Analysis Overview
SHA256
66f77b6ae2f664a173391e4fd15b04e18f992016a56b2d0fdbd27e8003ef72d1
Threat Level: Known bad
The file 66f77b6ae2f664a173391e4fd15b04e18f992016a56b2d0fdbd27e8003ef72d1gz_JC.gz was found to be: Known bad.
Malicious Activity Summary
Guloader,Cloudeye
Loads dropped DLL
Enumerates physical storage devices
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-08-04 18:11
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-08-04 18:11
Reported
2023-08-04 18:13
Platform
win7-20230712-en
Max time kernel
122s
Max time network
125s
Command Line
Signatures
Guloader,Cloudeye
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Karine Petakchyan_cn23_9472851349.exe | N/A |
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\Karine Petakchyan_cn23_9472851349.exe
"C:\Users\Admin\AppData\Local\Temp\Karine Petakchyan_cn23_9472851349.exe"
Network
Files
\Users\Admin\AppData\Local\Temp\nsd7C91.tmp\System.dll
| MD5 | 8cf2ac271d7679b1d68eefc1ae0c5618 |
| SHA1 | 7cc1caaa747ee16dc894a600a4256f64fa65a9b8 |
| SHA256 | 6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba |
| SHA512 | ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3 |
memory/2028-62-0x0000000003010000-0x0000000004331000-memory.dmp
memory/2028-63-0x0000000003010000-0x0000000004331000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-08-04 18:11
Reported
2023-08-04 18:13
Platform
win10v2004-20230703-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Guloader,Cloudeye
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Karine Petakchyan_cn23_9472851349.exe | N/A |
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\Karine Petakchyan_cn23_9472851349.exe
"C:\Users\Admin\AppData\Local\Temp\Karine Petakchyan_cn23_9472851349.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| NL | 88.221.24.32:443 | www.bing.com | tcp |
| NL | 88.221.24.32:443 | www.bing.com | tcp |
| NL | 88.221.24.32:443 | www.bing.com | tcp |
| NL | 88.221.24.32:443 | www.bing.com | tcp |
| NL | 88.221.24.32:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 32.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.150.79.40.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsd8167.tmp\System.dll
| MD5 | 8cf2ac271d7679b1d68eefc1ae0c5618 |
| SHA1 | 7cc1caaa747ee16dc894a600a4256f64fa65a9b8 |
| SHA256 | 6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba |
| SHA512 | ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3 |
memory/4004-141-0x0000000004260000-0x0000000005581000-memory.dmp
memory/4004-142-0x0000000004260000-0x0000000005581000-memory.dmp