Overview

overview

10

Static

static

958521575f...6d.exe

windows7-x64

10

958521575f...6d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    131s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-01-2023 21:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    958521575f39a02c9b3392e6165cd345d70364cd93d0e080f3f6b6fa3db4936d.exe

  • Size

    128KB

  • MD5

    2e21d4608f3a76c51e9ae57b04197737

  • SHA1

    d8b7d2b2857ee07b512a29da5062616a5846f805

  • SHA256

    958521575f39a02c9b3392e6165cd345d70364cd93d0e080f3f6b6fa3db4936d

  • SHA512

    b77e9ea93611295b5ce29cf1a6bcdd8cdda29a03d5c67de1de5f1766ba8365c1901d87c827435859380fb34799bf2f0941a19ed964cc09e9b2a5e6b7265547b7

  • SSDEEP

    3072:6pTSnUpuMZu+IeOFd8Er1NizJ+DZNJ+I:cSnUhhOFd8Er1NizJk

Score
10/10
guloaderdownloaderguloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1ArGHlkiCQW6Ppt3Uw5cPS76717BetDXa

xor.base64

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Guloader payload 1 IoCs
    guloader
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\958521575f39a02c9b3392e6165cd345d70364cd93d0e080f3f6b6fa3db4936d.exe
    "C:\Users\Admin\AppData\Local\Temp\958521575f39a02c9b3392e6165cd345d70364cd93d0e080f3f6b6fa3db4936d.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3124-134-0x0000000002230000-0x000000000223D000-memory.dmp
    Filesize

    52KB

    Download
  • memory/3124-135-0x00007FFECF5D0000-0x00007FFECF7C5000-memory.dmp
    Filesize

    2.0MB

    Download