Overview

overview

10

Static

static

Finanskoncerner8.exe

windows7_x64

10

Finanskoncerner8.exe

windows10_x64

10

KOPEKER.exe

windows7_x64

10

KOPEKER.exe

windows10_x64

10

PARAHEMATIN.exe

windows7_x64

10

PARAHEMATIN.exe

windows10_x64

10

Unparticularizeds.exe

windows7_x64

10

Unparticularizeds.exe

windows10_x64

10

Analysis

  • max time kernel
    73s
  • max time network
    10s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    16-04-2021 14:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Finanskoncerner8.exe

  • Size

    116KB

  • MD5

    bfdd11a5b22a9e083bc64519919a43f7

  • SHA1

    e9952fcb7e505efbccab621a139bfceb832f4ccc

  • SHA256

    e8c3e5c0af5316b99c5912ffdb8495c82a9c143a19f977dc6cb12f66e73ba8d5

  • SHA512

    bf10cb4881aff185023e1e197b2b98b3063a4742cade04953b2155b9a6c9e6bd47d46a95a0cf859f60c854c95d3db4760a7b69622a132fc9d63dc6a40ee0f4d2

Score
10/10
guloaderdownloaderguloader

Malware Config

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Guloader Payload 1 IoCs
    guloader
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Finanskoncerner8.exe
    "C:\Users\Admin\AppData\Local\Temp\Finanskoncerner8.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/308-61-0x0000000075A31000-0x0000000075A33000-memory.dmp
    Filesize

    8KB

    Download
  • memory/308-62-0x00000000003E0000-0x00000000003EC000-memory.dmp
    Filesize

    48KB

    Download