Analysis Overview
SHA256
2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1
Threat Level: Shows suspicious behavior
The file 2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1N was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Drops file in System32 directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 21:04
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 21:04
Reported
2024-11-09 21:06
Platform
win7-20241010-en
Max time kernel
13s
Max time network
19s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1N.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1N.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\GLBSINST.%$D | C:\Users\Admin\AppData\Local\Temp\2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1N.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1N.exe
"C:\Users\Admin\AppData\Local\Temp\2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1N.exe"
Network
Files
\Users\Admin\AppData\Local\Temp\GLCFC3A.tmp
| MD5 | f3b9bfed127ffc97f63cd8c7ce8bc1a9 |
| SHA1 | 468425842e3a29a4de6adb03652f02fdafd9fc82 |
| SHA256 | 9acc324586a37cfa6f862439cfea45acd1378b4880b831cf5cca71389e0c5582 |
| SHA512 | 671828ffce8660e3326f63f4e6a80941bbacfaa13ded2d58e6ffeacf9501ee66683b70fa4a100bfe7d24aea6fee8c3eda0e9a6c5ecdd792f6febb1981be030ff |
\Users\Admin\AppData\Local\Temp\GLKFC69.tmp
| MD5 | 03a537a2be784dbb334a559347587a8d |
| SHA1 | 2bc6ac78a7928468584b38c49fc8191cdf7cd7b8 |
| SHA256 | 791cbaf92b019d23967483cf97ae1b261754ba1d18ada81d01c50f4dc1e97ac5 |
| SHA512 | 527eb7bd1ba88dd5c59c65e65a4485cf5524c64c011afad17c81faacab9b9aed32fc25da8fb54582ff828f788e43303b846fb236a3b97f8c29a977b23c154037 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 21:04
Reported
2024-11-09 21:06
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
96s
Command Line
Signatures
Loads dropped DLL
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\GLBSINST.%$D | C:\Users\Admin\AppData\Local\Temp\2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1N.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1N.exe
"C:\Users\Admin\AppData\Local\Temp\2ef8cbfe593b292b8932d5906398a8d6f7d15f53562eb12349d411991d3c33f1N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\GLC9E43.tmp
| MD5 | f3b9bfed127ffc97f63cd8c7ce8bc1a9 |
| SHA1 | 468425842e3a29a4de6adb03652f02fdafd9fc82 |
| SHA256 | 9acc324586a37cfa6f862439cfea45acd1378b4880b831cf5cca71389e0c5582 |
| SHA512 | 671828ffce8660e3326f63f4e6a80941bbacfaa13ded2d58e6ffeacf9501ee66683b70fa4a100bfe7d24aea6fee8c3eda0e9a6c5ecdd792f6febb1981be030ff |
C:\Users\Admin\AppData\Local\Temp\GLK9E73.tmp
| MD5 | 03a537a2be784dbb334a559347587a8d |
| SHA1 | 2bc6ac78a7928468584b38c49fc8191cdf7cd7b8 |
| SHA256 | 791cbaf92b019d23967483cf97ae1b261754ba1d18ada81d01c50f4dc1e97ac5 |
| SHA512 | 527eb7bd1ba88dd5c59c65e65a4485cf5524c64c011afad17c81faacab9b9aed32fc25da8fb54582ff828f788e43303b846fb236a3b97f8c29a977b23c154037 |