Malware Analysis Report

2025-04-13 22:07

Sample ID 240825-lvdnzsxgjd
Target GGM 2.7-20161025.zip
SHA256 f6ebacb7218869005e20afbef53ca68110aef03f5f002c6506634f4e9e712493
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

f6ebacb7218869005e20afbef53ca68110aef03f5f002c6506634f4e9e712493

Threat Level: Shows suspicious behavior

The file GGM 2.7-20161025.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in System32 directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Scheduled Task/Job: Scheduled Task

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 09:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 09:50

Reported

2024-08-25 09:53

Platform

win7-20240705-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\GGM 2.7-20161025.exe"

Signatures

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\is-IILJT.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\GGM 2.7\Skins\Std\Config\is-E6FQ0.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Update\X64\Skins\is-46DIG.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\is-T7RSA.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\DPISetting\DPIStage\is-17JAN.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Update\X64\Skins\is-DHJT8.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\AngleSnap\is-7H6CP.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\DPISetting\DPIStage\is-69QB3.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\MacroManagement\is-7PM48.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\is-N1RU0.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File opened for modification C:\Program Files\GGM 2.7\Update\X86\ISPDLL.dll C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\StageSlider\is-40TJQ.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\AngleSnap\is-O8BH8.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\MacroManagement\is-7JCVU.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\Mouse\Front\is-3OUBL.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\Mouse\Side\is-DT6UN.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\MouseAttribute\Speed\is-40VGN.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Update\X64\Skins\is-KTE98.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Update\X86\Skins\is-BQUOL.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\Mouse\Front\is-9UST1.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\is-PC1IM.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\Config\is-RFBHG.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\DPISetting\DPIStage\is-ILAR7.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\DPISetting\DPIStage\is-1FA1E.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\Help\is-TNTFL.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\Mouse\Front\is-1HN38.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Update\X64\Skins\is-LBBK8.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File opened for modification C:\Program Files\GGM 2.7\Update\X64\ISPDLL.dll C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\is-7FKAK.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\AngleSnap\is-DU92U.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\DPISetting\DPIStage\is-BIUCI.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\DPISetting\DPI设定-色块\is-1C5GD.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\Mouse\Front\is-97I4M.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Update\X86\Skins\is-7HUB5.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\DPISetting\DPIStage\is-PVUAU.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\Help\is-NFL0T.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\Mouse\Side\is-A7TIC.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\is-VIHJR.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\DPISetting\DPIStage\is-2JAHO.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\DPISetting\DPI设定-色块\is-JBIS9.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\MacroManagement\is-GS6B5.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\MacroManagement\is-C62OA.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\MouseAttribute\ScrollSpeed\Unused\is-PHAIP.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\DPISetting\DPIStage\is-VH5P8.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\DPISetting\DPIStage\is-C4NNI.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\DPISetting\DPIStage\is-451M9.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\Help\is-Q7NLO.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Update\X86\Skins\is-BTSGJ.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\MouseAttribute\ScrollSpeed\is-SAFE4.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\DPISetting\DPIStage\is-EJ22F.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\DPISetting\DPIStage\is-DRBUI.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\MouseAttribute\ScrollSpeed\Unused\is-9P204.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\DPISetting\DPIStage\is-CEKS0.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\DPISetting\DPIStage\is-JQF13.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\is-QBHNL.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\DPISetting\DPIStage\is-21D8M.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\DPISetting\DPIStage\is-ULBLU.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\DPISetting\DPIStage\is-S8U7G.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\DPISetting\DPIStage\is-49SS5.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Update\X86\Skins\is-OHDF2.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\DPISetting\DPIStage\is-KE729.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\StageSlider\is-7ND72.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\DPISetting\DPIStage\is-847GL.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\Mouse\Front\is-UA2C1.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
File created C:\Program Files\GGM 2.7\Skins\Std\MouseAttribute\Speed\is-QOP96.tmp C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\GGM 2.7-20161025.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp N/A
N/A N/A C:\Program Files\GGM 2.7\GGM 2.7.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\GGM 2.7\GGM 2.7.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\GGM 2.7\GGM 2.7.exe N/A
N/A N/A C:\Program Files\GGM 2.7\GGM 2.7.exe N/A
N/A N/A C:\Program Files\GGM 2.7\GGM 2.7.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2040 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\GGM 2.7-20161025.exe C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp
PID 2040 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\GGM 2.7-20161025.exe C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp
PID 2040 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\GGM 2.7-20161025.exe C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp
PID 2040 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\GGM 2.7-20161025.exe C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp
PID 2040 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\GGM 2.7-20161025.exe C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp
PID 2040 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\GGM 2.7-20161025.exe C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp
PID 2040 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\GGM 2.7-20161025.exe C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp
PID 2864 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp C:\Users\Admin\AppData\Local\Temp\is-H9PBG.tmp\_isetup\_setup64.tmp
PID 2864 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp C:\Users\Admin\AppData\Local\Temp\is-H9PBG.tmp\_isetup\_setup64.tmp
PID 2864 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp C:\Users\Admin\AppData\Local\Temp\is-H9PBG.tmp\_isetup\_setup64.tmp
PID 2864 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp C:\Users\Admin\AppData\Local\Temp\is-H9PBG.tmp\_isetup\_setup64.tmp
PID 2864 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp C:\Windows\system32\schtasks.exe
PID 2864 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp C:\Windows\system32\schtasks.exe
PID 2864 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp C:\Windows\system32\schtasks.exe
PID 2864 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp C:\Windows\system32\schtasks.exe
PID 2864 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp C:\Program Files\GGM 2.7\GGM 2.7.exe
PID 2864 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp C:\Program Files\GGM 2.7\GGM 2.7.exe
PID 2864 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp C:\Program Files\GGM 2.7\GGM 2.7.exe
PID 2864 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp C:\Program Files\GGM 2.7\GGM 2.7.exe
PID 2864 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp C:\Program Files\GGM 2.7\GGM 2.7.exe
PID 2864 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp C:\Program Files\GGM 2.7\GGM 2.7.exe
PID 2864 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp C:\Program Files\GGM 2.7\GGM 2.7.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\GGM 2.7-20161025.exe

