a380b908c8307959c4e574a34de0aa658af2e30cc91d39f1bd9bc96860be7d63

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 03:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a380b908c8307959c4e574a34de0aa658af2e30cc91d39f1bd9bc96860be7d63N.exe
Size

1.1MB
MD5

24c2b580f47fbb91aea334bac76e1950
SHA1

fecbbf6e8461ae23bd504e18c6a1931555789bd2
SHA256

a380b908c8307959c4e574a34de0aa658af2e30cc91d39f1bd9bc96860be7d63
SHA512

818862c5d480b42cf9c36f2be709f62144190b43c41b274c7245db834135f74ce6462a2ec8b8350876dc5f4c70a15bd717a09d573369bf5fa24eeac8b50de2ba
SSDEEP

24576:h1OYdaOJOBsFEt5hDG0SAMs9jR/jaJnTJdwY68+UhnWb3aQy:h1OsWOEt5hDG0SAMs9j8nTJ2Y68hWGQy

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1876	EbgVPC.exe

Loads dropped DLL 1 IoCs

pid	Process
1876	EbgVPC.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnigbgbbaabgmleenebebbpkcccippg\1.5\manifest.json	EbgVPC.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{765ACE06-56FC-207A-4E53-57D2EF57179B}\ = "siaFe save"	EbgVPC.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{765ACE06-56FC-207A-4E53-57D2EF57179B}\NoExplorer = "1"	EbgVPC.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{765ACE06-56FC-207A-4E53-57D2EF57179B}	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{765ACE06-56FC-207A-4E53-57D2EF57179B}	EbgVPC.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a380b908c8307959c4e574a34de0aa658af2e30cc91d39f1bd9bc96860be7d63N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EbgVPC.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{765ACE06-56FC-207A-4E53-57D2EF57179B}	EbgVPC.exe
Key deleted	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\APPROVEDEXTENSIONSMIGRATION\{765ACE06-56FC-207A-4E53-57D2EF57179B}	EbgVPC.exe
Key deleted	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	EbgVPC.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration	EbgVPC.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	EbgVPC.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{765ACE06-56FC-207A-4E53-57D2EF57179B}	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{765ACE06-56FC-207A-4E53-57D2EF57179B}\ProgID	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{765ACE06-56FC-207A-4E53-57D2EF57179B}\ProgID\ = "saiFe saeve.1.5"	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{765ACE06-56FC-207A-4E53-57D2EF57179B}\VersionIndependentProgID\ = "saiFe saeve"	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saeve\CurVer	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saeve.1.5\CLSID\ = "{765ACE06-56FC-207A-4E53-57D2EF57179B}"	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saeve.saiFe	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saeve.1.5\CLSID	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saeve\ = "siaFe save"	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{765ACE06-56FC-207A-4E53-57D2EF57179B}\Programmable	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{765ACE06-56FC-207A-4E53-57D2EF57179B}\InprocServer32	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{765ACE06-56FC-207A-4E53-57D2EF57179B}\InprocServer32\ = "C:\\ProgramData\\siaFe save\\4ehoV.dll"	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{765ACE06-56FC-207A-4E53-57D2EF57179B}\InprocServer32\ThreadingModel = "Apartment"	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\siaFe save"	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\siaFe save\\4ehoV.dll"	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saeve\CLSID\ = "{765ACE06-56FC-207A-4E53-57D2EF57179B}"	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{765ACE06-56FC-207A-4E53-57D2EF57179B}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}	EbgVPC.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{765ACE06-56FC-207A-4E53-57D2EF57179B}\InprocServer32	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saeve.1.5\ = "siaFe save"	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\saeve\CurVer\ = "saiFe saeve.1.5"	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{765ACE06-56FC-207A-4E53-57D2EF57179B}\ = "siaFe save"	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saeve.1.5	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saeve	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{765ACE06-56FC-207A-4E53-57D2EF57179B}	EbgVPC.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{765ACE06-56FC-207A-4E53-57D2EF57179B}\VersionIndependentProgID	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	EbgVPC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win64	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saiFe	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\saeve\CLSID	EbgVPC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{765ACE06-56FC-207A-4E53-57D2EF57179B}\VersionIndependentProgID	EbgVPC.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{765ACE06-56FC-207A-4E53-57D2EF57179B}\ProgID	EbgVPC.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 1876	2228	a380b908c8307959c4e574a34de0aa658af2e30cc91d39f1bd9bc96860be7d63N.exe	83
PID 2228 wrote to memory of 1876	2228	a380b908c8307959c4e574a34de0aa658af2e30cc91d39f1bd9bc96860be7d63N.exe	83
PID 2228 wrote to memory of 1876	2228	a380b908c8307959c4e574a34de0aa658af2e30cc91d39f1bd9bc96860be7d63N.exe	83

