Overview

overview

10

Static

static

3

3527026cb3...18.exe

windows7-x64

10

3527026cb3...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    67s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    10-07-2024 14:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3527026cb35562333c63270d9e43cb36_JaffaCakes118.exe

  • Size

    80KB

  • MD5

    3527026cb35562333c63270d9e43cb36

  • SHA1

    e9c211b0e3f7cbc5a3280b2e4a21de4dbeebcd67

  • SHA256

    adb79e986fd4bb3c23c51f57cfd40aaebf00520f4268c7b8ed34d38c0bacf9a2

  • SHA512

    1bb04d6d39c4abb22457c3fb4568dd22aacc7fbbd412d37cb1af4930452e86bd4e82cf30252805a9d4c8a7833620dd5e17b957330a204786c8fd4a9c3258ee81

  • SSDEEP

    768:fbx22rfEkMNXAr/v8gWEgGfXaPRuuInlsOL2cbiGk0yJ5qs82TIG:RrskM0vVWEDfaPtInlxqcDC8w

Score
10/10
guloaderdownloaderguloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1OTXEPjsrAbu-FQv5_KqTj2Ndd7hvh39c

xor.base64

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Guloader payload 1 IoCs
    guloader
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3527026cb35562333c63270d9e43cb36_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3527026cb35562333c63270d9e43cb36_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1052-2-0x0000000000340000-0x000000000034B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1052-3-0x0000000076CF1000-0x0000000076DF2000-memory.dmp

    Filesize

    1.0MB

    Download