2000dc5ee755026586b476b572175577a022d36e001418b505926e6264f0eb0e

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 19:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

022e3944c88764f0528eff1c3d832d1b.exe
Size

684KB
MD5

022e3944c88764f0528eff1c3d832d1b
SHA1

24d336e510c5e387eea14427caaef3f25dc8334d
SHA256

2000dc5ee755026586b476b572175577a022d36e001418b505926e6264f0eb0e
SHA512

1f150397b621d0d588f155894bbd19d3845923fa3d10a91da52865514ca451ee3988620621490651ff80cf3a517fe5a561966365514c616f6661092f5f725c27
SSDEEP

12288:+uCn5DA1iBjZIjuHQX/jxlKa7SxxlvzScx7KWDI9G4nIr1YUkSGhZqoS:+1nuYjZ0XNoaibLhIokG1GzJS

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2852	UGVpIpg.exe

Loads dropped DLL 1 IoCs

pid	Process
2040	022e3944c88764f0528eff1c3d832d1b.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfmnaoigbhapkacaaghefilglbfljgae\2.7\manifest.json	UGVpIpg.exe
File created	C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfmnaoigbhapkacaaghefilglbfljgae\2.7\manifest.json	UGVpIpg.exe
File created	C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfmnaoigbhapkacaaghefilglbfljgae\2.7\manifest.json	UGVpIpg.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 2852	2040	022e3944c88764f0528eff1c3d832d1b.exe	28
PID 2040 wrote to memory of 2852	2040	022e3944c88764f0528eff1c3d832d1b.exe	28
PID 2040 wrote to memory of 2852	2040	022e3944c88764f0528eff1c3d832d1b.exe	28
PID 2040 wrote to memory of 2852	2040	022e3944c88764f0528eff1c3d832d1b.exe	28
PID 2040 wrote to memory of 2852	2040	022e3944c88764f0528eff1c3d832d1b.exe	28
PID 2040 wrote to memory of 2852	2040	022e3944c88764f0528eff1c3d832d1b.exe	28
PID 2040 wrote to memory of 2852	2040	022e3944c88764f0528eff1c3d832d1b.exe	28

C:\Users\Admin\AppData\Local\Temp\022e3944c88764f0528eff1c3d832d1b.exe
"C:\Users\Admin\AppData\Local\Temp\022e3944c88764f0528eff1c3d832d1b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Users\Admin\AppData\Local\Temp\00294823\UGVpIpg.exe
  "C:\Users\Admin\AppData\Local\Temp/00294823/UGVpIpg.exe"
  2⤵
  - Executes dropped EXE
  - Drops Chrome extension
  PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\00294823\UGVpIpg.dat

Filesize
1KB

MD5
a0251aec6829a35aa3b04e5f92f46795

SHA1
9a94cfca04b1b92a8680a7c46f24a3622e6e5bfc

SHA256
a26e3f8cd11e513733ab5520b51e13a920cd13328fca366fe48e8cf67d782375

SHA512
83b4e7e896e40369d74df3fae2794e58ac0097fb04cd6843e55b2d4c9d5b9d50a4a0f08f9acf8fba6f79a8e8ac1af4d7fcc3db36441386a6bb84a2b68b1b94cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\gfmnaoigbhapkacaaghefilglbfljgae\background.html

Filesize
145B

MD5
116f8dda3321b7fd889ae8195334d676

SHA1
55c0ff3d98e2ab8628ab53487d88359106aac1e6

SHA256
d86737d84da2647a61482324de3fef93bc5320f4ae2bc8ecbff82b7d3b50b846

SHA512
93019c5339a318698c8e81f42a6f157bbd9a8d0f43ae1728deaffe32d148adb2fcc1db345ebcff55c6ed3d6cd5937991a1562b03b9f8dd7280a204c77a252528

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\gfmnaoigbhapkacaaghefilglbfljgae\content.js

Filesize
144B

MD5
0654917402505bc71a231599d02e09a2

SHA1
e24d4fcf6f136c3be86b4dc01bd3bf446ce462ff

SHA256
9577828de9e701114e75cca9918972c9028689518882edcb6aa193f9353c19ae

SHA512
3e7077342d4c06d1192898a4ec5c9b19f3ca8883c5fd7c6e2a581d855959b748b5a8c4b07e3468cfc8b79e6abc1595fefccb41011c179da665567d5dc4b2da5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\gfmnaoigbhapkacaaghefilglbfljgae\lsdb.js

Filesize
531B

MD5
36d98318ab2b3b2585a30984db328afb

SHA1
f30b85fbe08e1d569ad49dfeafaf7cb2da6585a5

SHA256
ea2caf61817c6f7781ee049217e51c1083c8fc4f1e08e07792052dfdfa529ae7

SHA512
6f61ccda2eba18369409850b2c91c9817fc741755e29a1579646e3816e0deab80e34a5adb9ff865c773793d32ac338163a224dbf363b46420d6ea42a7bbb2b3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\gfmnaoigbhapkacaaghefilglbfljgae\manifest.json

