Overview

overview

10

Static

static

3

b11fa73625...33.exe

windows7-x64

10

b11fa73625...33.exe

windows10-1703-x64

10

b11fa73625...33.exe

windows10-2004-x64

10

b11fa73625...33.exe

windows11-21h2-x64

10

Resubmissions

07-01-2024 18:07

240107-wqj1bacef6 10

15-01-2022 08:36

220115-khlcmadggr 10

Analysis

  • max time kernel
    147s
  • max time network
    159s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    07-01-2024 18:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b11fa73625d6cba3dd6cf98467aea533.exe

  • Size

    419KB

  • MD5

    b11fa73625d6cba3dd6cf98467aea533

  • SHA1

    004d3169fb9b2b6daeec6425f6da98c99a3b63e0

  • SHA256

    d9cdd267e3c00ae4f70e60a45aa03f22b1a59b42526a692d0e5bde6b5f1b99d4

  • SHA512

    2bba5cfaeec13bda9ffb03a16d1c2af9d85be0ec13b00d9f79e3c4ffbd334a7db00addb5b52b4f89a84a8a57349e29115d93532f866d37b9914c6b832247fdea

  • SSDEEP

    6144:umHZ39YkgRaYfIIeWmfVjFsSX2/vwWJwQuuPkfwkaZeRJE1I7EOVqcEyrIXs:umHZ/cqx7sSX2nmQuSk7n8I4OVAyrI

Score
10/10
gcleaneronlyloggerloader

Malware Config

Extracted

Family

gcleaner

C2

web-stat.biz

Signatures

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner
  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger
  • OnlyLogger payload 1 IoCs
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b11fa73625d6cba3dd6cf98467aea533.exe
    "C:\Users\Admin\AppData\Local\Temp\b11fa73625d6cba3dd6cf98467aea533.exe"
    1⤵
      PID:1452
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 300
        2⤵
        • Program crash
        PID:964
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1452 -ip 1452
      1⤵
        PID:3200

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1452-1-0x00000000008D0000-0x00000000009D0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1452-2-0x0000000002470000-0x00000000024BC000-memory.dmp

        Filesize

        304KB

        Download