other third party chromium browsers located in appdata

t1574
t1574.001
t1574.002
windows
sigma

Techniques

t1574
t1574.001
t1574.002

Sample rules

Potential Goopdate.DLL Sideloading

source: sigma
technicques:
- t1574
- t1574.001
- t1574.002

Description

Detects potential DLL sideloading of “goopdate.dll”, a DLL used by googleupdate.exe

Detection logic

condition: selection and not 1 of filter_main_* and not 1 of filter_optional_*
filter_main_generic:
  ImageLoaded|startswith:
  - C:\Program Files (x86)\
  - C:\Program Files\
filter_optional_dropbox_installer_temp:
  ImageLoaded|contains|all:
  - \AppData\Local\Temp\GUM
  - .tmp\\goopdate.dll
  Image|contains|all:
  - \AppData\Local\Temp\GUM
  - .tmp\Dropbox
selection:
  ImageLoaded|endswith: \goopdate.dll