Analysis

  • max time kernel
    185s
  • max time network
    187s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-12-2022 04:15

General

  • Target

    fece1f7cb9f25ea9ed17a700a6824df26e5070a193b062b98bf185f2cd1e3ed0.exe

  • Size

    602KB

  • MD5

    730947540714b5cb34e7fd8e5efc43e0

  • SHA1

    9e8366ba716ce1fb55d066f1cbe7130fb7129ba9

  • SHA256

    fece1f7cb9f25ea9ed17a700a6824df26e5070a193b062b98bf185f2cd1e3ed0

  • SHA512

    3d7790db061f900f2ef8146ef52f3ad393407142e2ed3cec08ec9132f0d87b2895bdb0150adaa54c3f32f692bcaf485d512365ac219a2928f17ca79c9ae7c6c3

  • SSDEEP

    12288:vb4AOtEG6fFRyRuW4CL8Bg4WYSdRobnPi3zyHVYZWy4Pq:vbruEGqTSD4CJCSdmbnYOyWy4Pq

Score
10/10

Malware Config

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\fece1f7cb9f25ea9ed17a700a6824df26e5070a193b062b98bf185f2cd1e3ed0.exe
    "C:\Users\Admin\AppData\Local\Temp\fece1f7cb9f25ea9ed17a700a6824df26e5070a193b062b98bf185f2cd1e3ed0.exe"
    1⤵
    • Loads dropped DLL
    PID:4520

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsm72D0.tmp\System.dll

    Filesize

    12KB

    MD5

    cff85c549d536f651d4fb8387f1976f2

    SHA1

    d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    SHA256

    8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    SHA512

    531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

  • memory/4520-133-0x0000000002A60000-0x0000000002B60000-memory.dmp

    Filesize

    1024KB