"C:\Users\Admin\AppData\Local\Temp\GGM 2.7-20161025.exe"

C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp

"C:\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp" /SL5="$30144,3835740,134144,C:\Users\Admin\AppData\Local\Temp\GGM 2.7-20161025.exe"

C:\Users\Admin\AppData\Local\Temp\is-H9PBG.tmp\_isetup\_setup64.tmp

helper 105 0x260

C:\Windows\system32\schtasks.exe

"C:\Windows\system32\schtasks.exe" /create /XML C:\Windows\system32\GmTaskPlan64.xml /tn net-GmTaskPlan

C:\Program Files\GGM 2.7\GGM 2.7.exe

"C:\Program Files\GGM 2.7\GGM 2.7.exe"

Network

N/A

Files

memory/2040-0-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2040-2-0x0000000000401000-0x0000000000412000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-VSOF9.tmp\GGM 2.7-20161025.tmp

MD5 6c80b708448f522beb25e70d98c6c2ed
SHA1 4395c9fe22e72d72a50d9b0980a3ce93281b4ab4
SHA256 c3c6bf576ee5f1bb7db3ffc5b4f0b3a5490783f823f6ebf1131c4d2cd6516e1c
SHA512 e7911d085b8a55018d068c35767226c8b450c77c6787ab55ecbf7e8ecbb806913cbeb09fbd27abe8ff1ec81ff40201e20509348da82a85d734ca6a9cf5e5dbfb

memory/2864-8-0x0000000000400000-0x0000000000530000-memory.dmp

C:\Program Files\GGM 2.7\Update\X64\Skins\is-7OU0L.tmp

MD5 64dcd634deabe00dde4b85689d40e7c4
SHA1 c802295d7fd5455a06e05f349a4e721a21e010eb
SHA256 ee09ffc9bd949d1b271c57e94541a85e20dacdfd2ee4dc600ee7ebf256a4e3fb
SHA512 95e05a4083ddb585817a867f4909bf8e4989c4bc2ea0c0619bea678b616e1e463ce7af8b764aeeed973bfc5e195f0d580eb14cd948b0155e2f9f4f3ca14172d1

C:\Program Files\GGM 2.7\Update\X86\Skins\is-6HV0K.tmp

MD5 abe05bfd5471563b9fa178cce1a6e7aa
SHA1 11d18383203a0f031569024004e577b53ee59a40
SHA256 55ba8a73a0c0e0815ea28e5cc3d819b8f74fe27146ff044d3d52b71d75725877
SHA512 6f31cc7399fb914c914173dd85beabcafcb53a9a35a03dbb49c1425af25988898cce7177b93797aa9cf04583894dbc72cd081f904835386a5c24a2b06461788c

