Analysis
-
max time kernel
147s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
02/04/2024, 13:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4af89e5a1cfa894ce90b1a5acb94abd36e90339e92c137d2f77d59c2e1efdb6f.exe
Resource
win7-20240221-en
2 signatures
150 seconds
General
-
Target
4af89e5a1cfa894ce90b1a5acb94abd36e90339e92c137d2f77d59c2e1efdb6f.exe
-
Size
366KB
-
MD5
c2aab8150d3d763706fbe02fe07f8aa1
-
SHA1
96f231a59c8bfb43aa78aa43501973a52919b7df
-
SHA256
4af89e5a1cfa894ce90b1a5acb94abd36e90339e92c137d2f77d59c2e1efdb6f
-
SHA512
27a09c6ad7400a2bc7252d8a10180c56b0bf23656638f50e901ea4ba27037c0b31ef7770ae108b33b9f0baf61d5ec37a2834c2768a5f95a3c5e3c5b5692dae40
-
SSDEEP
6144:CAY8rOF+nQq97PgSKA9XncgrLZEeMlFjT:CR8ru+nJ7YEXcgrLZNGF3
Malware Config
Extracted
Family
gcleaner
C2
185.172.128.90
5.42.64.3
5.42.65.115
Signatures
-
Downloads MZ/PE file
-
Program crash 8 IoCs
pid pid_target Process procid_target 1568 3700 WerFault.exe 83 1648 3700 WerFault.exe 83 1260 3700 WerFault.exe 83 2988 3700 WerFault.exe 83 4912 3700 WerFault.exe 83 748 3700 WerFault.exe 83 3552 3700 WerFault.exe 83 4636 3700 WerFault.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\4af89e5a1cfa894ce90b1a5acb94abd36e90339e92c137d2f77d59c2e1efdb6f.exe"C:\Users\Admin\AppData\Local\Temp\4af89e5a1cfa894ce90b1a5acb94abd36e90339e92c137d2f77d59c2e1efdb6f.exe"1⤵PID:3700
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 7402⤵
- Program crash
PID:1568
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 7482⤵
- Program crash
PID:1648
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 7442⤵
- Program crash
PID:1260
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 8522⤵
- Program crash
PID:2988
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 8402⤵
- Program crash
PID:4912
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 9802⤵
- Program crash
PID:748
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 7882⤵
- Program crash
PID:3552
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 9522⤵
- Program crash
PID:4636
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3700 -ip 37001⤵PID:2520
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3700 -ip 37001⤵PID:4956
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3700 -ip 37001⤵PID:4896
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3700 -ip 37001⤵PID:4644
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3700 -ip 37001⤵PID:4944
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3700 -ip 37001⤵PID:1980
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3700 -ip 37001⤵PID:3476
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3700 -ip 37001⤵PID:1176