Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
-
submitted
10-06-2024 16:36
General
-
Target
e2070c7e677cfed329969d82463e584e4bca17c61ed634fec3a8c9b92e4a20b3.exe
-
Size
364KB
-
MD5
86d023325ff7425722dc4c2293258ee5
-
SHA1
3a71c5124ad649d1a2707f4796d79e1caccb07e9
-
SHA256
e2070c7e677cfed329969d82463e584e4bca17c61ed634fec3a8c9b92e4a20b3
-
SHA512
02e1bfa5ee4b7e4f2d0afec591f68662d02481ba4bd3aa25b789f0f007538b635aaaec008916cf07c7f2bc7f5c2bf115b5be79a25cd239fff603638c3c3046c3
-
SSDEEP
6144:20aHM2Rj+AyGfM/XO7P3sy/+BRpzDeTfFb4T:20aHLaAyG0/XO7P3N/+BbzDeT6
Score
10/10
Malware Config
Extracted
Family
gcleaner
C2
185.172.128.90
5.42.64.56
185.172.128.69
Signatures
-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Program crash 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e2070c7e677cfed329969d82463e584e4bca17c61ed634fec3a8c9b92e4a20b3.exe"C:\Users\Admin\AppData\Local\Temp\e2070c7e677cfed329969d82463e584e4bca17c61ed634fec3a8c9b92e4a20b3.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 4762⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 4882⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 7802⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 8202⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 7802⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 8722⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 9842⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 10722⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 7842⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3164 -ip 31641⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3164 -ip 31641⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 3164 -ip 31641⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3164 -ip 31641⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3164 -ip 31641⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3164 -ip 31641⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3164 -ip 31641⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3164 -ip 31641⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3164 -ip 31641⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3164-1-0x0000000000720000-0x0000000000820000-memory.dmpFilesize
1024KB
-
memory/3164-3-0x0000000000400000-0x0000000000440000-memory.dmpFilesize
256KB
-
memory/3164-2-0x0000000000A00000-0x0000000000A3C000-memory.dmpFilesize
240KB
-
memory/3164-4-0x0000000000400000-0x0000000000693000-memory.dmpFilesize
2.6MB
-
memory/3164-5-0x0000000000720000-0x0000000000820000-memory.dmpFilesize
1024KB
-
memory/3164-7-0x0000000000400000-0x0000000000440000-memory.dmpFilesize
256KB