Malware Analysis Report

2025-08-05 14:07

Sample ID 230805-ced55sgd8w
Target tmp
SHA256 ac131e3fbcd040f4a5f0dc8e90d3c77bb98d934d5c6696de510ca89f18599062
Tags
guloader downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ac131e3fbcd040f4a5f0dc8e90d3c77bb98d934d5c6696de510ca89f18599062

Threat Level: Known bad

The file tmp was found to be: Known bad.

Malicious Activity Summary

guloader downloader

Guloader,Cloudeye

Loads dropped DLL

Enumerates physical storage devices

NSIS installer

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-08-05 01:59

Signatures

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-05 01:59

Reported

2023-08-05 02:01

Platform

win7-20230712-en

Max time kernel

121s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\tmp.exe"

Signatures

Guloader,Cloudeye

downloader guloader

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\tmp.exe

"C:\Users\Admin\AppData\Local\Temp\tmp.exe"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\nsjE66A.tmp\System.dll

MD5 3f176d1ee13b0d7d6bd92e1c7a0b9bae
SHA1 fe582246792774c2c9dd15639ffa0aca90d6fd0b
SHA256 fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e
SHA512 0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

memory/2092-62-0x0000000003A10000-0x0000000004687000-memory.dmp

memory/2092-63-0x0000000003A10000-0x0000000004687000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-08-05 01:59

Reported

2023-08-05 02:01

Platform

win10v2004-20230703-en

Max time kernel

123s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\tmp.exe"

Signatures

Guloader,Cloudeye

downloader guloader

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmp.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\tmp.exe

"C:\Users\Admin\AppData\Local\Temp\tmp.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nspD264.tmp\System.dll

MD5 3f176d1ee13b0d7d6bd92e1c7a0b9bae
SHA1 fe582246792774c2c9dd15639ffa0aca90d6fd0b
SHA256 fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e
SHA512 0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6

memory/3508-140-0x0000000004A20000-0x0000000005697000-memory.dmp

memory/3508-141-0x0000000004A20000-0x0000000005697000-memory.dmp