Analysis
-
max time kernel
148s -
max time network
157s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
08-11-2024 01:51
Static task
static1
Behavioral task
behavioral1
Sample
Letter of Intent (LOI) For the Company November 2024 PDF.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Letter of Intent (LOI) For the Company November 2024 PDF.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
General
-
Target
Letter of Intent (LOI) For the Company November 2024 PDF.exe
-
Size
851KB
-
MD5
629be165860d2336755de85467756639
-
SHA1
af1da57d01a00bf942e127cce60fb4208bfd9795
-
SHA256
e9617a78c93e6d5cdc1087dfa6e9bf9d63406e05b6b01135c189242a7c33718c
-
SHA512
418f56a804212158033b1ae592cafeb8fa1c5a0d9506eb541beb7762c23ebfe5c61dbac8588c350816c229e9f6d77457e361423146874695976c1b8d9267cbff
-
SSDEEP
24576:ZNAsPMh+Cdd8509puHmATonQ1htKzWbGWO:dPMvA509pkonAhtHbnO
Malware Config
Signatures
-
Guloader family
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Loads dropped DLL 2 IoCs
Processes:
Letter of Intent (LOI) For the Company November 2024 PDF.exepid Process 2448 Letter of Intent (LOI) For the Company November 2024 PDF.exe 2448 Letter of Intent (LOI) For the Company November 2024 PDF.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
Processes:
Letter of Intent (LOI) For the Company November 2024 PDF.exeLetter of Intent (LOI) For the Company November 2024 PDF.exepid Process 2448 Letter of Intent (LOI) For the Company November 2024 PDF.exe 2176 Letter of Intent (LOI) For the Company November 2024 PDF.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
Letter of Intent (LOI) For the Company November 2024 PDF.exedescription pid Process procid_target PID 2448 set thread context of 2176 2448 Letter of Intent (LOI) For the Company November 2024 PDF.exe 29 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
Letter of Intent (LOI) For the Company November 2024 PDF.exeLetter of Intent (LOI) For the Company November 2024 PDF.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Letter of Intent (LOI) For the Company November 2024 PDF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Letter of Intent (LOI) For the Company November 2024 PDF.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
Processes:
Letter of Intent (LOI) For the Company November 2024 PDF.exepid Process 2448 Letter of Intent (LOI) For the Company November 2024 PDF.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
Letter of Intent (LOI) For the Company November 2024 PDF.exedescription pid Process procid_target PID 2448 wrote to memory of 2176 2448 Letter of Intent (LOI) For the Company November 2024 PDF.exe 29 PID 2448 wrote to memory of 2176 2448 Letter of Intent (LOI) For the Company November 2024 PDF.exe 29 PID 2448 wrote to memory of 2176 2448 Letter of Intent (LOI) For the Company November 2024 PDF.exe 29 PID 2448 wrote to memory of 2176 2448 Letter of Intent (LOI) For the Company November 2024 PDF.exe 29 PID 2448 wrote to memory of 2176 2448 Letter of Intent (LOI) For the Company November 2024 PDF.exe 29 PID 2448 wrote to memory of 2176 2448 Letter of Intent (LOI) For the Company November 2024 PDF.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\Letter of Intent (LOI) For the Company November 2024 PDF.exe"C:\Users\Admin\AppData\Local\Temp\Letter of Intent (LOI) For the Company November 2024 PDF.exe"1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2448 -
C:\Users\Admin\AppData\Local\Temp\Letter of Intent (LOI) For the Company November 2024 PDF.exe"C:\Users\Admin\AppData\Local\Temp\Letter of Intent (LOI) For the Company November 2024 PDF.exe"2⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
PID:2176
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5be2621a78a13a56cf09e00dd98488360
SHA175f0539dc6af200a07cdb056cddddec595c6cfd2
SHA256852047023ba0cae91c7a43365878613cfb4e64e36ff98c460e113d5088d68ef5
SHA512b80cf1f678e6885276b9a1bfd9227374b2eb9e38bb20446d52ebe2c3dba89764aa50cb4d49df51a974478f3364b5dbcbc5b4a16dc8f1123b40c89c01725be3d1