v7942.exe

Status: finished

Submission Time: 2025-03-15 13:55:17 +01:00

Malicious

Trojan

Spyware

Evader

Stealc, Vidar

Comments

Details

Analysis ID:
1639385
API (Web) ID:
1639385
Analysis Started:

2025-03-15 13:55:18 +01:00
Analysis Finished:

2025-03-15 14:07:50 +01:00
MD5:
b6fff0854975fdd3a69fd2442672de42
SHA1:
301241ad8d04a29bec6d43e00b605df4317f406a
SHA256:
fe0d2c8f9e42e9672c51e3f1d478f9398fe88c6f31f83cadbb07d3bb064753c6
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 36/73

malicious

Score: 26/36

malicious

IPs

IP	Country	Detection
77.90.153.241	Germany
78.47.63.132	Germany
23.219.82.40	United States
Click to see the 22 hidden entries
204.79.197.203	United States
142.250.186.164	United States
172.64.41.3	United States
18.173.219.84	United States
204.79.197.219	United States
13.74.129.1	United States
52.182.143.215	United States
149.154.167.99	United Kingdom
2.22.242.105	European Union
77.90.153.245	Germany
77.90.153.244	Germany
216.58.212.161	United States
142.250.185.196	United States
239.255.255.250	Reserved
23.57.90.142	United States
18.244.18.32	United States
23.200.0.10	United States
20.110.205.119	United States
23.197.127.21	United States
142.250.185.142	United States
2.22.242.97	European Union
162.159.61.3	United States

Domains

Name	IP	Detection
t.p.formaxprime.co.uk	78.47.63.132
clients2.googleusercontent.com	0.0.0.0
c.msn.com	0.0.0.0
Click to see the 32 hidden entries
weaponrywo.digital	0.0.0.0
ntp.msn.com	0.0.0.0
bugildbett.top	0.0.0.0
crosshairc.life	0.0.0.0
mrodularmall.top	0.0.0.0
cjlaspcorne.icu	0.0.0.0
guntac.bet	0.0.0.0
assets.msn.com	0.0.0.0
bzib.nelreports.net	0.0.0.0
c2a9c95e369881c67228a6591cac2686.clo.footprintdns.com	0.0.0.0
jowinjoinery.icu	0.0.0.0
legenassedk.top	0.0.0.0
htardwarehu.icu	0.0.0.0
apis.google.com	0.0.0.0
api.msn.com	0.0.0.0
bg.microsoft.map.fastly.net	199.232.210.172
plus.l.google.com	142.250.185.142
a416.dscd.akamai.net	2.22.242.105
ax-0002.ax-msedge.net	150.171.28.11
t.me	149.154.167.99
a-0003.a-msedge.net	204.79.197.203
c-msn-pme.trafficmanager.net	13.74.129.1
ax-0001.ax-msedge.net	150.171.27.10
a233.dscd.akamai.net	2.22.242.97
citywand.live	0.0.0.0
steamcommunity.com	23.197.127.21
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.57.35
sb.scorecardresearch.com	18.244.18.32
www.google.com	142.250.186.164
googlehosted.l.googleusercontent.com	216.58.212.161
s-part-0032.t-0009.t-msedge.net	13.107.246.60
chrome.cloudflare-dns.com	162.159.61.3

