guloader | 714d2a7d4f7dc0201091e513d96bd3fcb23fa8ee121627d15d937edee0796673

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-11-2024 09:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

714d2a7d4f7dc0201091e513d96bd3fcb23fa8ee121627d15d937edee0796673.exe
Size

112KB
MD5

34515b1aa294605667bbbb2cd0f798f8
SHA1

8e8b5ffa4d2a4f7e1009277f76fa4b6fd37be3c3
SHA256

714d2a7d4f7dc0201091e513d96bd3fcb23fa8ee121627d15d937edee0796673
SHA512

59e202caff11cf7079ae5c44e11fae0e832f171c9795fc2a5c392bea9edc6445ae163ee5e13b92e9f44c90be999199a2b7c9377addd6c8f485d2b7c6db35698f
SSDEEP

1536:qNeEPspGLeZWP1pJg2qaQp4YAg91puj3GP8pff5:qNdKhQtpJg4QtAG1pWFpp

Score

10^/10

guloader discovery downloader

Malware Config

Signatures

Guloader family
guloader
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

714d2a7d4f7dc0201091e513d96bd3fcb23fa8ee121627d15d937edee0796673.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	714d2a7d4f7dc0201091e513d96bd3fcb23fa8ee121627d15d937edee0796673.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

714d2a7d4f7dc0201091e513d96bd3fcb23fa8ee121627d15d937edee0796673.exe

pid process

2528 714d2a7d4f7dc0201091e513d96bd3fcb23fa8ee121627d15d937edee0796673.exe

pid	process
2528	714d2a7d4f7dc0201091e513d96bd3fcb23fa8ee121627d15d937edee0796673.exe

C:\Users\Admin\AppData\Local\Temp\714d2a7d4f7dc0201091e513d96bd3fcb23fa8ee121627d15d937edee0796673.exe
"C:\Users\Admin\AppData\Local\Temp\714d2a7d4f7dc0201091e513d96bd3fcb23fa8ee121627d15d937edee0796673.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2528-2-0x0000000000360000-0x0000000000374000-memory.dmp

Filesize
80KB

Download