Malware Analysis Report

2025-06-15 22:17

Sample ID 241109-ygmqys1bqn
Target 11192dcad45ed65a8a8368f3b1dff5a37d09ab3a0f01e14aa320ef653b1c50c4
SHA256 11192dcad45ed65a8a8368f3b1dff5a37d09ab3a0f01e14aa320ef653b1c50c4
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

11192dcad45ed65a8a8368f3b1dff5a37d09ab3a0f01e14aa320ef653b1c50c4

Threat Level: Shows suspicious behavior

The file 11192dcad45ed65a8a8368f3b1dff5a37d09ab3a0f01e14aa320ef653b1c50c4 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Loads dropped DLL

Drops file in System32 directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 19:45

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 19:45

Reported

2024-11-09 19:48

Platform

win7-20240903-en

Max time kernel

121s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\11192dcad45ed65a8a8368f3b1dff5a37d09ab3a0f01e14aa320ef653b1c50c4.exe"

Signatures

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\GLBSINST.%$D C:\Users\Admin\AppData\Local\Temp\11192dcad45ed65a8a8368f3b1dff5a37d09ab3a0f01e14aa320ef653b1c50c4.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\11192dcad45ed65a8a8368f3b1dff5a37d09ab3a0f01e14aa320ef653b1c50c4.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\11192dcad45ed65a8a8368f3b1dff5a37d09ab3a0f01e14aa320ef653b1c50c4.exe

"C:\Users\Admin\AppData\Local\Temp\11192dcad45ed65a8a8368f3b1dff5a37d09ab3a0f01e14aa320ef653b1c50c4.exe"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\GLC84C9.tmp

MD5 8c97d8bb1470c6498e47b12c5a03ce39
SHA1 15d233b22f1c3d756dca29bcc0021e6fb0b8cdf7
SHA256 a87f19f9fee475d2b2e82acfb4589be6d816b613064cd06826e1d4c147beb50a
SHA512 7ad0b2b0319da52152c2595ee45045d0c06b157cdaaa56ad57dde9736be3e45fd7357949126f80d3e72b21510f9bf69d010d51b3967a7644662808beed067c3f

\Users\Admin\AppData\Local\Temp\GLK84DA.tmp

MD5 517419cae37f6c78c80f9b7d0fbb8661
SHA1 a9e419f3d9ef589522556e0920c84fe37a548873
SHA256 bfe7e013cfb85e78b994d3ad34eca08286494a835cb85f1d7bced3df6fe93a11
SHA512 5046565443cf463b6fa4d2d5868879efc6a9db969bf05e3c80725b99bd091ce062cfe66c5551eb1cc5f00a38f2cfcda1f36fb4d60d9ff816c4ec3107b5a0df40

\Users\Admin\AppData\Local\Temp\GLF88E3.tmp

MD5 3b2e23d259394c701050486e642d14fa
SHA1 4e9661c4ba84400146b80b905f46a0f7ef4d62eb
SHA256 166d7156142f3ee09fa69eb617dd22e4fd248aa80a1ac08767db6ad99a2705c1
SHA512 2b792296dffa4e43bc85295dc7691bd29762ce5d9d5eafaa74e199e6a8e5b24aa85d0a1b27776d4719a49b0d29abcf6f240746a209528e608b596b560e5a3b88

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 19:45

Reported

2024-11-09 19:48

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\11192dcad45ed65a8a8368f3b1dff5a37d09ab3a0f01e14aa320ef653b1c50c4.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\11192dcad45ed65a8a8368f3b1dff5a37d09ab3a0f01e14aa320ef653b1c50c4.exe

"C:\Users\Admin\AppData\Local\Temp\11192dcad45ed65a8a8368f3b1dff5a37d09ab3a0f01e14aa320ef653b1c50c4.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 74.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\GLC81D2.tmp

MD5 8c97d8bb1470c6498e47b12c5a03ce39
SHA1 15d233b22f1c3d756dca29bcc0021e6fb0b8cdf7
SHA256 a87f19f9fee475d2b2e82acfb4589be6d816b613064cd06826e1d4c147beb50a
SHA512 7ad0b2b0319da52152c2595ee45045d0c06b157cdaaa56ad57dde9736be3e45fd7357949126f80d3e72b21510f9bf69d010d51b3967a7644662808beed067c3f

C:\Users\Admin\AppData\Local\Temp\GLK8202.tmp

MD5 517419cae37f6c78c80f9b7d0fbb8661
SHA1 a9e419f3d9ef589522556e0920c84fe37a548873
SHA256 bfe7e013cfb85e78b994d3ad34eca08286494a835cb85f1d7bced3df6fe93a11
SHA512 5046565443cf463b6fa4d2d5868879efc6a9db969bf05e3c80725b99bd091ce062cfe66c5551eb1cc5f00a38f2cfcda1f36fb4d60d9ff816c4ec3107b5a0df40

C:\Users\Admin\AppData\Local\Temp\GLF85FD.tmp

MD5 3b2e23d259394c701050486e642d14fa
SHA1 4e9661c4ba84400146b80b905f46a0f7ef4d62eb
SHA256 166d7156142f3ee09fa69eb617dd22e4fd248aa80a1ac08767db6ad99a2705c1
SHA512 2b792296dffa4e43bc85295dc7691bd29762ce5d9d5eafaa74e199e6a8e5b24aa85d0a1b27776d4719a49b0d29abcf6f240746a209528e608b596b560e5a3b88