guloader | 9d32d8de3b01e191634bdd00355a38a310475b70ba31f69015b68db822995c31 | Triage

Analysis

max time kernel
12s
max time network
136s
platform
windows10_x64
resource
win10v20210410
submitted
27-07-2021 16:32

Sharing

Report Analysis Logs

General

Target

Contract_Proforma-26-07-2021_RFQ_9R83374666446_QUDHDGEUWIWND.exe
Size

228KB
MD5

3601ee54741bf58f64aa01c0798c98ca
SHA1

9fbd9ee32263e04cb87fd8626ad623e8b90f6b2b
SHA256

9d32d8de3b01e191634bdd00355a38a310475b70ba31f69015b68db822995c31
SHA512

e07f0c645cc252805c4cda2059debd1f5b4cbc1461dfe92c3d44125472c12af0395bd24845f817439a8dcaeb976d43c140b4cb5fa9d906b6dede475a1d5f7d39

Score

10^/10

guloader downloader

Malware Config

Signatures

Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Contract_Proforma-26-07-2021_RFQ_9R83374666446_QUDHDGEUWIWND.exe

pid process

4048 Contract_Proforma-26-07-2021_RFQ_9R83374666446_QUDHDGEUWIWND.exe

C:\Users\Admin\AppData\Local\Temp\Contract_Proforma-26-07-2021_RFQ_9R83374666446_QUDHDGEUWIWND.exe
"C:\Users\Admin\AppData\Local\Temp\Contract_Proforma-26-07-2021_RFQ_9R83374666446_QUDHDGEUWIWND.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4048

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4048-116-0x00000000021D0000-0x00000000021E3000-memory.dmp

Filesize
76KB

Download