Analysis
-
max time kernel
42s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20-05-2022 23:18
Static task
static1
Behavioral task
behavioral1
Sample
Invoices.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Invoices.scr
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Payment Copy.scr
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Payment Copy.scr
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
Pictures.scr
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
Pictures.scr
Resource
win10v2004-20220414-en
General
-
Target
Payment Copy.scr
-
Size
84KB
-
MD5
674e26f5f53caab5bc5b0b12ac1bb03c
-
SHA1
892cb32ece7918576e1bdd2c3ee638f9b2d6a751
-
SHA256
29bf107e81548227b24b99a950628a53b7645e674602861fa7410773464b88b1
-
SHA512
5f51ee306b2d970a74893fc07d17c7a40b8d18d3665bfd49f76113b0a28e253274108dd1c8bb2462ac8aa1dedf5f41ee0834f947d3e100649fd5f2bd6d82a8c8
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=19Rww40gJ2bgnR4d0kxNPAXOhspVmcojz
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
Payment Copy.scrpid process 1080 Payment Copy.scr