Analysis
-
max time kernel
133s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
28-06-2024 01:27
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
139083be148d63b991b7848b116f93d1.exe
Resource
win7-20240419-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
139083be148d63b991b7848b116f93d1.exe
Resource
win10v2004-20240611-en
3 signatures
150 seconds
General
-
Target
139083be148d63b991b7848b116f93d1.exe
-
Size
108KB
-
MD5
139083be148d63b991b7848b116f93d1
-
SHA1
8528b44ee3086b209eebdb08c6b3cc5ed5a40fab
-
SHA256
e0268648dddfc680d9a6a9445b8d7fa07667c42be6ed9dfefaabea1e792e387b
-
SHA512
6e3ccb2809108ff0ea9ffb4239371aa5dabadbd710c4af80b9e8975c3aa30b5c410cd0cc94d6a2fa8ae6da368bb9e742d941734d280610979cc8caefffea1a47
-
SSDEEP
1536:wq9kCxG1zdcaKw1LCwVa4S49WsSzTdCh+G7qwB:wldc7EuKWov
Score
10/10
Malware Config
Extracted
Family
guloader
C2
http://www.aussieadrenaline.com/yh/janomo_iMWOx126.bin
xor.base64
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Guloader payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/836-2-0x00000000022C0000-0x00000000022CC000-memory.dmp family_guloader -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
139083be148d63b991b7848b116f93d1.exepid process 836 139083be148d63b991b7848b116f93d1.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/836-2-0x00000000022C0000-0x00000000022CC000-memory.dmpFilesize
48KB