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{765ACE06-56FC-207A-4E53-57D2EF57179B} = "1"	EbgVPC.exe

C:\Users\Admin\AppData\Local\Temp\a380b908c8307959c4e574a34de0aa658af2e30cc91d39f1bd9bc96860be7d63N.exe
"C:\Users\Admin\AppData\Local\Temp\a380b908c8307959c4e574a34de0aa658af2e30cc91d39f1bd9bc96860be7d63N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Users\Admin\AppData\Local\Temp\7zS9877.tmp\EbgVPC.exe
  .\EbgVPC.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  - System policy modification
  PID:1876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS9877.tmp\1367021193.log

Filesize
6KB

MD5
7d20fc790787d90735f3040a08576b61

SHA1
2f9787c9ffc52cbf98d99a1e40980b49bb0842a3

SHA256
f12735e97ca6efcdc23cf9e0bfb04648a14df7302bd59f007f7be5cf9931beae

SHA512
246b36be911dc5914eddb6806d191793702903a0a2c695c83780fea1846311ceb7e3014bf9c5dd4029810a3c6493da36497b746e0bc57e69599b3404d104d0d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9877.tmp\4ehoV.dll

Filesize
258KB

MD5
e1d10cccd5dde588af8ee2cb7309523c

SHA1
0b9e805077320b0ce1e6620488bd34f1c4d7827e

SHA256
9900e517bfd4b39bd7af4bb360af52f6c95ef9b3e7ef36d2633485c58bef9a1a

SHA512
a929eaae12f5cb28e224fc31298af2808f995c5a06bc6f47d95879703dbb9369e2e35b4e50a452e91741e6a949336220348dbb3c389c46ea2e0ca41f592dcaa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9877.tmp\4ehoV.tlb

Filesize
2KB

MD5
9156db5f76d48049dbc41fd1b58b3f34

SHA1
5eb1df59f9b5b06ab00137fc9e6451e323d3102c

SHA256
66fab808188a98ba49d99b723a181aa6626197d50bd2d5e15e076dcbc6fbb2cc

SHA512
742a77e71c34632146e16acadb6b381694072c7f4c2dea1df1dfc645ed42673ba153c832d167474dc41f9b608142a8c41b4aecda1efdab90d87d4f5c718bf149

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9877.tmp\4ehoV.x64.dll

Filesize
319KB

MD5
4f5c722b8686afbea6f09c53171d44ca

SHA1
184c60aafbb12d1023b1ce2aff4d3708607a75a1

SHA256
870c280ea861313edda0bd3950dc738ea68d006f315888d66023b54e5f98f0ea

SHA512
e471a86079a16d129ea0c01878af77d1aa132e629832d3f0f3d1f8a3dd250ed41c8d2f37403a10c8061fff07c07dda926ba7ffcc417c6e0100005a0f2721417a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9877.tmp\EbgVPC.dat

Filesize
5KB

MD5
5a53f73a7b57302c7ef2a3f86f9fdbdb

SHA1
6ac89b97784c2d598a73845ae0b87c1bd43aa095

SHA256
35e58bc8472d2f488ebd63947fe9aa33c588b0b07fca745ec495a3aac7351f69

SHA512
98492783cc9063ae0d5072a2d5135c299450a6ad981947a4c8ae9527d6c0aacaaa591ff2866a1135235aba686c2ed21fe9ff1e3a8b9ebef6f7dbd4eaf2661045

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9877.tmp\EbgVPC.exe

Filesize
334KB

MD5
8300c91b40229b42301aebc6d8859907

SHA1
0b55e56a6add6b4dd4ceff475a0018a203d02a5a

SHA256
f54a6814ac06c70ef5b738eca4855e49039783d96b70ba1ae461bd90877e53b5

SHA512
0863750da143e1707513f4a2efe1ad6cf81f5a819c7d5496d1629745afffcf72338aa9de90479d5e0936e848f9b260c434fd369027c56be175814086cafd4d8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9877.tmp\fgnigbgbbaabgmleenebebbpkcccippg\EwuG4H.js

