rjacksix
-
Posts
1 -
Joined
-
Last visited
This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
Chrome_frame_helper.exe FP?
in File Detections
Posted
I would tend to disagree, there is more of a story here than meets the eye.
chrome_frame_helper.exe is used as a legitimate executable to allow a sideloading attack from certain state actors. The tell is if you see the dll and a third file in the same directory. Chrome_frame_helper loads the dll which has been hinked to load the XOR encoded binary that is in the third file. Many times that file will be a PlugX variant but it doesn't need to be, it can be Mimikatz, pwdump, or anything else the attacker is trying to load into memory.