Analysis Overview
SHA256
3b49430513d9eadc6a01d2314f81fe459c2bc136db14bcf21679f0271665a705
Threat Level: Known bad
The file 2f4e51dacadfa0f435684aea798967d63adea5f31e997cde89eed60ba4e9e364.zip was found to be: Known bad.
Malicious Activity Summary
GCleaner
Downloads MZ/PE file
Unsigned PE
Program crash
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-04-02 13:09
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-02 13:09
Reported
2024-04-02 13:12
Platform
win7-20240221-en
Max time kernel
117s
Max time network
122s
Command Line
Signatures
GCleaner
Downloads MZ/PE file
Processes
C:\Users\Admin\AppData\Local\Temp\2f4e51dacadfa0f435684aea798967d63adea5f31e997cde89eed60ba4e9e364.exe
"C:\Users\Admin\AppData\Local\Temp\2f4e51dacadfa0f435684aea798967d63adea5f31e997cde89eed60ba4e9e364.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download.visualstudio.microsoft.com | udp |
| FR | 68.232.34.200:80 | download.visualstudio.microsoft.com | tcp |
Files
memory/2772-1-0x0000000000620000-0x0000000000720000-memory.dmp
memory/2772-2-0x00000000002F0000-0x000000000032C000-memory.dmp
memory/2772-3-0x0000000000400000-0x0000000000554000-memory.dmp
memory/2772-5-0x0000000000620000-0x0000000000720000-memory.dmp
memory/2772-10-0x0000000000400000-0x0000000000554000-memory.dmp
memory/2772-11-0x0000000000620000-0x0000000000720000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-02 13:09
Reported
2024-04-02 13:12
Platform
win10v2004-20240226-en
Max time kernel
139s
Max time network
166s
Command Line
Signatures
GCleaner
Downloads MZ/PE file
Program crash
Processes
C:\Users\Admin\AppData\Local\Temp\2f4e51dacadfa0f435684aea798967d63adea5f31e997cde89eed60ba4e9e364.exe
"C:\Users\Admin\AppData\Local\Temp\2f4e51dacadfa0f435684aea798967d63adea5f31e997cde89eed60ba4e9e364.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4536 -ip 4536
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 752
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4536 -ip 4536
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 752
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4536 -ip 4536
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 752
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4536 -ip 4536
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 808
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4536 -ip 4536
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 904
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4536 -ip 4536
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 908
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4536 -ip 4536
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 1080
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.visualstudio.microsoft.com | udp |
| FR | 68.232.34.200:80 | download.visualstudio.microsoft.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.34.232.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.201.50.20.in-addr.arpa | udp |
Files
memory/4536-1-0x0000000000610000-0x0000000000710000-memory.dmp
memory/4536-2-0x0000000002190000-0x00000000021CC000-memory.dmp
memory/4536-3-0x0000000000400000-0x0000000000554000-memory.dmp
memory/4536-6-0x0000000000610000-0x0000000000710000-memory.dmp
memory/4536-7-0x0000000002190000-0x00000000021CC000-memory.dmp
memory/4536-9-0x0000000000400000-0x0000000000554000-memory.dmp
memory/4536-12-0x0000000000400000-0x0000000000554000-memory.dmp