Overview

overview

10

Static

static

3

(Subcontra...I.docx

windows7-x64

4

(Subcontra...I.docx

windows10-2004-x64

1

RFQ_SPC-NF...v0.exe

windows7-x64

7

RFQ_SPC-NF...v0.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

GDesktopEn...0.html

windows7-x64

3

GDesktopEn...0.html

windows10-2004-x64

3

Honer/Ocul...et.exe

windows7-x64

1

Honer/Ocul...et.exe

windows10-2004-x64

1

Honer/Ocul...MC.dll

windows7-x64

3

Honer/Ocul...MC.dll

windows10-2004-x64

3

RFQ_packag...v0.exe

windows7-x64

10

RFQ_packag...v0.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Delsystems...MC.dll

windows7-x64

3

Delsystems...MC.dll

windows10-2004-x64

3

GDesktopEn...0.html

windows7-x64

3

GDesktopEn...0.html

windows10-2004-x64

3

dotnet.exe

windows7-x64

1

dotnet.exe

windows10-2004-x64

1

RFQ_packag...v0.exe

windows7-x64

7

RFQ_packag...v0.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Drmnds/Dal...et.exe

windows7-x64

1

Drmnds/Dal...et.exe

windows10-2004-x64

1

Greatheart...0.html

windows7-x64

3

Greatheart...0.html

windows10-2004-x64

3

Multihandi...MC.dll

windows7-x64

3

Multihandi...MC.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    93s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-12-2024 18:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RFQ_package for-Quality specs-rev0.exe

  • Size

    592KB

  • MD5

    a08f6db49e14e9e2be0eb5228636adc2

  • SHA1

    cf18f7e6a6600949ab0eeacfb2533e0adac21942

  • SHA256

    3b2827d7692e9324b81a858367060f21cf89810033c65db07cc3a4efdb5a055f

  • SHA512

    632ddb59e604ef0f46578a0015a6e74655058092722c7719bfd7b0cf689888a8bf80034ceb456e4792123ac8ae368bba6ab220369e51ae8ebd8aaf9723b1abdb

  • SSDEEP

    12288:qQ6ZVl5pODnwTHvFlh0jKBAni0ZUoWangUhfIC+Ug:qQ6ZVdODATh5bnUny

Score
10/10
guloaderdiscoverydownloader

Malware Config

Signatures

  • Guloader family
    guloader
  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Loads dropped DLL 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\RFQ_package for-Quality specs-rev0.exe
    "C:\Users\Admin\AppData\Local\Temp\RFQ_package for-Quality specs-rev0.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:4460

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsz923F.tmp\System.dll
    Filesize

    11KB

    MD5

    8b3830b9dbf87f84ddd3b26645fed3a0

    SHA1

    223bef1f19e644a610a0877d01eadc9e28299509

    SHA256

    f004c568d305cd95edbd704166fcd2849d395b595dff814bcc2012693527ac37

    SHA512

    d13cfd98db5ca8dc9c15723eee0e7454975078a776bce26247228be4603a0217e166058ebadc68090afe988862b7514cb8cb84de13b3de35737412a6f0a8ac03

    Download Submit

  • memory/4460-15-0x00000000033C0000-0x00000000034C1000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4460-16-0x00000000033C0000-0x00000000034C1000-memory.dmp

    Filesize

    1.0MB

    Download