98ba0159564afe92a67ee0986c7bcab868c58575b13d18654b1ebcdaca3f3494

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-02-2024 04:22

Target

adad75e8e40e780e8ea30ed1785fa520.exe
Size

2.9MB
MD5

adad75e8e40e780e8ea30ed1785fa520
SHA1

f27334b48f813419e3198d727f96109153a0d8b9
SHA256

98ba0159564afe92a67ee0986c7bcab868c58575b13d18654b1ebcdaca3f3494
SHA512

b8371b840e518a3208a860b2cce557f8868ee2df1bb78772359a46ae17a21510a95a87ff06423bfd3449ba4aa5c4cdae51a1280f8cad34ec08cb9abce2fb7ea7
SSDEEP

49152:bkgZuoSwsvlB2GnA8SF1oaO/z8rls5ojsPwzQWKK4JGuz5BkJdPNWfRWx4ZA:Qgyf2H8SkRb1TPwkTJGe5Bk7PNWAx42

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2256	GLB5E2D.tmp

Loads dropped DLL 3 IoCs

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\GLBSINST.%$D	GLB5E2D.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 2256	4908	adad75e8e40e780e8ea30ed1785fa520.exe	87
PID 4908 wrote to memory of 2256	4908	adad75e8e40e780e8ea30ed1785fa520.exe	87
PID 4908 wrote to memory of 2256	4908	adad75e8e40e780e8ea30ed1785fa520.exe	87

C:\Users\Admin\AppData\Local\Temp\adad75e8e40e780e8ea30ed1785fa520.exe
"C:\Users\Admin\AppData\Local\Temp\adad75e8e40e780e8ea30ed1785fa520.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Users\Admin\AppData\Local\Temp\GLB5E2D.tmp
  C:\Users\Admin\AppData\Local\Temp\GLB5E2D.tmp 4736 C:\Users\Admin\AppData\Local\Temp\ADAD75~1.EXE
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  PID:2256

C:\Users\Admin\AppData\Local\Temp\GLB5E2D.tmp

Filesize
70KB

MD5
2b18096d7f4509a59ae63a5dd87f7994

SHA1
d46b3a99c4ffaaf5f0204881b156b434421575a7

SHA256
fd66cfc55c4bfe35d88f07af6bef455b2b364667ae12ade369935572a4aabe1c

SHA512
0569ed925c4684f391eaffcc464e2403ce0a9665ae97777d5e9c43476b64b199b56897035e81c3bdde76a713ff6f3ccb6b8ab1e471b2863bd6faf84780bd870b

Download Submit
C:\Users\Admin\AppData\Local\Temp\GLC5F75.tmp

Filesize
161KB

MD5
8c97d8bb1470c6498e47b12c5a03ce39

SHA1
15d233b22f1c3d756dca29bcc0021e6fb0b8cdf7

SHA256
a87f19f9fee475d2b2e82acfb4589be6d816b613064cd06826e1d4c147beb50a

SHA512
7ad0b2b0319da52152c2595ee45045d0c06b157cdaaa56ad57dde9736be3e45fd7357949126f80d3e72b21510f9bf69d010d51b3967a7644662808beed067c3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\GLK6032.tmp

Filesize
30KB

MD5
3df61e5730883b2d338addd7acbe4bc4

SHA1
03166e6230231e7e3583cf9c8944f4967aa1bf1b

SHA256
2efe9a54c8eb878711d9b6cd18f276838645aff52fe69d8a864376cb258ec616

SHA512
36e9d705d22dad3d952b4da578a990f2b63ec2f9fbf2734efdaea9ecbd4f07a8d7232792eb5bdd81c553354d51334993cb6103c377f3483a680eac9e41cd2087

Download Submit