gcleaner | 1d0509fe53a1b78b58cc96fa3ff432091fa6269e290a3b0219a742a52ec70dd6

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20/03/2024, 00:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d0509fe53a1b78b58cc96fa3ff432091fa6269e290a3b0219a742a52ec70dd6.exe
Size

314KB
MD5

be833d792a0326319a1c3f30d08b0c12
SHA1

57f351d3962044378b139e6e19befb7931aed68c
SHA256

1d0509fe53a1b78b58cc96fa3ff432091fa6269e290a3b0219a742a52ec70dd6
SHA512

3b57a0b08504b1ebfcd53a1e59a99c0bb4881cb95b30447a0e2200434bd78196775c90d4533138ed5c1ad4c8b2d413ce38b3139a78dc6cb400f6bab81f99f9c2
SSDEEP

6144:unPjFL+IXjC9khZZMakg7D8wh/RW3gAQ99riKVkk:iPjFL+ITskKk7owhQgT99rvVk

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

185.172.128.90

5.42.64.3

5.42.65.115

Signatures

GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
loader gcleaner
Downloads MZ/PE file

Program crash 8 IoCs

pid	pid_target	Process	procid_target
3076	2804	WerFault.exe	88
3180	2804	WerFault.exe	88
2784	2804	WerFault.exe	88
1068	2804	WerFault.exe	88
4488	2804	WerFault.exe	88
1944	2804	WerFault.exe	88
2620	2804	WerFault.exe	88
2348	2804	WerFault.exe	88

C:\Users\Admin\AppData\Local\Temp\1d0509fe53a1b78b58cc96fa3ff432091fa6269e290a3b0219a742a52ec70dd6.exe
"C:\Users\Admin\AppData\Local\Temp\1d0509fe53a1b78b58cc96fa3ff432091fa6269e290a3b0219a742a52ec70dd6.exe"
1⤵
PID:2804
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 744
  2⤵
  - Program crash
  PID:3076
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 752
  2⤵
  - Program crash
  PID:3180
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 816
  2⤵
  - Program crash
  PID:2784
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 776
  2⤵
  - Program crash
  PID:1068
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 904
  2⤵
  - Program crash
  PID:4488
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 976
  2⤵
  - Program crash
  PID:1944
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 1124
  2⤵
  - Program crash
  PID:2620
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 1312
  2⤵
  - Program crash
  PID:2348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2804 -ip 2804
1⤵
PID:688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2804 -ip 2804
1⤵
PID:4008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 2804 -ip 2804
1⤵
PID:912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2804 -ip 2804
1⤵
PID:1096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2804 -ip 2804
1⤵
PID:3536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2804 -ip 2804
1⤵
PID:2360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2804 -ip 2804
1⤵
PID:3060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2804 -ip 2804
1⤵
PID:2816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2804-1-0x00000000005B0000-0x00000000006B0000-memory.dmp

Filesize
1024KB

Download
memory/2804-2-0x00000000006E0000-0x000000000071C000-memory.dmp

Filesize
240KB

Download
memory/2804-3-0x0000000000400000-0x0000000000551000-memory.dmp

Filesize
1.3MB

Download
memory/2804-6-0x0000000000400000-0x0000000000551000-memory.dmp

Filesize
1.3MB

Download
memory/2804-7-0x00000000006E0000-0x000000000071C000-memory.dmp

Filesize
240KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads