Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 2, 2025, 3:24 a.m.	May 2, 2025, 3:26 a.m.

Size	5.1KB
Type	RIFF (little-endian) data, Web/P image
MD5	`474b5128aedb84d67fc2cd62c28242ca`
SHA256	`bf4c275cd0eed2a785f5daca093343c68b28576d56d712624884b0233d85a77c`
CRC32	`75CB9A69`
ssdeep	`96:Qozt0In6TrVxCD1ttHR2QsXbDG5Xxa5XHf63KAtcQPBOS87oqoe:QA7618D1pED4Xw5XHfkC+c7oqp`
Yara	None matched

cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "OdcjJwPLqPAW" C:\Users\test22\AppData\Local\Temp\icon-redesign-150x150.png.webp
1684
- chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\test22\AppData\Local\Temp\icon-redesign-150x150.png.webp
  2160
  - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef3df6e00,0x7fef3df6e10,0x7fef3df6e20
    2248

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (23 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:51 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:51 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:51 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:49 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:49 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:49 a.m.			0	0

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Tries to locate where the browsers are installed (1 event)

file	C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\Locales

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ May 2, 2025, 2:51 a.m.	stacktrace: 0x980004 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: ff 15 16 1f 09 00 ff 25 00 00 00 00 aa a4 fc 76 exception.instruction: call qword ptr [rip + 0x91f16] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x980004 registers.r14: 257027816 registers.r15: 83062224 registers.rcx: 1412 registers.rsi: 17302540 registers.r10: 0 registers.rbx: 257027072 registers.rsp: 257026792 registers.r11: 257030688 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 1424 registers.r12: 257027432 registers.rbp: 257026928 registers.rdi: 83088992 registers.rax: 9961472 registers.r13: 82982912	1	0	0

An application raised an exception which may be indicative of an exploit crash (2 events)

Time & API	Arguments	Status	Return	Repeated
Application Crash	Process chrome.exe with pid 2160 crashed
__exception__ May 2, 2025, 2:51 a.m.	stacktrace: 0x980004 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: ff 15 16 1f 09 00 ff 25 00 00 00 00 aa a4 fc 76 exception.instruction: call qword ptr [rip + 0x91f16] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x980004 registers.r14: 257027816 registers.r15: 83062224 registers.rcx: 1412 registers.rsi: 17302540 registers.r10: 0 registers.rbx: 257027072 registers.rsp: 257026792 registers.r11: 257030688 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 1424 registers.r12: 257027432 registers.rbp: 257026928 registers.rdi: 83088992 registers.rax: 9961472 registers.r13: 82982912	1	0	0

Steals private information from local Internet browsers (23 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-spare.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Last Version
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\reports\d31c8478-9424-4850-9656-a489015111be.dmp
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\First Run
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\reports
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Policy\User Policy
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-68141B72-870.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\metadata
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3

Terminates another process (2 events)

Time & API	Arguments	Status	Return	Repeated
NtTerminateProcess May 2, 2025, 2:51 a.m.	status_code: 0xc0000005 process_identifier: 2160 process_handle: 0x00000000000000bc		0	0
NtTerminateProcess May 2, 2025, 2:51 a.m.	status_code: 0xc0000005 process_identifier: 2160 process_handle: 0x00000000000000bc	1	0	0

One or more non-whitelisted processes were created (2 events)

parent_process	chrome.exe				martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef3df6e00,0x7fef3df6e10,0x7fef3df6e20
parent_process	chrome.exe				martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1060,2410951123122833048,2928508789521695234,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1088 /prefetch:2

Resumed a suspended thread in a remote process potentially indicative of process injection (25 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2248 resumed a thread in remote process 2160
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x000000000000011c suspend_count: 2 process_identifier: 2160	1	0	0

icon-redesign-150x150.png.webp

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All