Overview

overview

10

Static

static

PO20_073.exe

windows7_x64

10

PO20_073.exe

windows10_x64

10

Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    21-01-2022 23:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PO20_073.exe

  • Size

    40KB

  • MD5

    4ae0fd2e20e7cfc89adb3a85e773cb74

  • SHA1

    2a11a3bbd5876d6c923ca8be90de8cee2e36df30

  • SHA256

    9722c1d56a376441e7ceb74b7e0f155f49eeba76a5049dfa9233eb2d7726e89d

  • SHA512

    c48a477083af7a68f8bfcdf09cd15cb43bfe60db7b28f9f1e8e0e61a5969fa9bb96f28191508830edf3400576b72387c59fc1eae6c040e0dbbcb1ebb139f10c0

Score
10/10
guloaderdownloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1mVJV7BrsU6WZXyhq-IOOLwoe8zGnSg2i

xor.base64

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PO20_073.exe
    "C:\Users\Admin\AppData\Local\Temp\PO20_073.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2420-117-0x00000000021E0000-0x00000000021E8000-memory.dmp
    Filesize

    32KB

    Download
  • memory/2420-118-0x00007FF9CAB30000-0x00007FF9CAD0B000-memory.dmp
    Filesize

    1.9MB

    Download