globeimposter | f43e246f70fca07d2c3ea432e12c549ed94cd750ee407a27cd34dffa47aec8b1

Analysis

max time kernel
151s
max time network
127s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 08:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
Size

53KB
MD5

3accf293ba124515006a6772cb88566f
SHA1

313f083bd613e8a017e5c2471edacdae7f758752
SHA256

f43e246f70fca07d2c3ea432e12c549ed94cd750ee407a27cd34dffa47aec8b1
SHA512

7270a58555ecb0a27e5385e7a0dce39f1ff315d45e90c7bbe9219fec09c8b211fa5f68b7591e016a7940af1b9861ba159c6b86cbd80031a1ad70eb43449a5dfd
SSDEEP

768:+5Lvuye1kVtGBk6P/v7nWlHznbkVwrEKD9yDwxVSHrowNI2tG6o/t84B5IQhH:CeytM3alnawrRIwxVSHMweio3yQ1

Score

10^/10

globeimposter persistence ransomware spyware stealer

Malware Config

Signatures

GlobeImposter
GlobeImposter is a ransomware first seen in 2017.
ransomware globeimposter
Globeimposter family
globeimposter
Renames multiple (5359) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\BrowserUpdateCheck = "C:\\Users\\Admin\\AppData\\Local\\2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe"	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe

Drops desktop.ini file(s) 30 IoCs

description	ioc	Process
File opened for modification	C:\Users\Public\Videos\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Public\Recorded TV\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Public\Music\Sample Music\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Admin\Favorites\Links for United States\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Public\Pictures\Sample Pictures\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Public\Videos\Sample Videos\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Public\Recorded TV\Sample Media\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Public\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\mscss7cm_fr.dub	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\messageboxinfo.ico	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02058U.BMP	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DOTS.POC	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\HEADINGBB.DPV	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PROOF\MSGR3FR.LEX	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\how_to_back_files.html	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\1033\how_to_back_files.html	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Sort\TITLE.XSL	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Slate\how_to_back_files.html	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14831_.GIF	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIconImages.jpg	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0153398.WMF	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OFFXML.DLL	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\ONLINE.ICO	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\MSACCESS_COL.HXT	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15136_.GIF	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0292020.WMF	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PARNT_04.MID	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.IT.XML	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\1033\TRANSMRR.DLL	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\CollectSignatures_Init.xsn	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\WZCNFLCT.CHM	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR34B.GIF	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099203.GIF	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0196354.WMF	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341551.JPG	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePageBlank.gif	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME01.CSS	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15022_.GIF	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21314_.GIF	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BL00526_.WMF	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0152890.WMF	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0212299.WMF	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HM00114_.WMF	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\GREETING.XML	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\STORYVERTBB.DPV	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_left_over.gif	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsHomePage.html	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\WebToolImagesMask16x16.bmp	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\MSTORE_COL.HXC	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15020_.GIF	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_te.dll	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\ONBttnOL.dll	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\OOFL.ICO	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN04332_.WMF	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107152.WMF	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0152716.WMF	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME33.CSS	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\TAB_OFF.GIF	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0332268.WMF	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE05869_.WMF	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\GIFT98.POC	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\PicturesToolIconImagesMask.bmp	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR40F.GIF	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Earthy.css	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18204_.WMF	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107042.WMF	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099168.JPG	2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe

C:\Users\Admin\AppData\Local\Temp\2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_3accf293ba124515006a6772cb88566f_globeimposter.exe"
1⤵
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Public\Videos\how_to_back_files.html

Filesize
4KB

MD5
8363566b6fb6b36096cf592816a66a3d

SHA1
1ed63887346da22eadd7095f068e3381b9cb79b4

SHA256
0d5783e7c0a46a8b73aa25148c09b3e863c1fcbbb4f0008a641571d76672b63c

SHA512
777bc73d292bebafa9f2c90fbc6f9c7e104c31fe5ac2558fdb442514bfa9f87e146a0d96489abbce6c87df90c58bb1f91135bc2ae07816600c35da9c453f3871

Download Submit
memory/2204-0-0x0000000000400000-0x000000000040E200-memory.dmp

Filesize
56KB

Download
memory/2204-160-0x0000000000400000-0x000000000040E200-memory.dmp

Filesize
56KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads