guloader | 3ebfb7cdc30291bcc995951dda1d8f62cea3e0beb990e35fabb3078b6d9d9921 | Triage

Analysis

max time kernel
145s
max time network
129s
platform
windows7_x64
resource
win7-en-20210920
submitted
28-09-2021 10:24

Sharing

Report Analysis Logs

General

Target

Zapytanie ofertowe (SHELMO Sp. z o.o. 09272021).exe
Size

88KB
MD5

419a3e9ce6606d5ed7b22a7574e1a294
SHA1

7c08e8f1f4f478df9baf5d00675bd174467621bc
SHA256

3ebfb7cdc30291bcc995951dda1d8f62cea3e0beb990e35fabb3078b6d9d9921
SHA512

9656f15444698040c29674c4370604397c37147c07924b1bc8751b62e3a437808c234f3f155a9af927f57084264b762d5daa949c3d76b2e9755ec17690cb656e

Score

10^/10

guloader downloader

Malware Config

Signatures

Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Zapytanie ofertowe (SHELMO Sp. z o.o. 09272021).exe

pid process

1216 Zapytanie ofertowe (SHELMO Sp. z o.o. 09272021).exe

C:\Users\Admin\AppData\Local\Temp\Zapytanie ofertowe (SHELMO Sp. z o.o. 09272021).exe
"C:\Users\Admin\AppData\Local\Temp\Zapytanie ofertowe (SHELMO Sp. z o.o. 09272021).exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1216

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1216-55-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download
memory/1216-56-0x0000000000280000-0x0000000000291000-memory.dmp

Filesize
68KB

Download