Overview

overview

10

Static

static

3

35e7971315...18.exe

windows7-x64

10

35e7971315...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    10-07-2024 18:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    35e79713151bb8248daf6d230198d391_JaffaCakes118.exe

  • Size

    124KB

  • MD5

    35e79713151bb8248daf6d230198d391

  • SHA1

    ab791f1006ba6c548f073618e0c5815a1afb3e45

  • SHA256

    308fd79af29c78bc4f0f98b11edebc5c574b6f33b35e9eec7c1fe1d5aad39bab

  • SHA512

    4d7e5939300efc076e5b6ced1273fb78ee2787e4f0ab688f627bfc8b4d3511509b43fa268263d3a0b447b1894785f593cd6bb916a875dce4817baca8d6026c83

  • SSDEEP

    768:SxG05+YThHcuLHErDJ6rNPc7OsWwa5X/SNXFxUmOmpzImQ4PAmMX9VjWP4wxVXWi:kG4RcuLI4NkPOl/TmQpmMXwXRBczf+

Score
10/10
guloaderdownloaderguloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1hK-9mayJIVhEJMRlkvzVXAfjNg5OHUWX

xor.base64

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Guloader payload 1 IoCs
    guloader
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\35e79713151bb8248daf6d230198d391_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\35e79713151bb8248daf6d230198d391_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2516-3-0x00000000775C1000-0x00000000776C2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2516-2-0x00000000005D0000-0x00000000005DB000-memory.dmp

    Filesize

    44KB

    Download