guloader | 4355fe0090eb8ff789594239a58f3a677a2fae6f16f2358b894360c598d0b2f5 | Triage

Analysis

max time kernel
8s
max time network
15s
platform
windows7_x64
resource
win7v20210408
submitted
23-07-2021 06:12

Sharing

Report Analysis Logs

General

Target

CREDIT_NOTE_REFERENCENO_HSBC_BANK_OUTWARD_REMITTANCE_JULY_2021.exe
Size

100KB
MD5

493f22bb667fd3f9cba40b4c341acf40
SHA1

744f64a7f816b56e375b2a32e0b3b2a1e990734d
SHA256

4355fe0090eb8ff789594239a58f3a677a2fae6f16f2358b894360c598d0b2f5
SHA512

6cd4b92fb74c59673e7499892f53ce3f38cc3b3817e209d53dfe4a98e7ed89c90ef01a8824977e1a88279bd8c261f4a6e36e3ae223ee63db07c7f75b9fd3cc69

Score

10^/10

guloader downloader

Malware Config

Signatures

Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

CREDIT_NOTE_REFERENCENO_HSBC_BANK_OUTWARD_REMITTANCE_JULY_2021.exe

pid process

940 CREDIT_NOTE_REFERENCENO_HSBC_BANK_OUTWARD_REMITTANCE_JULY_2021.exe

C:\Users\Admin\AppData\Local\Temp\CREDIT_NOTE_REFERENCENO_HSBC_BANK_OUTWARD_REMITTANCE_JULY_2021.exe
"C:\Users\Admin\AppData\Local\Temp\CREDIT_NOTE_REFERENCENO_HSBC_BANK_OUTWARD_REMITTANCE_JULY_2021.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:940

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/940-62-0x00000000002C0000-0x00000000002D0000-memory.dmp

Filesize
64KB

Download