Overview

overview

10

Static

static

3

cf02d76dc5...18.exe

windows7-x64

10

cf02d76dc5...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    77s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06-09-2024 07:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cf02d76dc5970206862d6b314afeb734_JaffaCakes118.exe

  • Size

    124KB

  • MD5

    cf02d76dc5970206862d6b314afeb734

  • SHA1

    790a9e9e6fe8d5391433c62290bfc83be7ac1dbb

  • SHA256

    28a1a1af76799d6a288cc91de6fbef0880397c0af9ea5151f47c81e93a70aaf3

  • SHA512

    ecff8dbbe9f3bfd348be3abefb073bbdc0b9017749c125dd509ceaebe2f1ec911b939606334a8d46287edd2c552bd47d970e7af6bce5cf20296252dc2f293045

  • SSDEEP

    1536:IG9zo5MS+caKE5/5CdxeKzCNR0jwJFerLX:1Vo51i5/4wEX

Score
10/10
guloaderdiscoverydownloaderguloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1uNc7FIDIrEXsSzpPOoOUzQ3vxPOCKg6G

xor.base64

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Guloader payload 2 IoCs
    guloader
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cf02d76dc5970206862d6b314afeb734_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\cf02d76dc5970206862d6b314afeb734_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:2956

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2956-2-0x0000000000280000-0x000000000028A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2956-3-0x0000000076E11000-0x0000000076F12000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2956-4-0x0000000000280000-0x000000000028A000-memory.dmp

    Filesize

    40KB

    Download