Malware Analysis Report

2025-08-10 19:27

Sample ID 230712-laa3cscf53
Target tmp
SHA256 40b6dc77998b71663fd29997962bec3b46647e8ee70cf3d579aed14ead46d660
Tags
guloader discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

40b6dc77998b71663fd29997962bec3b46647e8ee70cf3d579aed14ead46d660

Threat Level: Known bad

The file tmp was found to be: Known bad.

Malicious Activity Summary

guloader discovery downloader

Guloader,Cloudeye

Loads dropped DLL

Checks installed software on the system

Unsigned PE

Enumerates physical storage devices

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-07-12 09:19

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-07-12 09:19

Reported

2023-07-12 09:21

Platform

win7-20230703-en

Max time kernel

30s

Max time network

34s

Command Line

"C:\Users\Admin\AppData\Local\Temp\tmp.exe"

Signatures

Guloader,Cloudeye

downloader guloader

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\tmp.exe

"C:\Users\Admin\AppData\Local\Temp\tmp.exe"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\nsz2D9A.tmp\System.dll

MD5 be2621a78a13a56cf09e00dd98488360
SHA1 75f0539dc6af200a07cdb056cddddec595c6cfd2
SHA256 852047023ba0cae91c7a43365878613cfb4e64e36ff98c460e113d5088d68ef5
SHA512 b80cf1f678e6885276b9a1bfd9227374b2eb9e38bb20446d52ebe2c3dba89764aa50cb4d49df51a974478f3364b5dbcbc5b4a16dc8f1123b40c89c01725be3d1

memory/980-63-0x0000000003790000-0x00000000046B7000-memory.dmp

memory/980-64-0x0000000003790000-0x00000000046B7000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-07-12 09:19

Reported

2023-07-12 09:21

Platform

win10v2004-20230703-en

Max time kernel

142s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\tmp.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\tmp.exe

"C:\Users\Admin\AppData\Local\Temp\tmp.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 76.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 126.179.238.8.in-addr.arpa udp
US 8.8.8.8:53 89.16.208.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsj830E.tmp\System.dll

MD5 be2621a78a13a56cf09e00dd98488360
SHA1 75f0539dc6af200a07cdb056cddddec595c6cfd2
SHA256 852047023ba0cae91c7a43365878613cfb4e64e36ff98c460e113d5088d68ef5
SHA512 b80cf1f678e6885276b9a1bfd9227374b2eb9e38bb20446d52ebe2c3dba89764aa50cb4d49df51a974478f3364b5dbcbc5b4a16dc8f1123b40c89c01725be3d1

memory/4948-142-0x0000000005130000-0x0000000006057000-memory.dmp

memory/4948-143-0x0000000005130000-0x0000000006057000-memory.dmp