Analysis
-
max time kernel
111s -
max time network
27s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
04-01-2024 13:52
Static task
static1
Behavioral task
behavioral1
Sample
INs.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
INs.exe
Resource
win10v2004-20231215-en
General
-
Target
INs.exe
-
Size
53KB
-
MD5
53d266f79e065761f85f145fe4b38e58
-
SHA1
8455381ce40ed75e791d4d904fd31b3dda0a227f
-
SHA256
3ea1f5c46ec453361e4596fdc9a1084a0f4922c970e2075bac3f54478f5b27d5
-
SHA512
5e7dc399de29e53be1686d86a2627fc8b066412a92d1cabbe824eee5f41d5ffc964c5ab453a69e3fbe8fdd4e55a683f6282c840889351de070a5621087cae224
-
SSDEEP
768:3aivuye1kVtGBk6P/v7nWlHznbkVwrEKD9yDwxVSHrowNI2tG6o/t84B5nj:3neytM3alnawrRIwxVSHMweio3
Malware Config
Extracted
C:\Users\Public\Music\Sample Music\how_to_back_files.html
Signatures
-
GlobeImposter
GlobeImposter is a ransomware first seen in 2017.
-
Renames multiple (68) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
INs.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\BrowserUpdateCheck = "C:\\Users\\Admin\\AppData\\Local\\INs.exe" INs.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5c120969fb90aff177be5fec5663ad8a3
SHA1ed98951da70528825af2fec6b896b046744a6a0a
SHA2569b3278a68fb2d16fade571a2608ada6a25e55ad76e32401fb150ac87d5b092b2
SHA512a72cc1aed69eca0531f09a3d2ea8451a6341254536c493472e0e57928a47c150983d2fb9597bd9225ddec250f3e35cf43ab6d7b2470846d05dc68f7717961e41