Filesize
5KB

MD5
fafe93f98f16c0f969422f8430ca6c07

SHA1
9be92fd594cc8bac02d88f08b8830ede08bec28d

SHA256
4bb3fdb0d8cc833280068c91d602bbaec8718e608eaf82a2f69905fc2470046e

SHA512
0830ce72dd53e0eeb6c4a51150c18811bfeb916d155901213d12c9ea3b643a74bc99be0bd91caf089f83a8cc140797fdd86e03da9d48133b857a38fdc2667d63

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9877.tmp\fgnigbgbbaabgmleenebebbpkcccippg\background.html

Filesize
143B

MD5
8d41c3bcba024731fd51fe99f198f821

SHA1
e02d7ba70868f89ec6a0957ed07648974dd90e78

SHA256
0b90cf7ba24ca372b7a8371b50a466903fddb356a9fe70b4391c4131b022bd5b

SHA512
fc5a01b752dc2ef8549a86600920332cf9d94c323c8a090cfc18ebcfebdfa31dbf5eb32852201d1c4f6fb340bb4d6c90241805eee85b27b66ba0ebbf88ea1c4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9877.tmp\fgnigbgbbaabgmleenebebbpkcccippg\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9877.tmp\fgnigbgbbaabgmleenebebbpkcccippg\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9877.tmp\fgnigbgbbaabgmleenebebbpkcccippg\manifest.json

Filesize
502B

MD5
e9733577300447c7542b47da119e80af

SHA1
fc10d47f03bd3527993618dbc7da89d7b7a52759

SHA256
4613a06d9043616abe7b393a9b0b2cd8485ed35dd99a85fd65f05512e296ca7a

SHA512
b62e4a87df4f5b719500db3a4b539e1cdfc40e5b0a46b5bde5a75ee7d7ee32c359a68be98965d8fa136eca6f3eae625d04193aa98391b5420c7cec00d3095bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9877.tmp\fgnigbgbbaabgmleenebebbpkcccippg\sqlite.js

Filesize
1KB

MD5
f72fb138c0187801e668583b9e7ce4a6

SHA1
196c4e31642e97663352cd6eca9b218b1e9e49c6

SHA256
deafdbd4d04a8d6fb6ee684c461220862b339ea3ecafebfd6c869f88cb377908

SHA512
8c8218ab2e341b7c20c987eafba98ea4e3053498b0e307ddbd7d66156d6dad28aa4d2af63e1da12eb9617f65a16edd74cb933e02467dbba17f690ddbe630de24

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9877.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
1b53c596cfb1aa2209446ff64c17dabd

SHA1
2542da14728dcdbe1763f1ee39fe9ceae38ad414

SHA256
a7dfea4bf7e1d46a8b8e64ccfb2cf35017e3a5b350eead26d6671254d2b3c46f

SHA512
be54481675c38ef6a41697cf8cd3ab5a0b126922b192732a9c587dd8905b74b66c79eb0c849f62bbe8934979a894be63734b0ad59ffae295f5797cbfaa327030

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9877.tmp\[email protected]\chrome.manifest

Filesize
104B

MD5
b52d352badacb70b0be86d5d45061913

SHA1
d1044601491b8289d1da87af0f53604890763a9e

SHA256
0c5b4d08c950ea0447fc24d7f978d4e94506a327356704ed2df2779d5b2b6546

SHA512
98730f53321be491135cabd8fce4e30e195236d76a93ad4bf38627c545f121e9c9c3de1a489476f379bf0b37a2d1199f1e844b088f7226d52bf669a7f53d16c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9877.tmp\[email protected]\content\bg.js

Filesize
9KB

MD5
75a5ca05b5473179f4e219e4b24358b5

SHA1
1710b1a940cdf4df4f99d4cb5237a9d4b8b98517

SHA256
e94daf1be984f115e5320b85916b207027b86d9cb9b56687b0a407906946cd77

SHA512
8d64f86a13bf8c22a2f059c15421e9f2747f91c88629ed445a58ef67102e3b94d1b172b5291549781b84d3cc5dfbd6fe20a89e9f3e5794a31c70d92c3d140ebb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9877.tmp\[email protected]\install.rdf

Filesize
606B

MD5
c2dbad20b55741ffb9c501a145246d6b

SHA1
2f32a72d2d40c7cb35539fda0acaa23d4c9d71fe

SHA256
fdc3e38c33f25f719854ab8461163aae44bc78cf19020d42fd0c1aa606fa2f8b

SHA512
a57cc6240dffd465ec3ffa3471d77b157e1d0de8809a3c21264c4276340173d54af5b77f9826f323b78b2850c92abbd598b152c1b74fc4d3ba9a86d1560a0445

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads