Analysis

  • max time kernel
    21s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2023 16:27

General

  • Target

    96942205b5b6d26c2bcf3992fac581e9deb2f09b45359f9736b89b35ca093756.exe

  • Size

    96KB

  • MD5

    dd7f628ba2ac5e60d415273a789f18be

  • SHA1

    336a660ab0b0e708f16342e9c7aede8a7b9505cb

  • SHA256

    96942205b5b6d26c2bcf3992fac581e9deb2f09b45359f9736b89b35ca093756

  • SHA512

    108a3b3fa6dc1b9194cc69744bf96a2c743b594fba76f296db5cb444fcf8f050dcba8d8d1f434b04fbe39cd5f64c01876d6aad180a3163be983a134b37d895c7

  • SSDEEP

    1536:EaAeCsa/WMafKICHYdrPHpFHx+KkjWh2Z:dCf/WMaSIhx/pXyz

Malware Config

Extracted

Family

guloader

C2

https://victoragboifo.com/ui/janomo_fQdIvwTxFA102.bin

xor.base64

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

  • Guloader payload 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\96942205b5b6d26c2bcf3992fac581e9deb2f09b45359f9736b89b35ca093756.exe
    "C:\Users\Admin\AppData\Local\Temp\96942205b5b6d26c2bcf3992fac581e9deb2f09b45359f9736b89b35ca093756.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2028-56-0x0000000000300000-0x000000000030C000-memory.dmp

    Filesize

    48KB

  • memory/2028-57-0x0000000077A60000-0x0000000077C09000-memory.dmp

    Filesize

    1.7MB