Overview

overview

10

Static

static

f7a4ab43ac...f4.exe

windows7-x64

10

f7a4ab43ac...f4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-11-2022 18:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f7a4ab43ac7b75fa7708fcc5901d463225187fcfcb11d7e871ab854075e090f4.exe

  • Size

    100KB

  • MD5

    ffe86f47459e2f515445d1e218925174

  • SHA1

    cc1e32683f665568b4a5d49d465fa565d5d5febd

  • SHA256

    f7a4ab43ac7b75fa7708fcc5901d463225187fcfcb11d7e871ab854075e090f4

  • SHA512

    6289c762a259144b31f5bf374a2c05da31c0e60b655c61ac63bcc63cac75e20eea0a5d6e4d11b8f6bfddee5e3e946bd26dabf4ae80c98311b09fe614229bc80e

  • SSDEEP

    1536:m2AOu4dZGWZD9qmahnNpLdhUNmWJ5s6yEh8/V7v70h/N:mau8qmopQNJrNh8A

Score
10/10
guloaderdownloaderguloader

Malware Config

Extracted

Family

guloader

C2

http://185.161.211.58/Maly%20nanocre%202021_RbDlvErWAV133.bin

xor.base64

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Guloader payload 1 IoCs
    guloader
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f7a4ab43ac7b75fa7708fcc5901d463225187fcfcb11d7e871ab854075e090f4.exe
    "C:\Users\Admin\AppData\Local\Temp\f7a4ab43ac7b75fa7708fcc5901d463225187fcfcb11d7e871ab854075e090f4.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3300-134-0x00000000021C0000-0x00000000021CC000-memory.dmp
    Filesize

    48KB

    Download
  • memory/3300-135-0x00007FF87C710000-0x00007FF87C905000-memory.dmp
    Filesize

    2.0MB

    Download