Overview

overview

10

Static

static

3

8e6d0a1483...6f.exe

windows7-x64

10

8e6d0a1483...6f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    171s
  • max time network
    185s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 12:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e6d0a14833bf00bcbcaa0492855996f.exe

  • Size

    280KB

  • MD5

    8e6d0a14833bf00bcbcaa0492855996f

  • SHA1

    d778bb8ef2d2f5e5a78f24ed0b4706169fadc73e

  • SHA256

    61299e2bc72f636830b6507ef2c359ec51c0ad519cd44c4678005090b85c26e7

  • SHA512

    c23991bc1b1e608fe9237f25516b04646deb27185a8c56217b5a87802d30ffd87c91884a47ac4bba9fcb05565acc1f4b2b66a86d15f0ac18bb2dbdac90031212

  • SSDEEP

    6144:iGk6MwF3TlX34uOKOZGO2qJMIVoxeqPsy3:ZRTlX34cOZGOlJMIVqD

Score
10/10
gcleaneronlyloggerloader

Malware Config

Extracted

Family

gcleaner

C2

194.145.227.161

Signatures

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner
  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger
  • OnlyLogger payload 4 IoCs
  • Program crash 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e6d0a14833bf00bcbcaa0492855996f.exe
    "C:\Users\Admin\AppData\Local\Temp\8e6d0a14833bf00bcbcaa0492855996f.exe"
    1⤵
      PID:2348
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 620
        2⤵
        • Program crash
        PID:3616
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 656
        2⤵
        • Program crash
        PID:1608
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 744
        2⤵
        • Program crash
        PID:3272
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 748
        2⤵
        • Program crash
        PID:1964
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 832
        2⤵
        • Program crash
        PID:2240
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 1016
        2⤵
        • Program crash
        PID:2760
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 1028
        2⤵
        • Program crash
        PID:3056
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 1072
        2⤵
        • Program crash
        PID:4060
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2348 -ip 2348
      1⤵
        PID:2672
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2348 -ip 2348
        1⤵
          PID:2400
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 2348 -ip 2348
          1⤵
            PID:2872
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 2348 -ip 2348
            1⤵
              PID:1772
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2348 -ip 2348
              1⤵
                PID:4076
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 2348 -ip 2348
                1⤵
                  PID:4424
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2348 -ip 2348
                  1⤵
                    PID:4576
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2348 -ip 2348
                    1⤵
                      PID:2016

                    Network

                    MITRE ATT&CK Matrix

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • memory/2348-1-0x0000000002D80000-0x0000000002E80000-memory.dmp

                      Filesize

                      1024KB

                      Download

                    • memory/2348-2-0x0000000002CE0000-0x0000000002D0F000-memory.dmp

                      Filesize

                      188KB

                      Download

                    • memory/2348-3-0x0000000000400000-0x0000000002B51000-memory.dmp

                      Filesize

                      39.3MB

                      Download

                    • memory/2348-4-0x0000000000400000-0x0000000002B51000-memory.dmp

                      Filesize

                      39.3MB

                      Download

                    • memory/2348-6-0x0000000002D80000-0x0000000002E80000-memory.dmp

                      Filesize

                      1024KB

                      Download

                    • memory/2348-7-0x0000000002CE0000-0x0000000002D0F000-memory.dmp

                      Filesize

                      188KB

                      Download