Filesize
503B

MD5
260b7a570886d2434395c8dbfb0be0da

SHA1
ba93842093932e39d57265113513296572fb543f

SHA256
6f071e9ea96715dbadb6fe2ade482015fb47199f16eb2f544b3502471b32b88e

SHA512
dae711946dc9b4c3000a9bac42a468f6a1c2912cbe68c8ffe665e64ca58904e3ace809dbf2ab0b6adb118b99988dc18c3629db3818faac6e1ec8045f60e105a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\gfmnaoigbhapkacaaghefilglbfljgae\yB8Ezt7F.js

Filesize
6KB

MD5
c0811612d33a9129e6eb75b99ffd44e1

SHA1
7f75c03d4e9f3a98538b7bf356e001153644dd99

SHA256
311273495d3f105519c17b35039eb8e0cea80914bc99e376f4fc4bb8738ca6a9

SHA512
e54fe0011e5acbcaa2d6665ad42a53e5ce335ebfaa7894239ad5229fa0cfa13f6224078e234fe1280f74e37fb4981466e9346708ed888aca0590fd2235c8049d

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\bootstrap.js

Filesize
2KB

MD5
df13f711e20e9c80171846d4f2f7ae06

SHA1
56d29cda58427efe0e21d3880d39eb1b0ef60bee

SHA256
6c325461fba531a94cf8cbdcfc52755494973df0629ce0ee3fef734ab0838fc4

SHA512
6c51cee3bf13f164c4a5c9884cc6053cbf9db9701d34c07dc5761d2c047d3d1f7a361b32996a430107e9a4ce68a29149d747a84c76778a1e8780719a3d30470e

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\chrome.manifest

Filesize
27B

MD5
a19a311f129cebfb34df582e99403163

SHA1
5293955d238194f4f4dd1591d776dd5de3584371

SHA256
80a40ea14b71d0cb2e80d181a8547230d6c2bd6bd217b5d18b2c3872f7d8262e

SHA512
552b01ba68ac8f6b79449a4d0c0c793858ef5ca9d94c0ebfab360b59b1aa9a17e687beee9b65b785d7cb7170eb08efbd3e6de2a537527bff20ba5a10f5fd76ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\content\bg.js

Filesize
8KB

MD5
e53d9ddd3438e7337f257e7a9230e6d6

SHA1
faf19b7c6837d2ba0ac85f56e0c4cebf8b7aa4c0

SHA256
a6295ae77015024bb9b3c0b245877538dc75a75732ca0377df2f309dacc00462

SHA512
b0866565534a8b33035d8dba4dc58ac691eae76d8dcbd47daa325c509084c2bbde908698dbc19651226901135ba101aefcb29ed2e5a9584f9d5e8ef8088d5ae4

Download Submit
C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\install.rdf

Filesize
601B

MD5
3fad841e1748a745963478b1965bae64

SHA1
3582ddf919705b332316a2c5fa17b6d9fe586134

SHA256
cff929d64403b5d5f099ddfb907d00b5f84711796b825c946d8715f09b432941

SHA512
078313d734f1a1d4059c81f0a1a2e4059a1748b0ed95b40b6c0b0f7bfe515c3c67a4f9cee4b1eb5276e183d9cb57fd7c796dbc50ebb1c615efcf95b58d0812c2

Download Submit
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gfmnaoigbhapkacaaghefilglbfljgae\2.7\manifest.json

Filesize
503B

MD5
da416e8ca04680fa8e4f520ecfbbdadf

SHA1
e31b669481d80621ceaaa00839f544d8f5480635

SHA256
e8460c726f0ec51998042a1ff5f54b8f6eec3c450022b471cfcff2a88c3a27e3

SHA512
844989d336492f1d9e3a81216e2d02cdc52993e3daf36221a68d9adad3e5534ef8473b31b76a5c0fb7f6aacf2f33feb81a5059d63b44c5b06668e3239a05b842

Download Submit
\Users\Admin\AppData\Local\Temp\00294823\UGVpIpg.exe

Filesize
526KB

MD5
926838555c7e13f295fda017b3fa3ea9

SHA1
f8947d5c9be8b66e0aa99696bfcee097f1a55403

SHA256
67b6ba841d56bef371d7e8c7382df39d2c76f828d6ea7669a6b1099835aaa08d

SHA512
409e818552f78ca17720bef89d20c50a402bcedaf8084a8a10c6fb8933a07b7c25acdb21e0b22bb544c9287eb792de1fdbd3ad38e3e29a303049bb472b224be7

Download Submit