Analysis

  • max time kernel
    123s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/08/2023, 01:59

General

  • Target

    tmp.exe

  • Size

    376KB

  • MD5

    08defe80ace1f032875c8127ae5e4481

  • SHA1

    2d7ba957be6c89cd3633a63dfd8e925a90d40bd4

  • SHA256

    ac131e3fbcd040f4a5f0dc8e90d3c77bb98d934d5c6696de510ca89f18599062

  • SHA512

    09fc727fcdc86e57bc143571d061652787f2e82189255df2bebf2951ae705ef9d185646cadcd30b671233959512788c37fd6a350b28a676f064c87228bbf9bd7

  • SSDEEP

    6144:3BebKFxUGBNC3Iu5gro6xBcbKiydMdh5BwprYXUdOTDuCUkJf1dqDQrFGCf:4KFxc3Iu5g86xKbUdOmrUUdmuROOkrF5

Score
10/10

Malware Config

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
    1⤵
    • Loads dropped DLL
    PID:3508

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nspD264.tmp\System.dll

          Filesize

          11KB

          MD5

          3f176d1ee13b0d7d6bd92e1c7a0b9bae

          SHA1

          fe582246792774c2c9dd15639ffa0aca90d6fd0b

          SHA256

          fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e

          SHA512

          0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

        • memory/3508-140-0x0000000004A20000-0x0000000005697000-memory.dmp

          Filesize

          12.5MB

        • memory/3508-141-0x0000000004A20000-0x0000000005697000-memory.dmp

          Filesize

          12.5MB