Analysis

  • max time kernel
    62s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    08/08/2023, 06:16

General

  • Target

    Payoffs.exe

  • Size

    485KB

  • MD5

    8d1b9a7a8b8432f44917156c2b90601e

  • SHA1

    655a6ba188174e17dccaeb309bd5356560b6b6a2

  • SHA256

    ff1731ac0ceea544a04afa1526c83d5d6fa0a41fd1cf845e6e81095c9b373ad1

  • SHA512

    b8250f13d4e9eabc31adbc3b183af3c007edae1a03463e7be301e0b4a700a7687135d6a8bf5f4dc8e91cf54693b5c9b34bb2fc8239231bd2bc1915648c69d9d1

  • SSDEEP

    6144:+mOPUV36SmUWwtPU9lg15ux+jN25cVQIvjPTkTke77jKsU4k0+hvzvDlMh/BlU+h:9pWwd0IU5ciGjbmvzTk/5Mh7woD

Score
10/10

Malware Config

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\Payoffs.exe
    "C:\Users\Admin\AppData\Local\Temp\Payoffs.exe"
    1⤵
    • Loads dropped DLL
    PID:2336

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsy787B.tmp\System.dll

          Filesize

          11KB

          MD5

          9625d5b1754bc4ff29281d415d27a0fd

          SHA1

          80e85afc5cccd4c0a3775edbb90595a1a59f5ce0

          SHA256

          c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448

          SHA512

          dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b

        • \Users\Admin\AppData\Local\Temp\nsy787B.tmp\System.dll

          Filesize

          11KB

          MD5

          9625d5b1754bc4ff29281d415d27a0fd

          SHA1

          80e85afc5cccd4c0a3775edbb90595a1a59f5ce0

          SHA256

          c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448

          SHA512

          dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b

        • \Users\Admin\AppData\Local\Temp\nsy787B.tmp\System.dll

          Filesize

          11KB

          MD5

          9625d5b1754bc4ff29281d415d27a0fd

          SHA1

          80e85afc5cccd4c0a3775edbb90595a1a59f5ce0

          SHA256

          c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448

          SHA512

          dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b

        • memory/2336-68-0x0000000002FC0000-0x0000000004E45000-memory.dmp

          Filesize

          30.5MB

        • memory/2336-69-0x0000000002FC0000-0x0000000004E45000-memory.dmp

          Filesize

          30.5MB