Overview

overview

10

Static

static

3

Letter of ...DF.exe

windows7-x64

10

Letter of ...DF.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    95s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-11-2024 03:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Letter of Intent (LOI) For the Company November 2024 PDF.exe

  • Size

    851KB

  • MD5

    629be165860d2336755de85467756639

  • SHA1

    af1da57d01a00bf942e127cce60fb4208bfd9795

  • SHA256

    e9617a78c93e6d5cdc1087dfa6e9bf9d63406e05b6b01135c189242a7c33718c

  • SHA512

    418f56a804212158033b1ae592cafeb8fa1c5a0d9506eb541beb7762c23ebfe5c61dbac8588c350816c229e9f6d77457e361423146874695976c1b8d9267cbff

  • SSDEEP

    24576:ZNAsPMh+Cdd8509puHmATonQ1htKzWbGWO:dPMvA509pkonAhtHbnO

Score
10/10
guloaderdiscoverydownloader

Malware Config

Signatures

  • Guloader family
    guloader
  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Loads dropped DLL 2 IoCs
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Letter of Intent (LOI) For the Company November 2024 PDF.exe
    "C:\Users\Admin\AppData\Local\Temp\Letter of Intent (LOI) For the Company November 2024 PDF.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:3136
    • C:\Users\Admin\AppData\Local\Temp\Letter of Intent (LOI) For the Company November 2024 PDF.exe
      "C:\Users\Admin\AppData\Local\Temp\Letter of Intent (LOI) For the Company November 2024 PDF.exe"
      2⤵
      • Suspicious use of NtCreateThreadExHideFromDebugger
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2208

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsoB557.tmp\System.dll
    Filesize

    11KB

    MD5

    be2621a78a13a56cf09e00dd98488360

    SHA1

    75f0539dc6af200a07cdb056cddddec595c6cfd2

    SHA256

    852047023ba0cae91c7a43365878613cfb4e64e36ff98c460e113d5088d68ef5

    SHA512

    b80cf1f678e6885276b9a1bfd9227374b2eb9e38bb20446d52ebe2c3dba89764aa50cb4d49df51a974478f3364b5dbcbc5b4a16dc8f1123b40c89c01725be3d1

    Download Submit

  • memory/2208-48-0x00000000775D1000-0x00000000776F1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2208-37-0x0000000077658000-0x0000000077659000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-54-0x0000000001660000-0x0000000002C05000-memory.dmp

    Filesize

    21.6MB

    Download

  • memory/2208-53-0x0000000000400000-0x0000000001654000-memory.dmp

    Filesize

    18.3MB

    Download

  • memory/2208-45-0x0000000001660000-0x0000000002C05000-memory.dmp

    Filesize

    21.6MB

    Download

  • memory/2208-36-0x0000000001660000-0x0000000002C05000-memory.dmp

    Filesize

    21.6MB

    Download

  • memory/2208-50-0x0000000000400000-0x0000000001654000-memory.dmp

    Filesize

    18.3MB

    Download

  • memory/2208-38-0x0000000077675000-0x0000000077676000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-34-0x0000000000400000-0x0000000001654000-memory.dmp

    Filesize

    18.3MB

    Download

  • memory/2208-46-0x0000000000400000-0x0000000001654000-memory.dmp

    Filesize

    18.3MB

    Download

  • memory/2208-47-0x0000000000400000-0x0000000001654000-memory.dmp

    Filesize

    18.3MB

    Download

  • memory/2208-49-0x0000000000400000-0x0000000001654000-memory.dmp

    Filesize

    18.3MB

    Download

  • memory/3136-31-0x00000000041F0000-0x0000000005795000-memory.dmp

    Filesize

    21.6MB

    Download

  • memory/3136-32-0x00000000775D1000-0x00000000776F1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/3136-35-0x00000000041F0000-0x0000000005795000-memory.dmp

    Filesize

    21.6MB

    Download

  • memory/3136-33-0x0000000010004000-0x0000000010005000-memory.dmp

    Filesize

    4KB

    Download