Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 2, 2025, 3:08 a.m.	May 2, 2025, 3:10 a.m.

Size	7.5KB
Type	RIFF (little-endian) data, Web/P image
MD5	`42da02d7ca967d36f9a9abbee6fb114c`
SHA256	`ac557e806a8d0a686613498ce4ffb4a1cc97e935a6e9ff5fa6e12a5509b931a8`
CRC32	`C5302B7A`
ssdeep	`192:e8gziEvb8yvysNLtdYRPzsYVk7eya+WDX7/pFGTe:elzLYcZ1tdY9zrVI4X7n`
Yara	None matched

cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "YSViINhiNYxnXHT" C:\Users\test22\AppData\Local\Temp\starlab-logo-full-white-300x137.png.webp
1188
- chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\test22\AppData\Local\Temp\starlab-logo-full-white-300x137.png.webp
  2072
  - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef3e36e00,0x7fef3e36e10,0x7fef3e36e20
    2164

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (5 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent May 2, 2025, 2:49 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:49 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:49 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:49 a.m.			0	0
IsDebuggerPresent May 2, 2025, 2:49 a.m.			0	0

Tries to locate where the browsers are installed (1 event)

file	C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111

Steals private information from local Internet browsers (8 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-spare.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\reports
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

One or more non-whitelisted processes were created (1 event)

parent_process

chrome.exe

martian_process

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef3e36e00,0x7fef3e36e10,0x7fef3e36e20

starlab-logo-full-white-300x137.png.webp

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All