globeimposter | b8f9df31f5f358069fd8c9c2288384e5fedc6db93b52f54c8f96e7dd48c22346

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
28/01/2025, 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
Size

53KB
MD5

37b9d85115a8883aef54efdb2d1b9feb
SHA1

b10523a4db8a65364fac0e96784337fc77a4c74c
SHA256

b8f9df31f5f358069fd8c9c2288384e5fedc6db93b52f54c8f96e7dd48c22346
SHA512

2751f037a2ff3bd0ab85941e4ce83cd79aab925df04c291451647a5f09461d20cc42bb1d3dd922109b83b056dc3fb7079648f4e018d73d256d7d5184149e4310
SSDEEP

1536:WGSPKs+Na3IGeKJolntwr7DSTWvTwhQ8YiodI:zSPKs+Na3IrKJolntGDT5XtdI

Score

10^/10

globeimposter persistence ransomware spyware stealer

Malware Config

Extracted

Path

C:\Users\Public\Videos\how_to_back_files.html

Ransom Note

<html> <head> <meta charset="utf-8"> <style type="text/css"> body { font: 15px Tahoma, sans-serif; margin: 10px; line-height: 25px; background-color: #C1AB8F; } .bold { font-weight: bold; } .xx { border: 1px dashed #000; background: #E3D5F1; } .mark { background: #D0D0E8; padding: 2px 5px; } .header { font-size: 30px; height: 50px; line-height: 50px; font-weight: bold; border-bottom: 10px solid #D0D0E8; } .info { background: #D0D0E8; border-left: 10px solid #00008B; } .alert { background: #FFE4E4; border-left: 10px solid #FF0000; } .private { border: 1px dashed #000; background: #FFFFEF; } .note { height: auto; padding-bottom: 1px; margin: 15px 0; } .note .title { font-weight: bold; text-indent: 10px; height: 30px; line-height: 30px; padding-top: 10px; } .note .mark { background: #A2A2B5; } .note ul { margin-top: 0; } .note pre { margin-left: 15px; line-height: 13px; font-size: 13px; } </style> </head> <body> <div class="header">Attention! All your files are encrypted.</div> <div class="note alert"> <ul><li>Your documents, photos, databases and other important files have been encrypted cryptographically strong, without the original key recovery is impossible! To decrypt your files you need to buy the special software - "YASUDA DECRYPTOR" Using another tools could corrupt your files, in case of using third party software we dont give guarantees that full recovery is possible so use it on your own risk.</li> <li>If you want to restore files, write us to the e-mail: [email protected] In subject line write "encryption" and attach your personal ID in body of your message also attach to email 3 crypted files. (files have to be less than 10 MB)</li> <li>It is in your interest to respond as soon as possible to ensure the recovery of your files, because we will not store your decryption keys on our server for a long time.</li> </ul> </div> <div class="note private"> <div class="title">Your personal ID</div> <pre>��1C 8E 64 D4 38 83 42 35 83 6B 2D B4 2E 07 6F 65 63 94 9D 7B 79 BE 9A CC 3C 75 1A D6 66 15 29 0B F0 23 70 77 5B 02 55 E5 0C CF 6B 89 B3 E8 F2 1C F5 F3 D6 F6 82 73 68 AD 61 83 BA D8 EF 82 19 D1 EF BB 63 FC 58 6B F0 62 ED 5B FE 91 AC 63 B0 87 C7 66 C0 3A B8 3D 2F 54 B2 9C D6 7C E7 AE E1 53 54 4F 91 31 B4 26 74 DF 24 B3 6B 97 69 50 D8 9A 56 55 A8 16 B9 3C 4E 11 B8 F8 38 38 BA CD 40 A9 43 EE 8C DB 7B 99 D9 D4 AD E5 F7 01 56 78 B5 30 18 24 54 31 8E A5 25 2C 13 6A D7 A6 32 E2 31 7A 31 CA E5 42 16 3A 96 A0 09 C4 54 77 A0 68 E4 58 E0 0A 46 B9 29 41 7B 99 72 9E CE AA 00 68 EF A4 0B CF 9A 86 DC EC 21 F9 D9 9C 92 2A A0 AD 2B 9F 94 17 32 6B B3 42 03 0E 3E F8 4F 31 B2 C9 76 8E 94 75 2D 31 2A 03 2A B6 FB E3 0B AA A0 99 EA C2 31 46 D8 81 A2 E0 AA 92 CF 5B 97 04 10 57 06 EE </pre> </div> </body> </html>��

Emails

[email protected]

Signatures

GlobeImposter
GlobeImposter is a ransomware first seen in 2017.
ransomware globeimposter
Globeimposter family
globeimposter
Renames multiple (7497) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\BrowserUpdateCheck = "C:\\Users\\Admin\\AppData\\Local\\2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe"	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe

Drops desktop.ini file(s) 37 IoCs

description	ioc	Process
File opened for modification	C:\Users\Public\Music\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Public\Music\Sample Music\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Public\Pictures\Sample Pictures\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Public\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Public\Videos\Sample Videos\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Admin\Favorites\Links for United States\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Public\Recorded TV\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Public\Recorded TV\Sample Media\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\how_to_back_files.html	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SHOW_01.MID	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382950.JPG	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18215_.WMF	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Esl\how_to_back_files.html	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\1033\MAPISHELLR.DLL	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0205462.WMF	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00466_.WMF	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HTECH_01.MID	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00641_.WMF	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libudp_plugin.dll	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\fr-FR\Mahjong.exe.mui	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\1033\JUNGLE.HTM	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10263_.GIF	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0296277.WMF	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\REPORTL.ICO	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0187859.WMF	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\CHECKBOX.JPG	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\JNGLE_01.MID	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\how_to_back_files.html	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105410.WMF	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01238_.GIF	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21303_.GIF	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0234266.WMF	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_zh_CN.jar	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\SEQCHK10.DLL	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME22.CSS	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR8F.GIF	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\ED00019_.WMF	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WING1.WMF	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_output\libvdummy_plugin.dll	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD00256_.WMF	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0151047.WMF	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382927.JPG	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\VIEW.ICO	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Origin.eftx	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0090087.WMF	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEMANAGED.DLL	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\RPT2HTM4.XSL	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\how_to_back_files.html	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL075.XML	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18246_.WMF	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD00414_.WMF	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ICELAND.TXT	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\how_to_back_files.html	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\EXCEL_K_COL.HXK	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR49F.GIF	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0199549.WMF	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\EssentialLetter.dotx	2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe

C:\Users\Admin\AppData\Local\Temp\2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-28_37b9d85115a8883aef54efdb2d1b9feb_globeimposter.exe"
1⤵
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Public\Videos\how_to_back_files.html

Filesize
3KB

MD5
de7dba2fcf2ce2bbfb522b741f494704

SHA1
3c013f75634c779be2e1e0fbb6fc0ffda3a3a484

SHA256
eaabf0e31f08d867a5f621ee13b196af77e2d6d83679bc7ab954a2116006eb67

SHA512
d65a9a01566084a81ea89e93c96341854c2089dcfab8d3971a074182a1f07d9227440ed1ad22e7827729bf1823ebdbcde6a3145ee563a20b6dcce5bb57ddb746

Download Submit
memory/1716-0-0x0000000000400000-0x000000000040E400-memory.dmp

Filesize
57KB

Download
memory/1716-662-0x0000000000400000-0x000000000040E400-memory.dmp

Filesize
57KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads