gcleaner | 486457c56d3ff4a221701cec92a995f47e28114b90f4f93be20e2ae750dec474

Analysis

max time kernel
133s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2024, 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

486457c56d3ff4a221701cec92a995f47e28114b90f4f93be20e2ae750dec474.exe
Size

333KB
MD5

3a91359cfba1f31496e053a00a442d73
SHA1

2631844102cc36bbd2ada58a30ba5f467191d1d6
SHA256

486457c56d3ff4a221701cec92a995f47e28114b90f4f93be20e2ae750dec474
SHA512

4da75779712555089f4ad98c4b04cfaaf04bb909f2ae36e90f12882e412830108541d952e0da8c1484d18a20460ac18dc3ac27710a4071b506d57f9ab370bd0c
SSDEEP

6144:IJUL9j8LXkJ+tnrxELRIStBSl/2j8ZITI7a:IA9j8LXI0VGRIStBSl/P/G

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

185.172.128.90

5.42.64.3

5.42.65.115

Signatures

GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
loader gcleaner
Downloads MZ/PE file

Program crash 8 IoCs

pid	pid_target	Process	procid_target
2260	1916	WerFault.exe	87
5016	1916	WerFault.exe	87
2192	1916	WerFault.exe	87
3588	1916	WerFault.exe	87
2112	1916	WerFault.exe	87
2540	1916	WerFault.exe	87
3716	1916	WerFault.exe	87
5116	1916	WerFault.exe	87

C:\Users\Admin\AppData\Local\Temp\486457c56d3ff4a221701cec92a995f47e28114b90f4f93be20e2ae750dec474.exe
"C:\Users\Admin\AppData\Local\Temp\486457c56d3ff4a221701cec92a995f47e28114b90f4f93be20e2ae750dec474.exe"
1⤵
PID:1916
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 740
  2⤵
  - Program crash
  PID:2260
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 748
  2⤵
  - Program crash
  PID:5016
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 748
  2⤵
  - Program crash
  PID:2192
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 784
  2⤵
  - Program crash
  PID:3588
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 904
  2⤵
  - Program crash
  PID:2112
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 904
  2⤵
  - Program crash
  PID:2540
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 1016
  2⤵
  - Program crash
  PID:3716
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 1300
  2⤵
  - Program crash
  PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 1916 -ip 1916
1⤵
PID:3928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1916 -ip 1916
1⤵
PID:2444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1916 -ip 1916
1⤵
PID:3596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 1916 -ip 1916
1⤵
PID:4612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1916 -ip 1916
1⤵
PID:2528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1916 -ip 1916
1⤵
PID:3432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 1916 -ip 1916
1⤵
PID:4072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1916 -ip 1916
1⤵
PID:4344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1916-1-0x0000000000DA0000-0x0000000000EA0000-memory.dmp

Filesize
1024KB

Download
memory/1916-2-0x0000000002840000-0x000000000287C000-memory.dmp

Filesize
240KB

Download
memory/1916-3-0x0000000000400000-0x0000000000AFC000-memory.dmp

Filesize
7.0MB

Download
memory/1916-6-0x0000000000400000-0x0000000000AFC000-memory.dmp

Filesize
7.0MB

Download
memory/1916-7-0x0000000002840000-0x000000000287C000-memory.dmp

Filesize
240KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads