Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    90s
  • max time network
    94s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25/03/2024, 21:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fec325edc9afbc447ee09519ad2f0d31e034d313bef94e4da20bf9ea48fb4ef3.exe

  • Size

    321KB

  • MD5

    85c432cb4c6075b1e6e323c66816b565

  • SHA1

    117e72c11589fcc00faf1e631790ee4b33f640ea

  • SHA256

    fec325edc9afbc447ee09519ad2f0d31e034d313bef94e4da20bf9ea48fb4ef3

  • SHA512

    7a144ca06624b87165c3875b978ff5969ccf191bfeca444b0fd344cf7205b81da4fb1212a1f558e1e79caed8d18ab4d6f7ab234f4fe28384172b761a02754b57

  • SSDEEP

    6144:p+KGmT1WEOjiRY3YejBoGITUFqkmVeEhN1SXJOeD3o2afO/:wKw9jiRWjaGITLZeYN1SXJOeD3do

Score
10/10
gcleanerloader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.3

5.42.65.115

Signatures

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner
  • Downloads MZ/PE file
  • Program crash 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fec325edc9afbc447ee09519ad2f0d31e034d313bef94e4da20bf9ea48fb4ef3.exe
    "C:\Users\Admin\AppData\Local\Temp\fec325edc9afbc447ee09519ad2f0d31e034d313bef94e4da20bf9ea48fb4ef3.exe"
    1⤵
      PID:3004
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 776
        2⤵
        • Program crash
        PID:2092
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 796
        2⤵
        • Program crash
        PID:1304
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 776
        2⤵
        • Program crash
        PID:4928
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 868
        2⤵
        • Program crash
        PID:3296
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 952
        2⤵
        • Program crash
        PID:1740
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 1076
        2⤵
        • Program crash
        PID:1732
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 1356
        2⤵
        • Program crash
        PID:2392
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 1344
        2⤵
        • Program crash
        PID:2324
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3004 -ip 3004
      1⤵
        PID:3596
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3004 -ip 3004
        1⤵
          PID:1480
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3004 -ip 3004
          1⤵
            PID:1992
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3004 -ip 3004
            1⤵
              PID:3748
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3004 -ip 3004
              1⤵
                PID:2320
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3004 -ip 3004
                1⤵
                  PID:4648
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3004 -ip 3004
                  1⤵
                    PID:3992
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 3004 -ip 3004
                    1⤵
                      PID:3440

                    Network

                    MITRE ATT&CK Matrix

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • memory/3004-1-0x00000000006A0000-0x00000000007A0000-memory.dmp

                      Filesize

                      1024KB

                      Download

                    • memory/3004-2-0x00000000023A0000-0x00000000023DC000-memory.dmp

                      Filesize

                      240KB

                      Download

                    • memory/3004-3-0x0000000000400000-0x0000000000554000-memory.dmp

                      Filesize

                      1.3MB

                      Download

                    • memory/3004-6-0x0000000000400000-0x0000000000554000-memory.dmp

                      Filesize

                      1.3MB

                      Download

                    • memory/3004-7-0x00000000023A0000-0x00000000023DC000-memory.dmp

                      Filesize

                      240KB

                      Download