Overview

overview

10

Static

static

3

dd303f9c85...6c.exe

windows7-x64

10

dd303f9c85...6c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    156s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/03/2024, 14:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    dd303f9c85073861ab77863814c1ffe48e3d46fec126f2be246837ee7930ff6c.exe

  • Size

    2.2MB

  • MD5

    40e9952d6086854aeae86431ca387a1c

  • SHA1

    f9b0087ec6e2531d0483aacaea893f90a06b1357

  • SHA256

    dd303f9c85073861ab77863814c1ffe48e3d46fec126f2be246837ee7930ff6c

  • SHA512

    18d8b9cc4598a71ac200d1a307eadf46869fa6480723dc14f5127b06bfefeb29b02328995dec9ac21ac5f3f5158b55a8e53a08b74fc378b20cbbaf51f8e34dea

  • SSDEEP

    24576:YP3h/JPd0bJ60h7xyGWHPApPK0aTvYrbtpnSk763jc+Sd/1UuN3XzPQVwqU:YPhr0bvh7xyGmJTYbOk763jc+0NTn

Score
10/10
gcleanerloader

Malware Config

Extracted

Family

gcleaner

C2

85.31.45.39

85.31.45.250

85.31.45.251

85.31.45.88
Attributes
  • url_path

    /b.php

    /d.php

    /d.php

Signatures

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

Processes

  • C:\Users\Admin\AppData\Local\Temp\dd303f9c85073861ab77863814c1ffe48e3d46fec126f2be246837ee7930ff6c.exe
    "C:\Users\Admin\AppData\Local\Temp\dd303f9c85073861ab77863814c1ffe48e3d46fec126f2be246837ee7930ff6c.exe"
    1⤵
      PID:4012
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3792 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:2128

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/4012-0-0x0000000000400000-0x000000000143F000-memory.dmp

              Filesize

              16.2MB

              Download

            • memory/4012-1-0x0000000000400000-0x000000000143F000-memory.dmp

              Filesize

              16.2MB

              Download

            • memory/4012-2-0x0000000000400000-0x000000000143F000-memory.dmp

              Filesize

              16.2MB

              Download

            • memory/4012-4-0x0000000000400000-0x000000000143F000-memory.dmp

              Filesize

              16.2MB

              Download