guloader | 0c8b9ba8bdd9a1d91ba4d61c81480b7337e6189fb0836301d71e90fa6adec8b6 | Triage

Analysis

max time kernel
14s
max time network
112s
platform
windows10_x64
resource
win10v20210408
submitted
27-07-2021 21:24

Sharing

Report Analysis Logs

General

Target

Dolmas.xlsm.exe
Size

92KB
MD5

13d2947bf6c6870f9ad0bef3f7dcc43f
SHA1

888f478a75ca41fceb86233083c047b0621a0d01
SHA256

0c8b9ba8bdd9a1d91ba4d61c81480b7337e6189fb0836301d71e90fa6adec8b6
SHA512

3216433fddbc2ba58185de6d04c403beb0fc0398c92ea14df3613bce1a5eaf2532d49e1175219c4d0a488bf1875f7e39edff0414973444db694d7cfad5c2d6e8

Score

10^/10

guloader downloader

Malware Config

Signatures

Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Dolmas.xlsm.exe

pid process

364 Dolmas.xlsm.exe

C:\Users\Admin\AppData\Local\Temp\Dolmas.xlsm.exe
"C:\Users\Admin\AppData\Local\Temp\Dolmas.xlsm.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:364

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/364-116-0x0000000002B40000-0x0000000002B53000-memory.dmp

Filesize
76KB

Download