Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
21-01-2022 22:48
Static task
static1
Behavioral task
behavioral1
Sample
AWB_DOC_.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
AWB_DOC_.exe
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
AWB_DOC_.exe
-
Size
36KB
-
MD5
dc3dcc1692ac8e1ffde71f6a2b4e82dc
-
SHA1
f21b7110aadfa5b7692774094e728522f13f7077
-
SHA256
50aae299d8b67fe7ee08351a7c8bac0e109c7789eeecf657b91ada84e3eab39e
-
SHA512
d7c988ddfc0c03e47413250d4ef00f354c6cc75f8d9ffec16fbf2c15f3be222978c0e4aab0eb1ca79ac1391ab89ccbe01f393747889f6fe4afa23f43bca41674
Score
10/10
Malware Config
Extracted
Family
guloader
C2
https://drive.google.com/uc?export=download&id=1QyzKj6kk6pYVwPk7MHNiD0Xm0G-QCm-R
xor.base64
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
AWB_DOC_.exepid process 2384 AWB_DOC_.exe