File name:	google-chrome.exe
Full analysis:	https://app.any.run/tasks/cdce3bde-2837-4b63-830d-f1e130210a2c
Verdict:	Malicious activity
Threats:	A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. Malware Trends Tracker >>>
Analysis date:	November 07, 2024, 21:55:01
OS:	Windows 10 Professional (build: 19045, 64 bit)
Tags:	loader
Indicators:
MIME:	application/vnd.microsoft.portable-executable
File info:	PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:	6062C73C1ACF3AF27098BABAAECDCEEC
SHA1:	E8A59CCB05083DDA4D4C40E2DBDBB1EFB3FFB379
SHA256:	CBD53CD58F34F937F83CDFC0929E502ABF4253AB470800D6E3DDA68023F7539B
SSDEEP:	24576:pEj5DrfzXdaxgAOZGspkqLCVHpZktAIn1brR7ZHFGjbhDZloN:piNXdaxgAOZDp/Avkz1brR1HF69HA

.exe	\|	Win32 Executable (generic) (52.9)
.exe	\|	Generic Win/DOS Executable (23.5)
.exe	\|	DOS Executable Generic (23.5)

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2018:05:08 22:44:40+00:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	14
CodeSize:	84480
InitializedDataSize:	1026048
UninitializedDataSize:	-
EntryPoint:	0x4e56
OSVersion:	5.1
ImageVersion:	-
SubsystemVersion:	5.1
Subsystem:	Windows GUI
FileVersionNumber:	1.3.33.17
ProductVersionNumber:	1.3.33.17
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Windows NT 32-bit
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Unicode
CompanyName:	Google Inc.
FileDescription:	Google Update Setup
FileVersion:	1.3.33.17
InternalName:	Google Update Setup
LegalCopyright:	Copyright 2007-2010 Google Inc.
OriginalFileName:	GoogleUpdateSetup.exe
ProductName:	Google Update
ProductVersion:	1.3.33.17
LanguageId:	en


(PID) Process:	(6712) GoogleUpdate.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Google\Update
Operation:	delete value	Name:	uid
Value:
(PID) Process:	(6712) GoogleUpdate.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Google\Update
Operation:	delete value	Name:	old-uid
Value:
(PID) Process:	(1396) GoogleUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:	delete value	Name:	usagestats
Value:
(PID) Process:	(1396) GoogleUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
Operation:	delete value	Name:	UpdateAvailableCount
Value:
(PID) Process:	(1396) GoogleUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
Operation:	delete value	Name:	UpdateAvailableSince
Value:
(PID) Process:	(1396) GoogleUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
Operation:	write	Name:	iid
Value: {ADC5A877-2F2E-215F-6DAC-B2AB514017C7}
(PID) Process:	(1396) GoogleUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\PersistedPings\{4C1E022C-DB6E-41F8-965C-617BDEC856D9}
Operation:	write	Name:	PersistedPingString
Value: <?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" updater="Omaha" updaterversion="1.3.33.17" shell_version="1.3.36.51" ismachine="1" sessionid="{97BE4B41-69EB-4D08-855B-234FF3114546}" userid="{0BCB1C6D-6F44-4344-9A46-2F7E83EEF796}" installsource="taggedmi" requestid="{4C1E022C-DB6E-41F8-965C-617BDEC856D9}" dedup="cr" domainjoined="0"><hw physmemory="4" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="10.0.19045.4046" sp="" arch="x64"/><app appid="{430FD4D0-B729-4F61-AA34-91526481799D}" version="1.3.36.372" nextversion="1.3.33.17" lang="en" brand="" client="" iid="{ADC5A877-2F2E-215F-6DAC-B2AB514017C7}"><event eventtype="2" eventresult="1" errorcode="0" extracode1="0" install_time_ms="374"/></app></request>
(PID) Process:	(1396) GoogleUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\PersistedPings\{4C1E022C-DB6E-41F8-965C-617BDEC856D9}
Operation:	write	Name:	PersistedPingTime
Value: 133754901122066319
(PID) Process:	(2736) GoogleUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\uid
Operation:	write	Name:	GPd4b5bu
Value:
(PID) Process:	(2736) GoogleUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\UsageStats\Daily\Counts
Operation:	write	Name:	opt_in_uid_generated
Value: 0100000000000000

