Overview

overview

10

Static

static

085f074477...fb.exe

windows7-x64

10

085f074477...fb.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    42s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2023 21:57

Sharing

Copy URL
Twitter E-mail

General

  • Target

    085f074477fc21d7ff8d79377a049772be5a6ac3ff44a2bba706a05c8c90aefb.exe

  • Size

    68KB

  • MD5

    83c14a66b24119744113c9b6e5b8803d

  • SHA1

    4a1c5058f99a63f4b9ae54a1fbde37830a7bc736

  • SHA256

    085f074477fc21d7ff8d79377a049772be5a6ac3ff44a2bba706a05c8c90aefb

  • SHA512

    2013cb9b6cbb3cd04f5141b456437fffb2b10f5a43c05f79739b956655ad5508a418c7e912a3c1e33ac2c4081fbddfcb70309fd67e658b86a39278ccc14c116a

  • SSDEEP

    768:ZKwUy2YNMz+jd9N3gPXylbgRqd0KwrbFTmMcgQNrN6aUJT1nwPdu06BLIwObEIg:cwBjeaDZoKwrbFqHN6aUPS9b0

Score
10/10
guloaderdownloaderguloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1QFtP4O3h15SCAenwyvIgbYE8H071KTE8

xor.base64

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Guloader payload 1 IoCs
    guloader
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\085f074477fc21d7ff8d79377a049772be5a6ac3ff44a2bba706a05c8c90aefb.exe
    "C:\Users\Admin\AppData\Local\Temp\085f074477fc21d7ff8d79377a049772be5a6ac3ff44a2bba706a05c8c90aefb.exe"
    Suspicious use of SetWindowsHookEx
    PID:900

Network

MITRE ATT&CK Matrix

Replay Monitor

00:00 00:00

Downloads

  • memory/900-56-0x00000000002C0000-0x00000000002CB000-memory.dmp
    Filesize

    44KB

    Download
  • memory/900-57-0x0000000077700000-0x00000000778A9000-memory.dmp
    Filesize

    1MB

    Download