Overview

overview

10

Static

static

10d9b05364...42.exe

windows7-x64

10

10d9b05364...42.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    167s
  • max time network
    215s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-01-2023 17:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10d9b05364627d1b5d4713730c666ae5af6aad4babba09d1798aee5c07620d42.exe

  • Size

    96KB

  • MD5

    389d771ad53ffcf2f184416756625358

  • SHA1

    fddb7479c291fddd2340a9188a10e56b626580c0

  • SHA256

    10d9b05364627d1b5d4713730c666ae5af6aad4babba09d1798aee5c07620d42

  • SHA512

    ccb8a13cb6eabbac7b7ec23ef1afc3a0f79caedb3a0e7b9117abce4585e2568bb8d8c7789d286bcb8b4f500ddcdb934e5e060f64c730c13f0c3ed714f71c24a6

  • SSDEEP

    1536:hbLxrsV8s1/QvQOSwIKw2DQdXsPTuYdOlKmbL:BL/y9fw7DQtoVdML

Score
10/10
guloaderdownloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1VdGbbmxm7I7haFIaO6xG5PE3TMFjQfJ8

xor.base64

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10d9b05364627d1b5d4713730c666ae5af6aad4babba09d1798aee5c07620d42.exe
    "C:\Users\Admin\AppData\Local\Temp\10d9b05364627d1b5d4713730c666ae5af6aad4babba09d1798aee5c07620d42.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4348-134-0x00000000021E0000-0x00000000021EB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/4348-135-0x00007FFEF7B10000-0x00007FFEF7D05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4348-136-0x00000000021E0000-0x00000000021EB000-memory.dmp

    Filesize

    44KB

    Download