Malware Analysis Report

2025-05-28 18:10

Sample ID 241109-zwwg3ssdmq
Target 2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1N
SHA256 2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1

Threat Level: Shows suspicious behavior

The file 2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1N was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Loads dropped DLL

Drops file in System32 directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 21:04

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 21:04

Reported

2024-11-09 21:06

Platform

win7-20241010-en

Max time kernel

13s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1N.exe"

Signatures

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\GLBSINST.%$D C:\Users\Admin\AppData\Local\Temp\2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1N.exe

"C:\Users\Admin\AppData\Local\Temp\2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1N.exe"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\GLCFC3A.tmp

MD5 f3b9bfed127ffc97f63cd8c7ce8bc1a9
SHA1 468425842e3a29a4de6adb03652f02fdafd9fc82
SHA256 9acc324586a37cfa6f862439cfea45acd1378b4880b831cf5cca71389e0c5582
SHA512 671828ffce8660e3326f63f4e6a80941bbacfaa13ded2d58e6ffeacf9501ee66683b70fa4a100bfe7d24aea6fee8c3eda0e9a6c5ecdd792f6febb1981be030ff

\Users\Admin\AppData\Local\Temp\GLKFC69.tmp

MD5 03a537a2be784dbb334a559347587a8d
SHA1 2bc6ac78a7928468584b38c49fc8191cdf7cd7b8
SHA256 791cbaf92b019d23967483cf97ae1b261754ba1d18ada81d01c50f4dc1e97ac5
SHA512 527eb7bd1ba88dd5c59c65e65a4485cf5524c64c011afad17c81faacab9b9aed32fc25da8fb54582ff828f788e43303b846fb236a3b97f8c29a977b23c154037

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 21:04

Reported

2024-11-09 21:06

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1N.exe"

Signatures

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\GLBSINST.%$D C:\Users\Admin\AppData\Local\Temp\2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1N.exe

"C:\Users\Admin\AppData\Local\Temp\2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 106.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\GLC9E43.tmp

MD5 f3b9bfed127ffc97f63cd8c7ce8bc1a9
SHA1 468425842e3a29a4de6adb03652f02fdafd9fc82
SHA256 9acc324586a37cfa6f862439cfea45acd1378b4880b831cf5cca71389e0c5582
SHA512 671828ffce8660e3326f63f4e6a80941bbacfaa13ded2d58e6ffeacf9501ee66683b70fa4a100bfe7d24aea6fee8c3eda0e9a6c5ecdd792f6febb1981be030ff

C:\Users\Admin\AppData\Local\Temp\GLK9E73.tmp

MD5 03a537a2be784dbb334a559347587a8d
SHA1 2bc6ac78a7928468584b38c49fc8191cdf7cd7b8
SHA256 791cbaf92b019d23967483cf97ae1b261754ba1d18ada81d01c50f4dc1e97ac5
SHA512 527eb7bd1ba88dd5c59c65e65a4485cf5524c64c011afad17c81faacab9b9aed32fc25da8fb54582ff828f788e43303b846fb236a3b97f8c29a977b23c154037