C:\Program Files\GGM 2.7\Update\X86\Skins\is-HUG50.tmp

MD5 3c2a81c5da1e6784ae28984455046a15
SHA1 24993ddee5bc36b6f92b484ba097e77699b62312
SHA256 49f9e25f82cee153ca937d46faf1a0e2ea197a86526f395206f1f2095945dc35
SHA512 09cac03a5bb0551ccc678ba74167d54a800b47d22f89d82eae6872046388591caba4ee11ac5eab355e123acc17f50dcae17969cbcb217b0c4d42be87c213e84d

C:\Program Files\GGM 2.7\Update\X86\Skins\is-7HUB5.tmp

MD5 494c4f66ea1886ce7e68b4fb7aad93f0
SHA1 0a1ccdbb79f135febc1d24a86abf554a61dd3008
SHA256 638ec545f1a34ee42ecb1b0ee355843122365297d69e94ed53fa71873ed029ef
SHA512 069e2fc73de2e4481bc10c70fbc3f2c6a0461ba81ac82c004db12658c8fbcc20230156de13b953329295f6436b5798ff3e27d3e4eae066246aa79693b3a54096

C:\Program Files\GGM 2.7\Update\X86\Skins\is-FJ7R8.tmp

MD5 bf6b2b65b3b15c6e057f7166f31b46c8
SHA1 773905561ebe0bc59268af9ba6f29ec50d4e79a9
SHA256 5c0b0d4b9cbad99a9b435dda534af8b34f3cc2444df05289f6a2d2d658130c63
SHA512 4a6b8492909e9727e74d477643531f47f7371d478d1eb5121096e12f4b6680015741a6f1c8ed4723716a98797d45f1b57bd12f6b466e765757854ec7a4c8562a

C:\Program Files\GGM 2.7\Update\X86\Skins\is-BJC1S.tmp

MD5 dbfd2f20d5289d5e94f64b4f3762298d
SHA1 9e244bd5101aa9e0fe269a9368e2b1674e8ab977
SHA256 7b3f3158a346939465ed1e115ac79bc133544b39762bc4f11575f30fcbd60c0e
SHA512 50c611bbbdf77058a159db6ab1eddeef3e7d32337fe97efa5d67cbd2e45c2c21399e8c85d318bd684bd23cb0beb56367832663d216edfc6c038d66275905dcc0

C:\Program Files\GGM 2.7\Update\X86\Skins\is-9IGI9.tmp

MD5 3cd70d01d8ddf8636e918070e5fc6d21
SHA1 715c9648f90cde0b1dc8e1e881ebfca18fd90425
SHA256 5b00e2ec228949078e96a1d72284e0f2eb20305a611047c96e1a89b60548cc33
SHA512 0357bdff6f113cff14e3e14cf8cd721ac85838c4d55dade26ccdb1988e36ee8ac0de834e562e2c92db113221e182038d182f006b5637f1ae18805dc54b276e18

C:\Program Files\GGM 2.7\Update\X86\Skins\is-BTSGJ.tmp

MD5 462119c60793ae5905584ee2de079501
SHA1 34760cb7a15ae57e1252f3e4f248fd5376950475
SHA256 87fa6515c6a284755daca90734c3255e3dbfce361200987c7cf4782b09facd02
SHA512 df715c6d5cf7451a98eb9b455593dc0a57e5ab03709bcedaa008863701d4390d1d223562db67a56beb4c89872bc12a5969051335ab49380065d2b37701c0629c

C:\Program Files\GGM 2.7\Update\X86\Skins\is-2JIST.tmp

MD5 e483eba04c9346d6878cf06599867a98
SHA1 5e77d4e9d972caca633351ec1f89ab819cb68fa0
SHA256 ce380be17fab6b8e59a74728bcdb0bd53cda31b2c8ac1622f43e257ce5629f5c
SHA512 5c844b9d259123624a6f58ee8eaee1dd1df7111f6f06dc6923fe62c7f63f6a7fa169f5e2ca80e33ef2eee2d4b1808fae5b16a97b6ea26bd7241101099fd164ab

