Overview

overview

10

Static

static

3

c7a6d57fc3...2c.exe

windows7-x64

10

c7a6d57fc3...2c.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Nicaean/Ga...86.doc

windows7-x64

1

Nicaean/Ga...86.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    03-07-2024 02:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c7a6d57fc3d397c2b303477d8e1d4fea64fec51f46b0ddfad97a11527771702c.exe

  • Size

    853KB

  • MD5

    57dbc2be60ede5140738c720a629781c

  • SHA1

    b348e314c3f9be312725b23a0fecf491404caf66

  • SHA256

    c7a6d57fc3d397c2b303477d8e1d4fea64fec51f46b0ddfad97a11527771702c

  • SHA512

    8932c191f72eb089d346848164c36104e6114e39cdeed19d1e67a7546ce68f01d8fdadec2c6f9ce5a80915e5781631fd37018f9e57c3a1d54d677f2e9c6ae006

  • SSDEEP

    24576:N3mYVFbTdL3LgGStF2C/GVOoD5jQZj7/MJhmO:N3mYV9x3SH2C/EOEm7lO

Score
10/10
guloaderdownloader

Malware Config

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\c7a6d57fc3d397c2b303477d8e1d4fea64fec51f46b0ddfad97a11527771702c.exe
    "C:\Users\Admin\AppData\Local\Temp\c7a6d57fc3d397c2b303477d8e1d4fea64fec51f46b0ddfad97a11527771702c.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    PID:2860

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Common Files\hansson.ini
    Filesize

    43B

    MD5

    7e12fc067ec6fde7156ec11eeaab67b6

    SHA1

    789e752d7f5437c3f0ec58ad19f01f8a70b3ff12

    SHA256

    de7ad71debdcbe152a2f5cbd5aef0774cdc5e81d8aa5f8d708f1621ccb6625ac

    SHA512

    29e5863d536984d7ac250563665eeecec9e3e3d490dc24d82fdaa6b956fa1f328fd49b8e2716d5eebee298d39585afd63dcadd2897793f69076cc362b1f63101

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nso1315.tmp\System.dll
    Filesize

    12KB

    MD5

    6e55a6e7c3fdbd244042eb15cb1ec739

    SHA1

    070ea80e2192abc42f358d47b276990b5fa285a9

    SHA256

    acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506

    SHA512

    2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35

    Download Submit
  • memory/2860-231-0x0000000003AC0000-0x0000000006937000-memory.dmp
    Filesize

    46.5MB

    Download
  • memory/2860-232-0x0000000003AC0000-0x0000000006937000-memory.dmp
    Filesize

    46.5MB

    Download