Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 2, 2025, 3:28 a.m.	May 2, 2025, 3:31 a.m.

Size	7.2KB
Type	RIFF (little-endian) data, Web/P image
MD5	`cfbb0e77a9537250b3efc7dcb33d9cd2`
SHA256	`452abe065adf426ccd9cdc4a0378f05dea635ad81fbe29d5e3c7190a85013ac1`
CRC32	`B72E8A2F`
ssdeep	`192:mzKZUSXnyFAUroEn2v+Bz3eDhA+viiCRJ:mzKKaWrNy+BOlAoii8`
Yara	None matched

cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "BTJFljOzyfeskw" C:\Users\test22\AppData\Local\Temp\starlab-logo-full-300x137.png.webp
872
- chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\test22\AppData\Local\Temp\starlab-logo-full-300x137.png.webp
  2064
  - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef3e36e00,0x7fef3e36e10,0x7fef3e36e20
    2160

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (30 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:50 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:51 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:51 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:51 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:51 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:51 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:51 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:51 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:49 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:49 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:49 a.m.			0	0

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Tries to locate where the browsers are installed (1 event)

file	C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\Locales

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ May 2, 2025, 2:51 a.m.	stacktrace: 0xb80004 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: ff 15 16 1f 09 00 ff 25 00 00 00 00 aa a4 fc 76 exception.instruction: call qword ptr [rip + 0x91f16] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb80004 registers.r14: 229175928 registers.r15: 81917088 registers.rcx: 1516 registers.rsi: 17302540 registers.r10: 0 registers.rbx: 229175184 registers.rsp: 229174904 registers.r11: 229178800 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 1536 registers.r12: 229175544 registers.rbp: 229175040 registers.rdi: 83801520 registers.rax: 12058624 registers.r13: 84012752	1	0	0

An application raised an exception which may be indicative of an exploit crash (2 events)

Time & API	Arguments	Status	Return	Repeated
Application Crash	Process chrome.exe with pid 2064 crashed
__exception__ May 2, 2025, 2:51 a.m.	stacktrace: 0xb80004 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: ff 15 16 1f 09 00 ff 25 00 00 00 00 aa a4 fc 76 exception.instruction: call qword ptr [rip + 0x91f16] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb80004 registers.r14: 229175928 registers.r15: 81917088 registers.rcx: 1516 registers.rsi: 17302540 registers.r10: 0 registers.rbx: 229175184 registers.rsp: 229174904 registers.r11: 229178800 registers.r8: 2004779404 registers.r9: 0 registers.rdx: 1536 registers.r12: 229175544 registers.rbp: 229175040 registers.rdi: 83801520 registers.rax: 12058624 registers.r13: 84012752	1	0	0

Steals private information from local Internet browsers (46 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-spare.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Last Version
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB__tmp_for_rebuild
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Preferences
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\History-journal
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data-wal
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-6813F5EF-810.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Media History-wal
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database__tmp_for_rebuild
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\README
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\History-wal
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Media History-journal
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Address Validation Rules
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\First Run
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\reports
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb__tmp_for_rebuild
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Media History
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\History
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Visited Links
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\File System\primary.origin
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\reports\50258273-6494-4811-a25d-7a74bbb6a54d.dmp
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Policy\User Policy
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\metadata
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3

One or more non-whitelisted processes were created (2 events)

parent_process	chrome.exe				martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef3e36e00,0x7fef3e36e10,0x7fef3e36e20
parent_process	chrome.exe				martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1036,11024141497280226854,11998622568304002512,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1040 /prefetch:2

Resumed a suspended thread in a remote process potentially indicative of process injection (31 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2160 resumed a thread in remote process 2064
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0
NtResumeThread May 2, 2025, 2:51 a.m.	thread_handle: 0x0000000000000118 suspend_count: 2 process_identifier: 2064	1	0	0

starlab-logo-full-300x137.png.webp

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All