guloader | 90a4f8162296ffdc1fad4879a02b055273718b68ad7a5f63425fd2abc4580d41

Analysis

max time kernel
76s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-01-2023 21:57

Target

90a4f8162296ffdc1fad4879a02b055273718b68ad7a5f63425fd2abc4580d41.exe
Size

108KB
MD5

5b98eac53149ca54211b9210894ecfdb
SHA1

f896d8915f871a6244e655cbf7bc92f4e3f3d247
SHA256

90a4f8162296ffdc1fad4879a02b055273718b68ad7a5f63425fd2abc4580d41
SHA512

21fc564e9a5d2681af9af481d0314c2aea881975214d83695f484a945e0401edb70385a5f262edfe57253614af6177316dcb9d73a97b637fdb6956b59d25d46d
SSDEEP

1536:LLKiaVpbyQkLoYnH17XvQnKVk7/a+/zbiuuxVP3jJfLYQ/c:PhH17XATa+rxu/xLYQ/c

Score

10^/10

Family

guloader

https://onedrive.live.com/download?cid=1EF46D95820B4241&resid=1EF46D95820B4241%21128&authkey=AN8LgKMfyKd8UvE

xor.base64

Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

90a4f8162296ffdc1fad4879a02b055273718b68ad7a5f63425fd2abc4580d41.exe

pid process

3496 90a4f8162296ffdc1fad4879a02b055273718b68ad7a5f63425fd2abc4580d41.exe

pid	process
3496	90a4f8162296ffdc1fad4879a02b055273718b68ad7a5f63425fd2abc4580d41.exe

C:\Users\Admin\AppData\Local\Temp\90a4f8162296ffdc1fad4879a02b055273718b68ad7a5f63425fd2abc4580d41.exe
"C:\Users\Admin\AppData\Local\Temp\90a4f8162296ffdc1fad4879a02b055273718b68ad7a5f63425fd2abc4580d41.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3496

memory/3496-134-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3496-135-0x0000000000790000-0x000000000079A000-memory.dmp

Filesize
40KB

Download
memory/3496-136-0x00007FFEA3BF0000-0x00007FFEA3DE5000-memory.dmp

Filesize
2.0MB

Download