Malware Analysis Report

2024-10-18 22:59

Sample ID 241014-g71xtswakk
Target 2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter
SHA256 58f6b5a6fca911a751d3a30e796de0ea9612fca461404aa5eea6622be08a1aab
Tags
globeimposter defense_evasion discovery persistence ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

58f6b5a6fca911a751d3a30e796de0ea9612fca461404aa5eea6622be08a1aab

Threat Level: Known bad

The file 2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter was found to be: Known bad.

Malicious Activity Summary

globeimposter defense_evasion discovery persistence ransomware spyware stealer

GlobeImposter

Renames multiple (7323) files with added filename extension

Renames multiple (6107) files with added filename extension

Checks computer location settings

Deletes itself

Reads user/profile data of web browsers

Adds Run key to start application

Indicator Removal: File Deletion

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-14 06:27

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-14 06:27

Reported

2024-10-14 06:30

Platform

win7-20240729-en

Max time kernel

44s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe"

Signatures

GlobeImposter

ransomware globeimposter

Renames multiple (7323) files with added filename extension

ransomware

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\BrowserUpdateCheck = "C:\\Users\\Admin\\AppData\\Local\\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A

Indicator Removal: File Deletion

defense_evasion

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01300_.GIF C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14677_.GIF C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0106146.WMF C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0199307.WMF C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Composite.xml C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0196060.WMF C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD00449_.WMF C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN04235_.WMF C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0185806.WMF C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18230_.WMF C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Waveform.thmx C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Verve.eftx C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Document.gif C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18207_.WMF C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PSSKETSM.WMF C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0297707.WMF C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0238959.WMF C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Windows Journal\ja-JP\Journal.exe.mui C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\how_to_back_files.html C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\POWERPNT.DEV_F_COL.HXK C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107526.WMF C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0150861.WMF C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\QUERIES\MSN MoneyCentral Investor Major Indicies.iqy C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL058.XML C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0300912.WMF C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0297229.WMF C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\OriginLetter.Dotx C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactHigh.jpg C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\fontconfig.properties.src C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Equity.thmx C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105496.WMF C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\MLA.XSL C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Flash.mpp C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\GlobeButtonImage.jpg C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.RSD C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00238_.WMF C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14514_.GIF C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0198712.WMF C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14513_.GIF C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0384895.JPG C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\mset7es.kic C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana.css C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.SE.XML C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH01242_.WMF C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInTray.gif C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe > nul

Network

N/A

Files

memory/2300-0-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Users\Public\Music\Sample Music\how_to_back_files.html

MD5 1098f06dd133c2ad73c3901fa24821b7
SHA1 9c46486d67c42c93e3e2f2d4cdd8bb9c560ddd31
SHA256 6fc24870424ebbcd40e7874c98571e10ae72f25a0c1da5218f71205b194a0ad5
SHA512 4f236d26bbc898d417e72a69d5a7d86ad4a197cfcd79a8cfa9336e06a7292d3ae4a00aa1241657d8571a947e36dd3ecef4aaea41154c9eb15af7cf05a7f5270b

memory/2300-2266-0x0000000000400000-0x000000000040E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-14 06:27

Reported

2024-10-14 06:30

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe"

Signatures

GlobeImposter

ransomware globeimposter

Renames multiple (6107) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\BrowserUpdateCheck = "C:\\Users\\Admin\\AppData\\Local\\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A

Indicator Removal: File Deletion

defense_evasion

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\how_to_back_files.html C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-20.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Store.Purchase\Resources\DefaultResourceDictionary.xaml C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-30_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\it-it\how_to_back_files.html C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-16_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-60.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\LargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyShare.scale-200.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarLargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\osf\dropdownarrow_16x16x32.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\dd_arrow_small2x.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-256_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageSplashScreen.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\[email protected] C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyView-Dark.scale-150.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\RedAndBlackLetter.dotx C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-il\how_to_back_files.html C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\da-dk\how_to_back_files.html C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\BadgeLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Microsoft.Xbox.SmartGlass.Controls\MsaAuthenticatorView.xaml C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Resources\RetailDemo\data\en-us\3.jpg C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookSmallTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ms.txt C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeMediumTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Date.targetsize-24_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.1813.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\share_icons2x.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files-select\js\plugin.js C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-white\WideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-unplated_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\how_to_back_files.html C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-72.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-32.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART9.BDR C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\management\management.properties C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyView.scale-100.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\msapp-error.css C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\icons.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\selector.js C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-48_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sk-sk\ui-strings.js C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\OrientationControlMiddleCircleHover.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailSmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60_contrast-high.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailBadge.scale-400.png C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\2024-10-14_71213eb9e5f168f41b83a7e603f6681d_globeimposter.exe > nul

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.16.208.104.in-addr.arpa udp

Files

memory/1828-0-0x0000000000400000-0x000000000040E000-memory.dmp

C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\how_to_back_files.html

MD5 e1d2ebfc66b903adb6ef33218d015e7f
SHA1 137f2d2a6fbef19e71798e6bbe0c7f96d935427f
SHA256 87e82c697b7fb7d9bd185101c173066ab0ee5967b6d272944db320ae32794cbb
SHA512 e8d8bf1a7a5ca09b76ed9761fdd664faa9b29724190988ad73bdf5ef02c41ac0eae92b20bca5f5682953694633d50b2c5eb2083604a59a318141af0a0b3c5ca1

memory/1828-2389-0x0000000000400000-0x000000000040E000-memory.dmp