guloader | fe7ecd7256cc42ce91c14e30096c2d220aa5f0eeb77eaf7153ea34f9d4b3af8b | Triage

Analysis

max time kernel
9s
max time network
55s
platform
windows7_x64
resource
win7v20210408
submitted
23-07-2021 15:48

Sharing

Report Analysis Logs

General

Target

SecuriteInfo.com.__vbaHresultCheckObj.16038.10389.exe
Size

276KB
MD5

f09dc829aad871e73683c231053c4867
SHA1

d51a1203618f17ad26a4c503661522f9d270c667
SHA256

fe7ecd7256cc42ce91c14e30096c2d220aa5f0eeb77eaf7153ea34f9d4b3af8b
SHA512

e1acf01919da31c24e771d70f8bfb52622a83e2725368c56632684313f97b31834799c62d12717fb2320787e1e68cc8a01a9d71a1a8b89f37d7d9171484bb5b8

Score

10^/10

guloader downloader

Malware Config

Signatures

Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

SecuriteInfo.com.__vbaHresultCheckObj.16038.10389.exe

pid process

1220 SecuriteInfo.com.__vbaHresultCheckObj.16038.10389.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.__vbaHresultCheckObj.16038.10389.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.__vbaHresultCheckObj.16038.10389.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1220

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1220-61-0x0000000001D30000-0x0000000001D43000-memory.dmp

Filesize
76KB

Download