Analysis
-
max time kernel
119s -
max time network
125s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
21-01-2022 23:05
Static task
static1
Behavioral task
behavioral1
Sample
PO20_073.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
PO20_073.exe
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
PO20_073.exe
-
Size
40KB
-
MD5
4ae0fd2e20e7cfc89adb3a85e773cb74
-
SHA1
2a11a3bbd5876d6c923ca8be90de8cee2e36df30
-
SHA256
9722c1d56a376441e7ceb74b7e0f155f49eeba76a5049dfa9233eb2d7726e89d
-
SHA512
c48a477083af7a68f8bfcdf09cd15cb43bfe60db7b28f9f1e8e0e61a5969fa9bb96f28191508830edf3400576b72387c59fc1eae6c040e0dbbcb1ebb139f10c0
Score
10/10
Malware Config
Extracted
Family
guloader
C2
https://drive.google.com/uc?export=download&id=1mVJV7BrsU6WZXyhq-IOOLwoe8zGnSg2i
xor.base64
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
PO20_073.exepid process 2420 PO20_073.exe