gcleaner | 6a4f4fcee06b413caa01c7c151a8f8fa6b6d244af60a2edf3f8dc70d07fa0a93

Analysis

max time kernel
148s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
27-03-2024 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a4f4fcee06b413caa01c7c151a8f8fa6b6d244af60a2edf3f8dc70d07fa0a93.exe
Size

290KB
MD5

e33cad8c67775059139d544c5a8b9c1d
SHA1

b2547c78d22c4974b5dc84479684bae392738294
SHA256

6a4f4fcee06b413caa01c7c151a8f8fa6b6d244af60a2edf3f8dc70d07fa0a93
SHA512

3a0398f1d91399577497adfd21d2ed0da03b5d011861d7a5fc085776346859980afa03ad385b559caba261cffed36663e7323521ca1457eafb4749556eb9cb8a
SSDEEP

6144:s4cpVaPk9r5TiD0dpmWzG709qhXWriXgie53:EpVaPk92oqQIBWife

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

185.172.128.90

5.42.64.3

5.42.65.115

Signatures

GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
loader gcleaner
Downloads MZ/PE file

Program crash 8 IoCs

pid	pid_target	Process	procid_target
3312	1152	WerFault.exe	77
5084	1152	WerFault.exe	77
3340	1152	WerFault.exe	77
2956	1152	WerFault.exe	77
3352	1152	WerFault.exe	77
1380	1152	WerFault.exe	77
1836	1152	WerFault.exe	77
2808	1152	WerFault.exe	77

C:\Users\Admin\AppData\Local\Temp\6a4f4fcee06b413caa01c7c151a8f8fa6b6d244af60a2edf3f8dc70d07fa0a93.exe
"C:\Users\Admin\AppData\Local\Temp\6a4f4fcee06b413caa01c7c151a8f8fa6b6d244af60a2edf3f8dc70d07fa0a93.exe"
1⤵
PID:1152
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 776
  2⤵
  - Program crash
  PID:3312
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 796
  2⤵
  - Program crash
  PID:5084
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 796
  2⤵
  - Program crash
  PID:3340
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 848
  2⤵
  - Program crash
  PID:2956
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 952
  2⤵
  - Program crash
  PID:3352
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 1060
  2⤵
  - Program crash
  PID:1380
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 1348
  2⤵
  - Program crash
  PID:1836
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 1336
  2⤵
  - Program crash
  PID:2808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1152 -ip 1152
1⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 1152 -ip 1152
1⤵
PID:3864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1152 -ip 1152
1⤵
PID:2612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1152 -ip 1152
1⤵
PID:228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1152 -ip 1152
1⤵
PID:2896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1152 -ip 1152
1⤵
PID:4464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1152 -ip 1152
1⤵
PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 1152 -ip 1152
1⤵
PID:3912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1152-1-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1152-2-0x0000000002390000-0x00000000023CC000-memory.dmp

Filesize
240KB

Download
memory/1152-3-0x0000000000400000-0x000000000054C000-memory.dmp

Filesize
1.3MB

Download
memory/1152-6-0x0000000000400000-0x000000000054C000-memory.dmp

Filesize
1.3MB

Download
memory/1152-7-0x0000000002390000-0x00000000023CC000-memory.dmp

Filesize
240KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads