Overview

overview

10

Static

static

85b4537e66...04.exe

windows7-x64

10

85b4537e66...04.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-01-2023 15:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    85b4537e66421ac2907b8b74820a1bd2f11abd4ee9ea09d02a65eed7b12c6304.exe

  • Size

    140KB

  • MD5

    04f42bbbc53466a8711dd0f156920f8e

  • SHA1

    42276c1fec4bfd3ad315f22abbb813c5b0bf018f

  • SHA256

    85b4537e66421ac2907b8b74820a1bd2f11abd4ee9ea09d02a65eed7b12c6304

  • SHA512

    7c733c046c5d4dd147cdbcfa1bd8652849c85fba9d5e547a18c945b6739c83122d326f3c7bb881b32a4c29748cf63bf5ab3d9cd990260eea344ea59142418057

  • SSDEEP

    1536:mWWTwV4fVhusO+SxOs0pXRs6kAunyiNEREdxrTFAMTuxVQwV4MjW:uwVUPhO+SxOBXRs6kAFzREzXTQqwV

Score
10/10
guloaderdownloader

Malware Config

Extracted

Family

guloader

C2

https://onedrive.live.com/download?cid=802AC8A73EEC8C8E&resid=802AC8A73EEC8C8E%21108&authkey=AMPtFO74gVV-InY

xor.base64

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\85b4537e66421ac2907b8b74820a1bd2f11abd4ee9ea09d02a65eed7b12c6304.exe
    "C:\Users\Admin\AppData\Local\Temp\85b4537e66421ac2907b8b74820a1bd2f11abd4ee9ea09d02a65eed7b12c6304.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3988-134-0x0000000000500000-0x000000000050D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/3988-135-0x00007FFAD0FB0000-0x00007FFAD11A5000-memory.dmp

    Filesize

    2.0MB

    Download