Overview

overview

10

Static

static

Invoices.scr

windows7_x64

10

Invoices.scr

windows10-2004_x64

10

Payment Copy.scr

windows7_x64

10

Payment Copy.scr

windows10-2004_x64

10

Pictures.scr

windows7_x64

10

Pictures.scr

windows10-2004_x64

10

Analysis

  • max time kernel
    91s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20-05-2022 23:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Payment Copy.scr

  • Size

    84KB

  • MD5

    674e26f5f53caab5bc5b0b12ac1bb03c

  • SHA1

    892cb32ece7918576e1bdd2c3ee638f9b2d6a751

  • SHA256

    29bf107e81548227b24b99a950628a53b7645e674602861fa7410773464b88b1

  • SHA512

    5f51ee306b2d970a74893fc07d17c7a40b8d18d3665bfd49f76113b0a28e253274108dd1c8bb2462ac8aa1dedf5f41ee0834f947d3e100649fd5f2bd6d82a8c8

Score
10/10
guloaderdownloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=19Rww40gJ2bgnR4d0kxNPAXOhspVmcojz

xor.base64

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Payment Copy.scr
    "C:\Users\Admin\AppData\Local\Temp\Payment Copy.scr" /S
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4972-132-0x00000000029D0000-0x00000000029DF000-memory.dmp
    Filesize

    60KB

    Download
  • memory/4972-133-0x00007FFE4D550000-0x00007FFE4D745000-memory.dmp
    Filesize

    2.0MB

    Download