C:\Program Files\GGM 2.7\Update\X86\Skins\is-A9SUU.tmp

MD5 f3b5f677a015143144b3f41b9b4dcf6c
SHA1 3992353745821a778b6e9e48bbe6b6c3d3c833a9
SHA256 62a3b1b2ce7d20529115ceae68ce90f9e98a4ca59accd22a4a7f459304db527e
SHA512 c63cf95414046b55b17174b752dcdc5c125a3a6ff68e1ed879d481f50e8270864cf6217d32a02158305680c36b9a17edb18e3d320c3a5224d289efaa3b3e8070

C:\Program Files\GGM 2.7\Update\X86\Skins\is-2K7CL.tmp

MD5 a96ae87ac04b21369b90030b0883d63f
SHA1 c85f408dbde04e4c4c159dba2a7da58a5b8afe13
SHA256 8d62a6f881cabc98535bca5274dbb9ee189f604ff1d9dd476a5df6a8e303e9e3
SHA512 d4a8e49ae8bea9b1ed704d0121d8813b3f3d4192b828e9242f91fa0084c104766934b5078a32c37f14b236e390f23c7581d6cb2b1c3bc6ebf4c579498ee8c5cd

C:\Program Files\GGM 2.7\Update\X86\Skins\is-BQUOL.tmp

MD5 91a28c1c0e3dbcac3d92c09148db81ff
SHA1 8c5f98eb4bc27e40936df92e460e16781f00415a
SHA256 f603491904caf64700afcd9c2ff1c50c57779ff1f8f7ce8e85fc2ffe4072211c
SHA512 e0834dc3a1385dfd089cf70b3927eb10cbc4260385db6fc0cc7ac5fdcda46fdeeff11dc495b5f3e457f7e6e24b55a88672dada173519d9dab40434c28277ebfc

C:\Program Files\GGM 2.7\Update\X86\Skins\is-Q151J.tmp

MD5 c7544958c3e034e23812ba6275cd88e3
SHA1 5135f8f40f401d94edcec11aa94bc18e6de7f5a8
SHA256 4c66c08386619c891b1c6260dc8d54ea96abc1a2447a7eb6c8d4929f391859f9
SHA512 d5436a8b2c3dfe69e3205715b3e2788681c3429ed5b2f11a44361dc3eeb9149cd82141437b1e0ac92bae43abf8a08d69aa55785e1098c6beb4a44245c735c29b

C:\Program Files\GGM 2.7\Update\X86\Skins\is-H03A7.tmp

MD5 7f19cf113c0932fe3d91f3d5413a75db
SHA1 dbf36682ab554f0e44b843106820007774a78f14
SHA256 290ccaeb6e504b69b8932e91e955be4ad485dda290a1b70327f75b05f620bcbb
SHA512 ed43fc4fb89fdf035415a6530751f19e13d7049bb9c31bf85ce16002a49714a34720a22c66c1e0263a8276d1624f02969aec2f199a0558feb95bf426679ed686

C:\Program Files\GGM 2.7\Update\X86\Skins\is-J57VT.tmp

MD5 cd00dc91a9d2b59beadb632c36ee1bb2
SHA1 649456fa9694ca8edeae01dcc08e04f5b5fdd210
SHA256 407e493724c7bed9a9e14f410c3755d5d092ffacd019750e8a09023991c9cd3e
SHA512 1f731496ec69cdf667efc320781f9ff6ae62698e29a0e436853e2317193eb35151998737599219b4521f6b9e57b5971ce460d9518bd1a5a78f84bc7435f52173

C:\Program Files\GGM 2.7\Update\X86\Skins\is-ER2J3.tmp

MD5 e670e83c063a30d66d5257cf9a8bc1ec
SHA1 f72c95ca688c934907282b564353d00b481e0272
SHA256 f61b5b0d1f3469a3568b90cf45e54211b44780abe7e93b81f9dfb5f7e0ddff35
SHA512 c7a284079fe30475f43d6cde49ecf0ca4263ab2e2e9c6b1ca925519e414b1b3da869cbc0d3a84d2f436ba829cf7bc3ed073488d5af521645a26ee4e34f52fbe2

C:\Program Files\GGM 2.7\Update\X86\Skins\is-U0LH3.tmp

MD5 9471ece800b94fa2cd3df3f5074d84d9
SHA1 b1063db731dd33e337bbe1c7fdce8a15436c3ccc
SHA256 c5561f490753b31e5f3971e8bdef49762f6d8c4ce406598166dc9c03839cf539
SHA512 00c03c6fa8c60fd6450916090c8ae254d2417d11176c8c62bf7c991d1d970adfd2b2a067bef75a89a68867aa919827d1b676e4344da10d4565d98fc5c00f8e4e

