guloader | 889647fa41dbe3f6f5ca5c356d021e2ca89516d7494c8c4c8cd909e65214794f | Triage

Analysis

max time kernel
123s
max time network
120s
platform
windows7_x64
resource
win7-en-20211014
submitted
18-10-2021 20:14

Sharing

Report Analysis Logs

General

Target

Schenker Italiana S.p.A. CW305.exe
Size

136KB
MD5

f9387f159f97d49649d1e6b34802dd3f
SHA1

b0f8090cb04a59d08e355553162a7fad645a3a4e
SHA256

0af20465dac642791831be79702b7c4cbf204f170b8441ab001a7519eb6dc45c
SHA512

e6a507398a4ed6279212c670ede75c25f47e82a04ef86f9f2ce7fb9fd64879a1c9bac17eaa2a0fe04bd5778d6da1167458f6716a984273820111daa70589f92c

Score

10^/10

guloader downloader

Malware Config

Signatures

Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Schenker Italiana S.p.A. CW305.exe

pid process

1216 Schenker Italiana S.p.A. CW305.exe

C:\Users\Admin\AppData\Local\Temp\Schenker Italiana S.p.A. CW305.exe
"C:\Users\Admin\AppData\Local\Temp\Schenker Italiana S.p.A. CW305.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1216

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1216-55-0x0000000000220000-0x0000000000226000-memory.dmp

Filesize
24KB

Download
memory/1216-56-0x0000000000220000-0x000000000022A000-memory.dmp

Filesize
40KB

Download
memory/1216-57-0x00000000003C0000-0x00000000003D4000-memory.dmp

Filesize
80KB

Download