Overview

overview

10

Static

static

3

Oferta HOM...21.exe

windows7-x64

10

Oferta HOM...21.exe

windows10-2004-x64

10

attachment-2.js

windows7-x64

3

attachment-2.js

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-01-2025 18:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Oferta HOM 344210922_SP_10_22_2021.exe

  • Size

    112KB

  • MD5

    5fac9245b7fae38433da73da3b54698a

  • SHA1

    23c2bdd3f2b8117c5b3f144c8e3218058b44a1f4

  • SHA256

    e03eae0b9428b7da5f1011e80c47094bd5191f69696fa2d0fd90ec7d8fe4ea85

  • SHA512

    769b02b27ee17b52e24f9d69f2589c9cde65e2015a7b61678e5b7c7349b516dcf9e8f6324e29b6d3db8b582552d67753c52bbdec30b47dbb601c59259488d2eb

  • SSDEEP

    1536:M8YaaNys/DQblWLHS/czIOYZGBKjMZht8flRu3i9fVzba2QPX2f:n1Eys/8mSyIO8Qt8tXzVS

Score
10/10
guloaderdiscoverydownloader

Malware Config

Signatures

  • Guloader family
    guloader
  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Oferta HOM 344210922_SP_10_22_2021.exe
    "C:\Users\Admin\AppData\Local\Temp\Oferta HOM 344210922_SP_10_22_2021.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:3520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3520-2-0x0000000002240000-0x0000000002254000-memory.dmp

    Filesize

    80KB

    Download