Overview

overview

10

Static

static

3

42a731d7e6...6a.exe

windows7-x64

10

42a731d7e6...6a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    161s
  • max time network
    173s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-01-2024 03:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42a731d7e6d098c83517d8c56b2b796a.exe

  • Size

    286KB

  • MD5

    42a731d7e6d098c83517d8c56b2b796a

  • SHA1

    e8d8a9067bf05e23eb9d3edfe690f314abbea6a9

  • SHA256

    ab762aa5935eec7c18899a7f7a8e19821c94c96ef695e4e7f26e19f9643e5f49

  • SHA512

    acde23cf806d9038516553de404ca31e6151176338aff921f741acc48dc0fed0164fc1de5f425325510d59d1f082c258cc5c16cd6a59dc17f3fe84d9f4abc60b

  • SSDEEP

    6144:K96AUpEAYtgry2sUJNsRP7OUjvFif0j0mTqsIq:dAwEAYtgrZJqBOYQf0jRMq

Score
10/10
gcleaneronlyloggerloader

Malware Config

Extracted

Family

gcleaner

C2

194.145.227.161

Signatures

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner
  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger
  • OnlyLogger payload 5 IoCs
  • Program crash 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\42a731d7e6d098c83517d8c56b2b796a.exe
    "C:\Users\Admin\AppData\Local\Temp\42a731d7e6d098c83517d8c56b2b796a.exe"
    1⤵
      PID:3768
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 628
        2⤵
        • Program crash
        PID:2848
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 620
        2⤵
        • Program crash
        PID:4864
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 728
        2⤵
        • Program crash
        PID:4076
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 800
        2⤵
        • Program crash
        PID:2360
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 728
        2⤵
        • Program crash
        PID:2612
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 1032
        2⤵
        • Program crash
        PID:3396
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 1068
        2⤵
        • Program crash
        PID:4996
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3768 -ip 3768
      1⤵
        PID:4440
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3768 -ip 3768
        1⤵
          PID:3052
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3768 -ip 3768
          1⤵
            PID:1228
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 3768 -ip 3768
            1⤵
              PID:1824
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3768 -ip 3768
              1⤵
                PID:1016
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3768 -ip 3768
                1⤵
                  PID:2772
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3768 -ip 3768
                  1⤵
                    PID:5052

                  Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • memory/3768-1-0x0000000002C90000-0x0000000002D90000-memory.dmp

                    Filesize

                    1024KB

                    Download

                  • memory/3768-2-0x00000000001C0000-0x00000000001EF000-memory.dmp

                    Filesize

                    188KB

                    Download

                  • memory/3768-3-0x0000000000400000-0x0000000002B53000-memory.dmp

                    Filesize

                    39.3MB

                    Download

                  • memory/3768-4-0x0000000000400000-0x0000000002B53000-memory.dmp

                    Filesize

                    39.3MB

                    Download

                  • memory/3768-6-0x0000000002C90000-0x0000000002D90000-memory.dmp

                    Filesize

                    1024KB

                    Download

                  • memory/3768-7-0x00000000001C0000-0x00000000001EF000-memory.dmp

                    Filesize

                    188KB

                    Download

                  • memory/3768-12-0x0000000000400000-0x0000000002B53000-memory.dmp

                    Filesize

                    39.3MB

                    Download