Analysis
-
max time kernel
185s -
max time network
187s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
07-12-2022 04:15
General
-
Target
fece1f7cb9f25ea9ed17a700a6824df26e5070a193b062b98bf185f2cd1e3ed0.exe
-
Size
602KB
-
MD5
730947540714b5cb34e7fd8e5efc43e0
-
SHA1
9e8366ba716ce1fb55d066f1cbe7130fb7129ba9
-
SHA256
fece1f7cb9f25ea9ed17a700a6824df26e5070a193b062b98bf185f2cd1e3ed0
-
SHA512
3d7790db061f900f2ef8146ef52f3ad393407142e2ed3cec08ec9132f0d87b2895bdb0150adaa54c3f32f692bcaf485d512365ac219a2928f17ca79c9ae7c6c3
-
SSDEEP
12288:vb4AOtEG6fFRyRuW4CL8Bg4WYSdRobnPi3zyHVYZWy4Pq:vbruEGqTSD4CJCSdmbnYOyWy4Pq
Malware Config
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Loads dropped DLL 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
-
C:\Users\Admin\AppData\Local\Temp\fece1f7cb9f25ea9ed17a700a6824df26e5070a193b062b98bf185f2cd1e3ed0.exe"C:\Users\Admin\AppData\Local\Temp\fece1f7cb9f25ea9ed17a700a6824df26e5070a193b062b98bf185f2cd1e3ed0.exe"1⤵
- Loads dropped DLL
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\nsm72D0.tmp\System.dllFilesize
12KB
MD5cff85c549d536f651d4fb8387f1976f2
SHA1d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA2568dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
memory/4520-133-0x0000000002A60000-0x0000000002B60000-memory.dmpFilesize
1024KB