C:\Program Files\GGM 2.7\Update\X86\Skins\is-728JM.tmp

MD5 dfad1b303745085b261ccc84728e0b5d
SHA1 6f92488ce3311455a8bd75da15f88f680406e381
SHA256 2158267d3fe2503ef0bd2ecc47e5e73791b6a3153f0cadd0fefe305ebe7b7385
SHA512 dfea96d0f025f0aaef646dd8c56f3878ba71b438887b1da91ec2cb41e022d4d79cbecceb8f0d9331a5aef7c9e539cffc2ca98d23816839ec2a23bdd0b14f09b7

C:\Program Files\GGM 2.7\Update\X86\Skins\is-OC81S.tmp

MD5 04ca173e2663d4d21799e179212e7615
SHA1 b751c7f3b4bdcf3c76b70f9d4cf1de48c0f5473b
SHA256 05492bba64f8055a64fd4198d719028ed8422f9e871e5e227cc589a3c8e24c22
SHA512 72ccdaf8fd5bd4fcce566aac92ecf7e457c4b675f053c0b0dea8db5aeaba650f47443a353aa1fd4f0df5f3ad6399d1cd4463fca61721933975cefea19de9896e

C:\Program Files\GGM 2.7\Update\X86\Skins\is-OHDF2.tmp

MD5 9150d77e67d1f5a63480af7cbfecbfa9
SHA1 dbab788739e9f62591af174aacf9b943ed0cf4a2
SHA256 2233f17259be63ac68e9d593f34f0000865bd1ab84936330ece313a987c8b5b5
SHA512 fb53591e72c88d599cae22a6509adb00a7804a83a43e8ad23d31db235f78bb9edf4a43d72259a276a1e2238c2bbc70bd4a541764821f699824c5bb0bd13d623d

C:\Program Files\GGM 2.7\Update\X86\Skins\is-RPPG6.tmp

MD5 fc58ed5c5d2b4dcc25140025180b8ec8
SHA1 851643f5016c47ce7fde73b41967a56ac6dc4492
SHA256 f4306f08e07b58783558c18598d0bbf53eeb2ec75a59020ad300bf7fd3755eb9
SHA512 54200f1770f34be9936351ae08eb1ced650d28f3c10da6c5d2a70417ce9dc2f07f32ed9de1621f1e99ced226e895a2f7a11a9b6a2ac71dde95a158b5762ff71b

C:\Program Files\GGM 2.7\is-T71A9.tmp

MD5 07b271cc0d0aa1280238f7a7571e9546
SHA1 be5aa138e710b85d05150732d05766ef889cd6ea
SHA256 f0918e1369f9c6eb5904e341b4998943b9a203c74da014e4591e9a7f8580d2fe
SHA512 33301467b0afe93d86f3b421916ce3bcc5b2b181aae5140628939cfed181f7cb890cbf4c45787d553c0de6222576c47884e51208fec83df888d2f19ee06c3b49

C:\Program Files\GGM 2.7\is-J00AF.tmp

MD5 091a0c5c229d6249b0c93d28f79c84b3
SHA1 e3dd8ade178af2bbee1b111a50bbdae15a50e33e
SHA256 0f7d21ce187b567b485797a2cfdf15c862ccc52809bbc16ea723d8f05e3e2328
SHA512 cfbef13d6aac32182e54543d20866b7e1860098e6df242c23fd2a09218ea23e9d2c95da4f8943c945d7f7ec99738100e9c03f96b5ab8beee5b657170c7c11b92

\Program Files\GGM 2.7\GGM 2.7.exe

MD5 d8a15a5f03ea63e239c1671eb4ebc731
SHA1 8d995752d5173a8713fdee52b0bc1dcd70fc1e49
SHA256 48f62174984264098e4ef8f2c862c11a9cf737476b1e9176c37811948c412d4e
SHA512 f279728594d412c8cfcee150c7025e06e2bc7203918443886f210fada8c763aedf214078c39064c0ee6c436cb83f8525b86860bf6756c446bbcfcbc2cdfc9a2c