PID	Process	Filename		Type
608	google-chrome.exe	C:\Users\admin\AppData\Local\Temp\GUMC07A.tmp\GoogleUpdate.exe		executable
		MD5:92EE791A630830452485E8E375F8DB35	SHA256:542294724926B0E156224B9EBD33E6354D79DA4C828FB52F7F4233DF45E3F624
608	google-chrome.exe	C:\Users\admin\AppData\Local\Temp\GUMC07A.tmp\goopdate.dll		executable
		MD5:463A426DA94FC2418A713CEEBB799E22	SHA256:EAF6EDE3CC4EFB047CEDAD32A9B3C2A138AD872991E3BEE4F66DD8FBE08133B2
608	google-chrome.exe	C:\Users\admin\AppData\Local\Temp\GUMC07A.tmp\npGoogleUpdate3.dll		executable
		MD5:671E1E25F6F08809863BB9AED544E70E	SHA256:C3A1B9E661248AEC69B528CE967BE80E81B0FBEB42041F1FFB57B182FB59F5F3
608	google-chrome.exe	C:\Users\admin\AppData\Local\Temp\GUMC07A.tmp\GoogleUpdateOnDemand.exe		executable
		MD5:96E08EB0D929C279536BDBBC543DA8FB	SHA256:1A167BA4B71B1D8BBF627FD9A71B0D4044B2D396866BFC5B64D78C5E19C9BA0E
608	google-chrome.exe	C:\Users\admin\AppData\Local\Temp\GUMC07A.tmp\GoogleUpdateHelper.msi		executable
		MD5:50EA7A4D9481B12A97070942F474D918	SHA256:E778FB14E723E5694B898F5016B9FF13F30B93098C5CBCF5F074CB949A131C28
608	google-chrome.exe	C:\Users\admin\AppData\Local\Temp\GUMC07A.tmp\GoogleUpdateBroker.exe		executable
		MD5:8171211B809414B6D8A8E4F6EA8CF140	SHA256:AC09BE376A7A765E9C4D87F88CA52F98D4C3F052BC737BA327727362E0135296
608	google-chrome.exe	C:\Users\admin\AppData\Local\Temp\GUMC07A.tmp\psmachine_64.dll		executable
		MD5:EDAD26BCA1696D23ECB9DC3AB48FD551	SHA256:F39A45FAECE08C55853EF9A71DDF78DEF6874364520DEF9A875798193F48A4E8
608	google-chrome.exe	C:\Users\admin\AppData\Local\Temp\GUMC07A.tmp\psuser_64.dll		executable
		MD5:58B48E4352559D4D76776377FDE5DF0C	SHA256:1A26CC2919ED54641C0A54ADAA30E71E700DCA0033340ADE0CA527E206ACA732
608	google-chrome.exe	C:\Users\admin\AppData\Local\Temp\GUMC07A.tmp\GoogleCrashHandler64.exe		executable
		MD5:D2F56E366F1CB26866A6F43BD53B46C3	SHA256:E881B1E5151886D85D4A690B3B41CB3E5DFBD24759B660C3554187F66A3C0825
608	google-chrome.exe	C:\Users\admin\AppData\Local\Temp\GUMC07A.tmp\goopdateres_am.dll		executable
		MD5:E433408CA45786F9B6B7873709F57EBA	SHA256:702B1F2B48041334B94E5529A27823518544FCA6ABD51F64C2D90C09685D3459

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
5488	MoUsoCoreWorker.exe	GET	200	2.19.198.194:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
6944	svchost.exe	GET	200	2.19.198.194:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
6944	svchost.exe	GET	200	23.218.209.163:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
1792	GoogleUpdate.exe	GET	200	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome/acls6ht6xkxyme7kmypg2x2qa25a_130.0.6723.117/130.0.6723.117_chrome_installer.exe	unknown	—	—	whitelisted
3524	RUXIMICS.exe	GET	200	2.19.198.194:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
5488	MoUsoCoreWorker.exe	GET	200	23.218.209.163:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
3524	RUXIMICS.exe	GET	200	23.218.209.163:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
—	—	GET	—	142.250.184.228:443	https://www.google.com/async/ddljson?async=ntp:2	unknown	—	—	—
—	—	OPTIONS	200	142.250.74.202:443	https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData	unknown	—	—	—
—	—	GET	200	142.250.181.238:443	https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0	unknown	—	—	—

PID	Process	IP	Domain	ASN	CN	Reputation
6944	svchost.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
5488	MoUsoCoreWorker.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
3524	RUXIMICS.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
—	—	104.126.37.139:443	www.bing.com	Akamai International B.V.	DE	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
5488	MoUsoCoreWorker.exe	2.19.198.194:80	crl.microsoft.com	Akamai International B.V.	DE	whitelisted
6944	svchost.exe	2.19.198.194:80	crl.microsoft.com	Akamai International B.V.	DE	whitelisted
3524	RUXIMICS.exe	2.19.198.194:80	crl.microsoft.com	Akamai International B.V.	DE	whitelisted
4692	GoogleUpdate.exe	142.250.186.35:443	update.googleapis.com	GOOGLE	US	whitelisted

Domain	IP	Reputation
settings-win.data.microsoft.com	51.104.136.2 20.73.194.208	whitelisted
www.bing.com	104.126.37.139 104.126.37.137 104.126.37.160 104.126.37.155 104.126.37.153 104.126.37.171	whitelisted
google.com	142.250.186.174	whitelisted
crl.microsoft.com	2.19.198.194 23.32.238.34	whitelisted
update.googleapis.com	142.250.186.35	whitelisted
dl.google.com	142.250.186.78	whitelisted
www.microsoft.com	23.218.209.163	whitelisted
edgedl.me.gvt1.com	34.104.35.123	whitelisted
self.events.data.microsoft.com	52.182.143.215	whitelisted
www.google.com	142.250.185.100	whitelisted

PID	Process	Class	Message
1792	GoogleUpdate.exe	Misc activity	ET INFO EXE - Served Attached HTTP
1792	GoogleUpdate.exe	Potential Corporate Privacy Violation	ET POLICY PE EXE or DLL Windows file download HTTP

General Info

google-chrome.exe

6062C73C1ACF3AF27098BABAAECDCEEC

E8A59CCB05083DDA4D4C40E2DBDBB1EFB3FFB379

CBD53CD58F34F937F83CDFC0929E502ABF4253AB470800D6E3DDA68023F7539B

24576:pEj5DrfzXdaxgAOZGspkqLCVHpZktAIn1brR7ZHFGjbhDZloN:piNXdaxgAOZDp/Avkz1brR1HF69HA

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

Application launched itself

Executable content was dropped or overwritten

Potential Corporate Privacy Violation

Reads security settings of Internet Explorer

Process requests binary or script from the Internet

INFO

Checks supported languages

Application launched itself

Executes as Windows Service

Create files in a temporary directory

Process checks computer location settings

Reads the computer name

Creates files in the program directory

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings