guloader | f0decb0f75f5a561c292494866d4f90bd9b97192643f8e70657519f8a404ecc8 | Triage

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7v20210410
submitted
21-04-2021 15:09

Sharing

Report Analysis Logs

General

Target

734.exe
Size

184KB
MD5

f5c46d60bf4d5f064fb32d754869358b
SHA1

5a9abb2629e8e8333517ec683fb460f8bf2eea94
SHA256

f0decb0f75f5a561c292494866d4f90bd9b97192643f8e70657519f8a404ecc8
SHA512

5c95f6c90e6b1b15a5854a96330886415e5f6ea6b80619f8c3533dc55da83e5ea66d68b97569af3e3b8223fbfa9be112da68db352f56640ab19f253eb8db1fac

Score

10^/10

guloader downloader guloader

Malware Config

Signatures

Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader

Guloader Payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1640-62-0x0000000000340000-0x000000000034C000-memory.dmp	family_guloader

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

734.exe

pid process

1640 734.exe

C:\Users\Admin\AppData\Local\Temp\734.exe
"C:\Users\Admin\AppData\Local\Temp\734.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1640

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1640-62-0x0000000000340000-0x000000000034C000-memory.dmp

Filesize
48KB

Download