Analysis Overview
SHA256
11192dcad45ed65a8a8368f3b1dff5a37d09ab3a0f01e14aa320ef653b1c50c4
Threat Level: Shows suspicious behavior
The file 11192dcad45ed65a8a8368f3b1dff5a37d09ab3a0f01e14aa320ef653b1c50c4 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Drops file in System32 directory
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 19:45
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 19:45
Reported
2024-11-09 19:48
Platform
win7-20240903-en
Max time kernel
121s
Max time network
121s
Command Line
Signatures
Loads dropped DLL
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\GLBSINST.%$D | C:\Users\Admin\AppData\Local\Temp\11192dcad45ed65a8a8368f3b1dff5a37d09ab3a0f01e14aa320ef653b1c50c4.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\11192dcad45ed65a8a8368f3b1dff5a37d09ab3a0f01e14aa320ef653b1c50c4.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\11192dcad45ed65a8a8368f3b1dff5a37d09ab3a0f01e14aa320ef653b1c50c4.exe
"C:\Users\Admin\AppData\Local\Temp\11192dcad45ed65a8a8368f3b1dff5a37d09ab3a0f01e14aa320ef653b1c50c4.exe"
Network
Files
\Users\Admin\AppData\Local\Temp\GLC84C9.tmp
| MD5 | 8c97d8bb1470c6498e47b12c5a03ce39 |
| SHA1 | 15d233b22f1c3d756dca29bcc0021e6fb0b8cdf7 |
| SHA256 | a87f19f9fee475d2b2e82acfb4589be6d816b613064cd06826e1d4c147beb50a |
| SHA512 | 7ad0b2b0319da52152c2595ee45045d0c06b157cdaaa56ad57dde9736be3e45fd7357949126f80d3e72b21510f9bf69d010d51b3967a7644662808beed067c3f |
\Users\Admin\AppData\Local\Temp\GLK84DA.tmp
| MD5 | 517419cae37f6c78c80f9b7d0fbb8661 |
| SHA1 | a9e419f3d9ef589522556e0920c84fe37a548873 |
| SHA256 | bfe7e013cfb85e78b994d3ad34eca08286494a835cb85f1d7bced3df6fe93a11 |
| SHA512 | 5046565443cf463b6fa4d2d5868879efc6a9db969bf05e3c80725b99bd091ce062cfe66c5551eb1cc5f00a38f2cfcda1f36fb4d60d9ff816c4ec3107b5a0df40 |
\Users\Admin\AppData\Local\Temp\GLF88E3.tmp
| MD5 | 3b2e23d259394c701050486e642d14fa |
| SHA1 | 4e9661c4ba84400146b80b905f46a0f7ef4d62eb |
| SHA256 | 166d7156142f3ee09fa69eb617dd22e4fd248aa80a1ac08767db6ad99a2705c1 |
| SHA512 | 2b792296dffa4e43bc85295dc7691bd29762ce5d9d5eafaa74e199e6a8e5b24aa85d0a1b27776d4719a49b0d29abcf6f240746a209528e608b596b560e5a3b88 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 19:45
Reported
2024-11-09 19:48
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Loads dropped DLL
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\GLBSINST.%$D | C:\Users\Admin\AppData\Local\Temp\11192dcad45ed65a8a8368f3b1dff5a37d09ab3a0f01e14aa320ef653b1c50c4.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\11192dcad45ed65a8a8368f3b1dff5a37d09ab3a0f01e14aa320ef653b1c50c4.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\11192dcad45ed65a8a8368f3b1dff5a37d09ab3a0f01e14aa320ef653b1c50c4.exe
"C:\Users\Admin\AppData\Local\Temp\11192dcad45ed65a8a8368f3b1dff5a37d09ab3a0f01e14aa320ef653b1c50c4.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\GLC81D2.tmp
| MD5 | 8c97d8bb1470c6498e47b12c5a03ce39 |
| SHA1 | 15d233b22f1c3d756dca29bcc0021e6fb0b8cdf7 |
| SHA256 | a87f19f9fee475d2b2e82acfb4589be6d816b613064cd06826e1d4c147beb50a |
| SHA512 | 7ad0b2b0319da52152c2595ee45045d0c06b157cdaaa56ad57dde9736be3e45fd7357949126f80d3e72b21510f9bf69d010d51b3967a7644662808beed067c3f |
C:\Users\Admin\AppData\Local\Temp\GLK8202.tmp
| MD5 | 517419cae37f6c78c80f9b7d0fbb8661 |
| SHA1 | a9e419f3d9ef589522556e0920c84fe37a548873 |
| SHA256 | bfe7e013cfb85e78b994d3ad34eca08286494a835cb85f1d7bced3df6fe93a11 |
| SHA512 | 5046565443cf463b6fa4d2d5868879efc6a9db969bf05e3c80725b99bd091ce062cfe66c5551eb1cc5f00a38f2cfcda1f36fb4d60d9ff816c4ec3107b5a0df40 |
C:\Users\Admin\AppData\Local\Temp\GLF85FD.tmp
| MD5 | 3b2e23d259394c701050486e642d14fa |
| SHA1 | 4e9661c4ba84400146b80b905f46a0f7ef4d62eb |
| SHA256 | 166d7156142f3ee09fa69eb617dd22e4fd248aa80a1ac08767db6ad99a2705c1 |
| SHA512 | 2b792296dffa4e43bc85295dc7691bd29762ce5d9d5eafaa74e199e6a8e5b24aa85d0a1b27776d4719a49b0d29abcf6f240746a209528e608b596b560e5a3b88 |