Analysis
-
max time kernel
149s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
17/07/2023, 06:33
General
-
Target
a15da9fdfd935a4b05adc5e0cf0053a0.exe
-
Size
352KB
-
MD5
a15da9fdfd935a4b05adc5e0cf0053a0
-
SHA1
71be4a53794322a70c36f22a532bdd5a9e82c47a
-
SHA256
2a831c8d63686e4b79cfced16e26d47f95de8cdbd178876659f9e7ec75e42789
-
SHA512
7035c68e51f340633b4b1a1d2e0c3d9f91ccf8398936a9604ec1119b0880d53360e213f04e0243ef9ac69cd2a23614e243533dd3494ff84854e1763606fa3d8e
-
SSDEEP
6144:Hwq3NpAucY3Mh7fR6dtdKE0CuLavZDC8xr3gKkYbrx+gb6e+D:HzMp3cfKE7ZDCC1rrx+Ve+D
Malware Config
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Checks QEMU agent file 2 TTPs 2 IoCs
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a15da9fdfd935a4b05adc5e0cf0053a0.exe"C:\Users\Admin\AppData\Local\Temp\a15da9fdfd935a4b05adc5e0cf0053a0.exe"1⤵
- Checks QEMU agent file
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\a15da9fdfd935a4b05adc5e0cf0053a0.exe"C:\Users\Admin\AppData\Local\Temp\a15da9fdfd935a4b05adc5e0cf0053a0.exe"2⤵
- Checks QEMU agent file
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD517ed1c86bd67e78ade4712be48a7d2bd
SHA11cc9fe86d6d6030b4dae45ecddce5907991c01a0
SHA256bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb
SHA5120cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5
-
Filesize
11KB
MD517ed1c86bd67e78ade4712be48a7d2bd
SHA11cc9fe86d6d6030b4dae45ecddce5907991c01a0
SHA256bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb
SHA5120cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5
-
Filesize
11KB
MD517ed1c86bd67e78ade4712be48a7d2bd
SHA11cc9fe86d6d6030b4dae45ecddce5907991c01a0
SHA256bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb
SHA5120cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5
-
Filesize
23.4MB
-
Filesize
23.4MB
-
Filesize
1.1MB
-
Filesize
24KB
-
Filesize
18.3MB
-
Filesize
23.4MB
-
Filesize
4KB
-
Filesize
23.4MB
-
Filesize
1.1MB