\Program Files (x86)\GGM 2.7\unins000.exe

MD5 b3c18168226c8ee8460ee800532c5bc0
SHA1 1b75b8533d6e470091a6e013447a0c6979c29ce5
SHA256 cb6ff132e3f4078482d58fc2f62907605ffe9e49d58dadcabb38266cd7a41257
SHA512 348490176d3ed0a26b69c265888eca70160f7845a5daeb0de5fcb3f692734f2b1134ee1b9b02cf0d60f684d36cac5cae718ddcd7ab15e9af63836533fc10df33

C:\Users\Admin\AppData\Local\Temp\is-H9PBG.tmp\_isetup\_setup64.tmp

MD5 e4211d6d009757c078a9fac7ff4f03d4
SHA1 019cd56ba687d39d12d4b13991c9a42ea6ba03da
SHA256 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95
SHA512 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

C:\Program Files\GGM 2.7\str3.ini

MD5 50bd10d2bc98d2a4d8b51704d6ce3235
SHA1 883f5685a29df5c2b99008015a7344636d4aac11
SHA256 984913c07cd16ec2a72058cc99b24ecc6d940bb63604696301b8378f0e60d7b1
SHA512 60a5754b4cd9e3d924ef22fe77a7fd36aa5b207bb5a2fd162d06aa9ba53a2725d6e73dc69c7ee911039614f9c21350f82f74bd73013a57cf88e95c05ccadd1ce

C:\Windows\system32\GmTaskPlan64.xml

MD5 25dcb5563d1d85e0d8f6b4e8c0a6e09a
SHA1 2c2f522eeb71c2fbd8d40e3e8a1103fa52391f78
SHA256 163b3e55ec809143e136a9be0a6bdf28ad3b9086bc963edef214447c2f54809b
SHA512 664cadb1fd66abc1707428028caaaf0b20f0cf0d3fed807d3924c8a6847edc06ffc40c754d49f1d1a85a6a4d05f388481f2ddf0a83ca78f1f6c653a246964fc4

C:\Program Files\GGM 2.7\Skins\Std\main.png

MD5 986d20a122893e61d370990612af696b
SHA1 04432b91735f3b28c0725f6153dec6daf832659b
SHA256 9ded6313fbb6a88bca57540ec1a82ffd88fd3ca17920417d6e07e536ea2a0577
SHA512 99fa8f0126e47100de98690e5ac68c0a83144156a7a5f32c22bb6cd53349e0eb7e0b6851c22d67b5d48917f534ab7d5c9d2b1750c05931f15373381ba981ee11

memory/2864-857-0x0000000000400000-0x0000000000530000-memory.dmp

memory/2040-858-0x0000000000400000-0x000000000042B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-25 09:50

Reported

2024-08-25 09:53

Platform

win10v2004-20240802-en

Max time kernel

141s

Max time network

133s

Command Line

"C:\Users\Admin\AppData\Local\Temp\GGM 2.7-20161025.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-2779V.tmp\GGM 2.7-20161025.tmp N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\GGM 2.7-20161025.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-2779V.tmp\GGM 2.7-20161025.tmp N/A

Processes

C:\Users\Admin\AppData\Local\Temp\GGM 2.7-20161025.exe

"C:\Users\Admin\AppData\Local\Temp\GGM 2.7-20161025.exe"

C:\Users\Admin\AppData\Local\Temp\is-2779V.tmp\GGM 2.7-20161025.tmp

"C:\Users\Admin\AppData\Local\Temp\is-2779V.tmp\GGM 2.7-20161025.tmp" /SL5="$6028C,3835740,134144,C:\Users\Admin\AppData\Local\Temp\GGM 2.7-20161025.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1284,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=3884 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 122.10.44.20.in-addr.arpa udp

Files

memory/3196-2-0x0000000000401000-0x0000000000412000-memory.dmp

memory/3196-0-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-2779V.tmp\GGM 2.7-20161025.tmp

MD5 6c80b708448f522beb25e70d98c6c2ed
SHA1 4395c9fe22e72d72a50d9b0980a3ce93281b4ab4
SHA256 c3c6bf576ee5f1bb7db3ffc5b4f0b3a5490783f823f6ebf1131c4d2cd6516e1c
SHA512 e7911d085b8a55018d068c35767226c8b450c77c6787ab55ecbf7e8ecbb806913cbeb09fbd27abe8ff1ec81ff40201e20509348da82a85d734ca6a9cf5e5dbfb

memory/2296-6-0x0000000000400000-0x0000000000530000-memory.dmp

memory/3196-8-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2296-10-0x0000000000400000-0x0000000000530000-memory.dmp