Overview

overview

10

Static

static

3

0bd777a0a6...b0.exe

windows7-x64

10

0bd777a0a6...b0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    30s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    19/07/2023, 02:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0bd777a0a6ec3b65f2d0d83658fc39568c24fcca48e15752c7bfe91eaf5702b0.exe

  • Size

    100KB

  • MD5

    1640146a0129c5de127c36da90662dbf

  • SHA1

    a3a8e74b0adf9dd085dd306c8f8c066d5e7b5d2b

  • SHA256

    0bd777a0a6ec3b65f2d0d83658fc39568c24fcca48e15752c7bfe91eaf5702b0

  • SHA512

    a5e33a3570aa2d3c8673d5571dea4fd2e855dd76fc4ded844a0b559016159ba30f66cb943700011ad8ac6bf99626d135ea82ee9cea643d9da3211f1040579b1e

  • SSDEEP

    1536:sAioou2tSBG5BF6ttUeO+85oeD22Kkf24lH:0u2ICQttU9Fuq22hf2G

Score
10/10
guloaderdownloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1Yn_pYd8pizTAMgh2NIGAMKhfxhdFMplB

https://yorgeatransport.com/dstu_QRCyfX28.bin
xor.base64

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0bd777a0a6ec3b65f2d0d83658fc39568c24fcca48e15752c7bfe91eaf5702b0.exe
    "C:\Users\Admin\AppData\Local\Temp\0bd777a0a6ec3b65f2d0d83658fc39568c24fcca48e15752c7bfe91eaf5702b0.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3020-56-0x00000000002C0000-0x00000000002CC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3020-57-0x0000000077A30000-0x0000000077BD9000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3020-58-0x00000000002C0000-0x00000000002CC000-memory.dmp

    Filesize

    48KB

    Download