Overview

overview

10

Static

static

3a0eee3681...63.exe

windows7-x64

10

3a0eee3681...63.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    12s
  • max time network
    32s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2023 16:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a0eee3681eeacd4fb6443ea3c67054c92f7f2f0cc03c4cce73e9d2ca1d78b63.exe

  • Size

    64KB

  • MD5

    852859b74e4bcd96cfe745e24e2c37af

  • SHA1

    b5f4e10475e28c9b3d4bc0ba651ad9ad60703e54

  • SHA256

    3a0eee3681eeacd4fb6443ea3c67054c92f7f2f0cc03c4cce73e9d2ca1d78b63

  • SHA512

    7c16e07f957b0244b85fe8083b9faa6831e5f9b4372dd383c63e0b80c9f27cfbe6c1fb8de2fefd8aa33b318bf73e259340bf931756f9cf27b6dc10ad580fb73b

  • SSDEEP

    768:BjVDUGqruL4t4EyC3hJSErYiS2weXH+oUEYP3TGXlk23E0DaJ9+q0Sxfaw2BN804:bDUGKVt4P+bDwowHPkT+QpHIgDU

Score
10/10
guloaderdownloader

Malware Config

Extracted

Family

guloader

C2

https://beta.vxinnovations.com/OZD_zqVmzeze250.bin

xor.base64

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a0eee3681eeacd4fb6443ea3c67054c92f7f2f0cc03c4cce73e9d2ca1d78b63.exe
    "C:\Users\Admin\AppData\Local\Temp\3a0eee3681eeacd4fb6443ea3c67054c92f7f2f0cc03c4cce73e9d2ca1d78b63.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1060-56-0x00000000002C0000-0x00000000002CA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1060-57-0x0000000077930000-0x0000000077AD9000-memory.dmp

    Filesize

    1.7MB

    Download