD
Source: D8wwrB9ZCB.exe	Binary string: PathSystemDriveSystemRootTEMPTMPCHROME_CRASHPAD_PIPE_NAMEprocessIdtaglockdownLeveljobLeveldesiredIntegrityLeveldesiredMitigationsplatformMitigationscomponentFiltersappContainerSidappContainerCapabilitiesappContainerInitialCapabilitieslowboxSidpolicyRulesdisabledenableddisconnectCsrsszeroAppShimhandlesToCloseLockdownLimitedInteractiveRestricted Same AccessRestricted Non AdminLimited UserUnprotectedS-1-16-16384 SystemS-1-16-12288 HighS-1-16-8192 MediumS-1-16-6144 Medium LowS-1-16-4096 LowS-1-16-2048 Below LowS-1-16-0 Untrusted%016llx%016llx%016llx%08lx!(p[%d] == %xp[%d] == %pp[%d] & %x(p[%d], '%ls')exactprefixscanendsaskBrokerdenyalarmfakeSuccessfakeDeniedUnusedPing1Ping2NtOpenFileNtSetInfoRenameGdiDllInitializeGetStockObjectRegisterClassW*\windows_shell_global_counters\Device\DeviceApi\Device\KsecDDALPC Port

Source: classification engine

Classification label: unknown3.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe

Code function: 0_2_00007FF69B4BA080 FormatMessageW,LocalFree,GetLastError,

0_2_00007FF69B4BA080

Source: D8wwrB9ZCB.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: D8wwrB9ZCB.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: D8wwrB9ZCB.exe	String found in binary or memory: partition_alloc/address_space
Source: D8wwrB9ZCB.exe	String found in binary or memory: --help display this help and exit
Source: D8wwrB9ZCB.exe	String found in binary or memory: --help display this help and exit
Source: D8wwrB9ZCB.exe	String found in binary or memory: free-invalid-address
Source: D8wwrB9ZCB.exe	String found in binary or memory: ..\..\components\gwp_asan\crash_handler\crash_handler.ccDetected GWP-ASan crash with missing metadata.Detected GWP-ASan crash for allocation at 0x) of type Invalid address passed to free() is Experienced internal error: partitionallocunexpected allocator typeheap-use-after-freeheap-buffer-underflowheap-buffer-overflowdouble-freefree-invalid-addressunexpected error type

Source: D8wwrB9ZCB.exe

Static PE information: certificate valid

Source: D8wwrB9ZCB.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: D8wwrB9ZCB.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: D8wwrB9ZCB.exe

Static file information: File size 2762856 > 1048576

Source: D8wwrB9ZCB.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1eb600

Source: D8wwrB9ZCB.exe

Static PE information: More than 200 imports for KERNEL32.dll

Source: D8wwrB9ZCB.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: D8wwrB9ZCB.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: D8wwrB9ZCB.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: D8wwrB9ZCB.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: D8wwrB9ZCB.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: D8wwrB9ZCB.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: D8wwrB9ZCB.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: D8wwrB9ZCB.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\initialexe\chrome.exe.pdb source: D8wwrB9ZCB.exe

Source: D8wwrB9ZCB.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: D8wwrB9ZCB.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: D8wwrB9ZCB.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: D8wwrB9ZCB.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: D8wwrB9ZCB.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe

Code function: 0_2_00007FF69B3D2C80 LoadLibraryW,GetProcAddress,

0_2_00007FF69B3D2C80

PE file contains sections with non-standard names

Source: D8wwrB9ZCB.exe	Static PE information: section name: .gxfg
Source: D8wwrB9ZCB.exe	Static PE information: section name: .retplne
Source: D8wwrB9ZCB.exe	Static PE information: section name: CPADinfo
Source: D8wwrB9ZCB.exe	Static PE information: section name: _RDATA
Source: D8wwrB9ZCB.exe	Static PE information: section name: malloc_h

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe

Code function: 0_2_00007FF69B41D9B0 rdtsc

0_2_00007FF69B41D9B0

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B3696F0 GetLastError,FindNextFileW,GetLastError,FindClose,GetFileAttributesW,FindFirstFileExW,		0_2_00007FF69B3696F0
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B4E6630 FindFirstFileExW,GetLastError,		0_2_00007FF69B4E6630

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe

Code function: 0_2_00007FF69B41D9B0 rdtsc

0_2_00007FF69B41D9B0

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe

Code function: 0_2_00007FF69B487BDC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF69B487BDC

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe

Code function: 0_2_00007FF69B3D2C80 LoadLibraryW,GetProcAddress,

0_2_00007FF69B3D2C80

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B487BDC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_00007FF69B487BDC
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: 0_2_00007FF69B463828 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_00007FF69B463828

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00007FF69B48BC78
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: EnumSystemLocalesW,	0_2_00007FF69B486B68
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: EnumSystemLocalesW,	0_2_00007FF69B48B9E8
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00007FF69B48B3CC
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: GetLocaleInfoW,	0_2_00007FF69B486334
Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe	Code function: EnumSystemLocalesW,	0_2_00007FF69B48B6CC

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe

Code function: 0_2_00007FF69B463AD4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF69B463AD4

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe

Code function: 0_2_00007FF69B47BB64 _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

0_2_00007FF69B47BB64

Source: C:\Users\user\Desktop\D8wwrB9ZCB.exe

Code function: 0_2_00007FF69B33CC90 GetVersionExW,GetProductInfo,GetNativeSystemInfo,

0_2_00007FF69B33CC90

ID:	1524643
Product:	CloudBasic
Start time:	02:39:39
Start date:	03.10.2024
Sample:	D8wwrB9ZCB
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	22b90d638d1da32f8e2f2fdbecf4cad4
SHA1:	d333c074053ee90bb2f7a5a2f4923285e8c92952
SHA256:	dc2535caf6f685dbaadc3a18c6fcfabc043d75a1b76245247eab02bf766c9320
Filetype:	Win64 Executable GUI (202006/5) 92.65%

Windows Analysis Report
D8wwrB9ZCB.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report D8wwrB9ZCB.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
D8wwrB9ZCB.exe