URLs

Name	Detection
http://77.90.153.241/a07daa7aeaf96e14/sqlite3.dll
http://anglebug.com/3625
https://www.google.com/images/branding/product/ico/googleg_alldp.ico
Click to see the 97 hidden entries
https://taboola.com
https://steamcommunity.com/profiles/76561199832267488dqu220Mozilla/5.0
https://lens.google.com/gen204
https://issuetracker.google.com/issues/166475273
http://anglebug.com/4836
https://chrome.google.com/webstoreLDDiscover
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
https://sb.scorecardresearch.com/b2?rn=1742043403500&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=29535F340DD9650527FA4A840C536462&cs_fpit=o&cs_fpdm=null&cs_fpdt=null
http://www.unicode.org/copyright.html
http://anglebug.com/3624
https://broadcast.st.dl.eccdnx.com
http://77.90.153.244/l9543.exeLUd
http://anglebug.com/3623
http://anglebug.com/3502
https://t.me/g_etcontent
https://permanently-removed.invalid/RotateBoundCookies
https://creative-serving.com
https://gemini.google.com/app?q=
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1742043406613&w=0&anoncknm=app_anon&NoResponseBody=true
https://nexxen.tech
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
https://guntac.bet:443/bSHsyZD
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
http://77.90.153.241ta
https://clients2.googleusercontent.com/crx/blobs/Ad_brx23lef_cW590ESOTTAroOhZ9si0XFJIUC52j2ILHW1VLB5ou6c0RgLWwGr1aRJJZ0WPNyiPBYgIpWfykvhKW-6BLzMRsp9ykw5f6ReBQmPpO6WB9pcSJPfykLTHDjYAxlKa5bf72z8tHS5eXuTavTP1h4WZBjSs/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_89_1_0.crx
https://guntac.bet/bSHsyZDn
https://issuetracker.google.com/166809097
http://anglebug.com/4937
https://pinterest.com
https://permanently-removed.invalid/MergeSession
https://docs.google.com/spreadsheets/?usp=installed_webappler
http://anglebug.com/2517
http://anglebug.com/5906
https://anglebug.com/7161
http://www.google.com/update2/response
http://77.90.153.241/612acd258782ade8.phpition:
http://anglebug.com/5901
https://chrome.google.com/webstore/category/extensions
http://77.90.153.241a07daa7aeaf96e14/sqlite3.dllxe
https://semafor.com
https://mail.google.com/mail/?tab
https://google-ohttp-relay-query.fastly-edge.com/2P
https://labs.google.com/search?source=ntp
https://support.mozilla.org/products/firefoxgro.all
https://apis.google.com
https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
http://anglebug.com/3970
http://unisolated.invalid/
https://mail.google.com/chat/download?usp=chrome_defaultu
https://steamcommunity.com/profiles/76561199822375128
https://anglebug.com/7369
http://77.90.153.244/sss81242.exe
https://anglebug.com/7246
https://audienceproject.com
http://anglebug.com/6929
https://www.youtube.com/s/notifications/manifest/cr_install.htmlndler
http://developer.chrome.com/docs/extensions/how-to/distribute/install-extensions)
https://docs.google.com/spreadsheets/?usp=installed_webappefault
https://ogs.google.com/widget/callout?eom=1
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true
https://www.youtube.com/s/notifications/manifest/cr_install.htmloot
https://mail.google.com/chat/
http://dns-tunnel-check.googlezip.net/connect
https://steamcommunity.com/profiles/76561199822375128/inventory/
https://www.gstatic.cn/recaptcha/
https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/
https://docs.google.com/spreadsheets/?usp=installed_webapplidator
https://anglebug.com/7382
http://anglebug.com/4633
https://permutive.app
https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
https://google-ohttp-relay-query.fastly-edge.com/KAnonymityServiceJoinRelayServer
https://checkout.steampowered.com/
https://weborama-tech.ru
https://docs.google.com/presentation/u/0/create?usp=chrome_actions
https://permanently-removed.invalid/reauth/v1beta/users/
https://m.google.com/devicemanagement/data/api
http://anglebug.com/4722
https://assets.msn.com/statics/icons/favicon_newtabpage.png
https://shared-storage-demo-publisher-a.web.app
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1742043407324&w=0&anoncknm=app_anon&NoResponseBody=true
https://permanently-removed.invalid/v1/issuetoken
https://bzib.nelreports.net/api/report?cat=bingbusiness
http://77.90.153.244/l9543.exeF
https://support.google.com/chrome/answer/6098869
https://aqfer.com
https://postrelease.com
https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
https://eloan.co.jp
https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
https://lv.queniujq.cn
https://shinobi.jp
https://issuetracker.google.com/161903006
https://apex-football.com
https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview
https://mail.google.com/chat/download?usp=chrome_defaults

Dropped files

Name	File Type	Hashes
:cat (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\ph4eu37qie.exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\ProgramData\xlng4w479r.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
Click to see the 7 hidden entries
C:\ProgramData\zmgdjecba1.exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\s9471[1].exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\sss81242[1].exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\l9543[1].exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\0Ru0udcQ\4TzoHWrzkq4Uuk1w.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\0Ru0udcQ\eKQjcS7RNcSarFuG.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\4mfMnLLX\EJNNjjms8tHlPaG5.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#

Deep Malware Analysis

v7942.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

v7942.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

v7942.exe