Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/03/2024, 00:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1d0509fe53a1b78b58cc96fa3ff432091fa6269e290a3b0219a742a52ec70dd6.exe

  • Size

    314KB

  • MD5

    be833d792a0326319a1c3f30d08b0c12

  • SHA1

    57f351d3962044378b139e6e19befb7931aed68c

  • SHA256

    1d0509fe53a1b78b58cc96fa3ff432091fa6269e290a3b0219a742a52ec70dd6

  • SHA512

    3b57a0b08504b1ebfcd53a1e59a99c0bb4881cb95b30447a0e2200434bd78196775c90d4533138ed5c1ad4c8b2d413ce38b3139a78dc6cb400f6bab81f99f9c2

  • SSDEEP

    6144:unPjFL+IXjC9khZZMakg7D8wh/RW3gAQ99riKVkk:iPjFL+ITskKk7owhQgT99rvVk

Score
10/10
gcleanerloader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.3

5.42.65.115

Signatures

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner
  • Downloads MZ/PE file
  • Program crash 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d0509fe53a1b78b58cc96fa3ff432091fa6269e290a3b0219a742a52ec70dd6.exe
    "C:\Users\Admin\AppData\Local\Temp\1d0509fe53a1b78b58cc96fa3ff432091fa6269e290a3b0219a742a52ec70dd6.exe"
    1⤵
      PID:2804
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 744
        2⤵
        • Program crash
        PID:3076
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 752
        2⤵
        • Program crash
        PID:3180
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 816
        2⤵
        • Program crash
        PID:2784
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 776
        2⤵
        • Program crash
        PID:1068
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 904
        2⤵
        • Program crash
        PID:4488
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 976
        2⤵
        • Program crash
        PID:1944
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 1124
        2⤵
        • Program crash
        PID:2620
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 1312
        2⤵
        • Program crash
        PID:2348
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2804 -ip 2804
      1⤵
        PID:688
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2804 -ip 2804
        1⤵
          PID:4008
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 2804 -ip 2804
          1⤵
            PID:912
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2804 -ip 2804
            1⤵
              PID:1096
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2804 -ip 2804
              1⤵
                PID:3536
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2804 -ip 2804
                1⤵
                  PID:2360
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2804 -ip 2804
                  1⤵
                    PID:3060
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2804 -ip 2804
                    1⤵
                      PID:2816

                    Network

                    MITRE ATT&CK Matrix

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • memory/2804-1-0x00000000005B0000-0x00000000006B0000-memory.dmp

                      Filesize

                      1024KB

                      Download

                    • memory/2804-2-0x00000000006E0000-0x000000000071C000-memory.dmp

                      Filesize

                      240KB

                      Download

                    • memory/2804-3-0x0000000000400000-0x0000000000551000-memory.dmp

                      Filesize

                      1.3MB

                      Download

                    • memory/2804-6-0x0000000000400000-0x0000000000551000-memory.dmp

                      Filesize

                      1.3MB

                      Download

                    • memory/2804-7-0x00000000006E0000-0x000000000071C000-memory.dmp

                      Filesize

                      240KB

                      Download