gcleaner | 1d0509fe53a1b78b58cc96fa3ff432091fa6269e290a3b0219a742a52ec70dd6

Analysis

max time kernel
30s
max time network
142s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
20/03/2024, 00:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d0509fe53a1b78b58cc96fa3ff432091fa6269e290a3b0219a742a52ec70dd6.exe
Size

314KB
MD5

be833d792a0326319a1c3f30d08b0c12
SHA1

57f351d3962044378b139e6e19befb7931aed68c
SHA256

1d0509fe53a1b78b58cc96fa3ff432091fa6269e290a3b0219a742a52ec70dd6
SHA512

3b57a0b08504b1ebfcd53a1e59a99c0bb4881cb95b30447a0e2200434bd78196775c90d4533138ed5c1ad4c8b2d413ce38b3139a78dc6cb400f6bab81f99f9c2
SSDEEP

6144:unPjFL+IXjC9khZZMakg7D8wh/RW3gAQ99riKVkk:iPjFL+ITskKk7owhQgT99rvVk

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

185.172.128.90

5.42.64.3

5.42.65.115

Signatures

GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
loader gcleaner
Downloads MZ/PE file

Program crash 8 IoCs

pid	pid_target	Process	procid_target
2160	2372	WerFault.exe	78
2288	2372	WerFault.exe	78
2896	2372	WerFault.exe	78
4340	2372	WerFault.exe	78
1560	2372	WerFault.exe	78
3140	2372	WerFault.exe	78
3312	2372	WerFault.exe	78
4992	2372	WerFault.exe	78

C:\Users\Admin\AppData\Local\Temp\1d0509fe53a1b78b58cc96fa3ff432091fa6269e290a3b0219a742a52ec70dd6.exe
"C:\Users\Admin\AppData\Local\Temp\1d0509fe53a1b78b58cc96fa3ff432091fa6269e290a3b0219a742a52ec70dd6.exe"
1⤵
PID:2372
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 776
  2⤵
  - Program crash
  PID:2160
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 820
  2⤵
  - Program crash
  PID:2288
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 840
  2⤵
  - Program crash
  PID:2896
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 880
  2⤵
  - Program crash
  PID:4340
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 952
  2⤵
  - Program crash
  PID:1560
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 964
  2⤵
  - Program crash
  PID:3140
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 1248
  2⤵
  - Program crash
  PID:3312
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 1368
  2⤵
  - Program crash
  PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2372 -ip 2372
1⤵
PID:2352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2372 -ip 2372
1⤵
PID:2364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2372 -ip 2372
1⤵
PID:3772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2372 -ip 2372
1⤵
PID:1460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2372 -ip 2372
1⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2372 -ip 2372
1⤵
PID:1568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2372 -ip 2372
1⤵
PID:1468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2372 -ip 2372
1⤵
PID:1492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2372-1-0x0000000000760000-0x0000000000860000-memory.dmp

Filesize
1024KB

Download
memory/2372-2-0x00000000023C0000-0x00000000023FC000-memory.dmp

Filesize
240KB

Download
memory/2372-3-0x0000000000400000-0x0000000000551000-memory.dmp

Filesize
1.3MB

Download
memory/2372-6-0x0000000000400000-0x0000000000551000-memory.dmp

Filesize
1.3MB

Download
memory/2372-7-0x00000000023C0000-0x00000000023FC000-memory.dmp

Filesize
240KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads