ebf29f6e0d7487301d2670db3686b07bfbb4a7cce0ea022ac03cac9d16deeb78

Analysis

max time kernel
25s
max time network
135s
platform
windows10_x64
resource
win10v20210410
submitted
23-04-2021 09:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9c47fe6c8dbedae7d4f92d185d56509f0932e74a5ed9d3a28a4789461968f03e.exe
Size

1.5MB
MD5

a143c89f4ea3dac8b9d2b483100997d8
SHA1

3dfc565d01f7d49f9cd09355377cad7b16277599
SHA256

9c47fe6c8dbedae7d4f92d185d56509f0932e74a5ed9d3a28a4789461968f03e
SHA512

cddb9bcd9437c368043bd92f2a815e322f675ce7db7bda1c7ea4cdac1bf1b22cfb7aaa89cd06dd17f7f74f405320200ec71a14131a5c64502df0fbafdd0e73f5

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

GLBF28.tmp

pid process

3564 GLBF28.tmp
Loads dropped DLL 3 IoCs

Processes:

GLBF28.tmp

pid process

3564 GLBF28.tmp
3564 GLBF28.tmp
3564 GLBF28.tmp
Drops file in System32 directory 1 IoCs

Processes:

GLBF28.tmp

description ioc process

File created C:\Windows\SysWOW64\GLBSINST.%$D GLBF28.tmp

pid	process
3564	GLBF28.tmp

pid	process
3564	GLBF28.tmp
3564	GLBF28.tmp
3564	GLBF28.tmp

description	ioc	process
File created	C:\Windows\SysWOW64\GLBSINST.%$D	GLBF28.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

9c47fe6c8dbedae7d4f92d185d56509f0932e74a5ed9d3a28a4789461968f03e.exe

description	pid	process	target process
PID 4024 wrote to memory of 3564	4024	9c47fe6c8dbedae7d4f92d185d56509f0932e74a5ed9d3a28a4789461968f03e.exe	GLBF28.tmp
PID 4024 wrote to memory of 3564	4024	9c47fe6c8dbedae7d4f92d185d56509f0932e74a5ed9d3a28a4789461968f03e.exe	GLBF28.tmp
PID 4024 wrote to memory of 3564	4024	9c47fe6c8dbedae7d4f92d185d56509f0932e74a5ed9d3a28a4789461968f03e.exe	GLBF28.tmp

C:\Users\Admin\AppData\Local\Temp\9c47fe6c8dbedae7d4f92d185d56509f0932e74a5ed9d3a28a4789461968f03e.exe
"C:\Users\Admin\AppData\Local\Temp\9c47fe6c8dbedae7d4f92d185d56509f0932e74a5ed9d3a28a4789461968f03e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4024

C:\Users\Admin\AppData\Local\Temp\GLBF28.tmp
C:\Users\Admin\AppData\Local\Temp\GLBF28.tmp 4736 C:\Users\Admin\AppData\Local\Temp\9C47FE~1.EXE
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:3564

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\GLBF28.tmp
MD5
3894b350d87fc2e6bb7258164803b055

SHA1
d39bf3e68787f2f11b4ae4d24900e83cc9127714

SHA256
3e509414d6553ea56912fb9e1019ffac699d6eaa2ed132e5eca910e6f6da6b03

SHA512
3e845f53ace224c34cd8888d0e59f7d1660b680c2e26c8f88b8b009a0b3e2e431102bc791c550e44d066e5db19514b031b14e6861ab11f61bc0be3a7cd9d1ffc

Download Submit
C:\Users\Admin\AppData\Local\Temp\GLBF28.tmp
MD5
3894b350d87fc2e6bb7258164803b055

SHA1
d39bf3e68787f2f11b4ae4d24900e83cc9127714

SHA256
3e509414d6553ea56912fb9e1019ffac699d6eaa2ed132e5eca910e6f6da6b03

SHA512
3e845f53ace224c34cd8888d0e59f7d1660b680c2e26c8f88b8b009a0b3e2e431102bc791c550e44d066e5db19514b031b14e6861ab11f61bc0be3a7cd9d1ffc

Download Submit
\Users\Admin\AppData\Local\Temp\GLC110D.tmp
MD5
fbd929bfc7b4a9e4fa4506655bab4c4a

SHA1
b4df84de80729a04ed90dc976a3e730a568f24f8

SHA256
adf8dea5d36b58cf621e2bb0c4549f94e0919308dd7cc1215d942417c45e54a4

SHA512
b310e79848dc2a3c6a4524e0b120e2e3dd73ecb6852c65a9eec368045f7bab0b141210726476dd3cb0c1d9008e1f34149f35c03a0156a9eef7d4a7fbc61ea1b4

Download Submit
\Users\Admin\AppData\Local\Temp\GLK114C.tmp
MD5
3df61e5730883b2d338addd7acbe4bc4

SHA1
03166e6230231e7e3583cf9c8944f4967aa1bf1b

SHA256
2efe9a54c8eb878711d9b6cd18f276838645aff52fe69d8a864376cb258ec616

SHA512
36e9d705d22dad3d952b4da578a990f2b63ec2f9fbf2734efdaea9ecbd4f07a8d7232792eb5bdd81c553354d51334993cb6103c377f3483a680eac9e41cd2087

Download Submit
\Users\Admin\AppData\Local\Temp\GLK114C.tmp
MD5
3df61e5730883b2d338addd7acbe4bc4

SHA1
03166e6230231e7e3583cf9c8944f4967aa1bf1b

SHA256
2efe9a54c8eb878711d9b6cd18f276838645aff52fe69d8a864376cb258ec616

SHA512
36e9d705d22dad3d952b4da578a990f2b63ec2f9fbf2734efdaea9ecbd4f07a8d7232792eb5bdd81c553354d51334993cb6103c377f3483a680eac9e41cd2087

Download Submit
memory/3564-114-0x0000000000000000-mapping.dmp

Download
memory/3564-120-0x0000000000591000-0x0000000000593000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads