Analysis

  • max time kernel
    90s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-01-2023 17:42

General

  • Target

    b9d1b8674cb42166b82850460394c451618cbdb28066072cb1eff219d5b755e9.exe

  • Size

    72KB

  • MD5

    07fe7fce03a8b2ab6e622a21ab45b9b5

  • SHA1

    a2785b095cad1061add2b45326ecd6107cd5c577

  • SHA256

    b9d1b8674cb42166b82850460394c451618cbdb28066072cb1eff219d5b755e9

  • SHA512

    e8c4781b2f8da2d8aba71bc55740631ce2e705cfeadcd844e93b6619de5f75afb1eee0365717d219aeb06f16c1129a6fb1dcf07b91818b86548dc81741d3dd91

  • SSDEEP

    1536:pD2lrZNC7yEcNE2AGOAJYuSF+9aQ3xfY+YkXYD:pKlrrJEeE25YuSF+9aQhA+3XY

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1_2rg-XLl-xoZYRETTeBc0GLV9Saf0c8

xor.base64

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

  • Guloader payload 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9d1b8674cb42166b82850460394c451618cbdb28066072cb1eff219d5b755e9.exe
    "C:\Users\Admin\AppData\Local\Temp\b9d1b8674cb42166b82850460394c451618cbdb28066072cb1eff219d5b755e9.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/616-134-0x0000000003BF0000-0x0000000003BFA000-memory.dmp

    Filesize

    40KB

  • memory/616-135-0x00007FFFE7C10000-0x00007FFFE7E05000-memory.dmp

    Filesize

    2.0MB