gcleaner | cce226a84a0393a972b17f217c61ccd01a62b6c5a93bcb3c3e0adbd9c9db4d77

Analysis

max time kernel
291s
max time network
300s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
13-06-2024 23:58

Target

cce226a84a0393a972b17f217c61ccd01a62b6c5a93bcb3c3e0adbd9c9db4d77.exe
Size

332KB
MD5

3bd647f38fd5f3b4e518f768996fb523
SHA1

8f695366962f3d90940efcec09f5f545c075675c
SHA256

cce226a84a0393a972b17f217c61ccd01a62b6c5a93bcb3c3e0adbd9c9db4d77
SHA512

feee799c43f9e31e07b2057a3d14a946612eb6ff911f251e5edaf460777c7c2f70dcc1bb9a33926af70d2a007d11c20d6860b96fdec3b5d8a170d2d23e2a705a
SSDEEP

3072:PibgZo1+3pLVnLDqJk8hH8DWdJDN9H5DAhh5C5Q0OQeTnJXvtcu4T9+:3o1Ovy1xdHvAhh52zDeTNFb4T

Score

10^/10

gcleaner loader

Family

gcleaner

185.172.128.90

185.172.128.69

Attributes

GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
loader gcleaner

Program crash 8 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2784	4676	WerFault.exe	cce226a84a0393a972b17f217c61ccd01a62b6c5a93bcb3c3e0adbd9c9db4d77.exe
5116	4676	WerFault.exe	cce226a84a0393a972b17f217c61ccd01a62b6c5a93bcb3c3e0adbd9c9db4d77.exe
4860	4676	WerFault.exe	cce226a84a0393a972b17f217c61ccd01a62b6c5a93bcb3c3e0adbd9c9db4d77.exe
96	4676	WerFault.exe	cce226a84a0393a972b17f217c61ccd01a62b6c5a93bcb3c3e0adbd9c9db4d77.exe
3588	4676	WerFault.exe	cce226a84a0393a972b17f217c61ccd01a62b6c5a93bcb3c3e0adbd9c9db4d77.exe
4104	4676	WerFault.exe	cce226a84a0393a972b17f217c61ccd01a62b6c5a93bcb3c3e0adbd9c9db4d77.exe
1424	4676	WerFault.exe	cce226a84a0393a972b17f217c61ccd01a62b6c5a93bcb3c3e0adbd9c9db4d77.exe
4368	4676	WerFault.exe	cce226a84a0393a972b17f217c61ccd01a62b6c5a93bcb3c3e0adbd9c9db4d77.exe

C:\Users\Admin\AppData\Local\Temp\cce226a84a0393a972b17f217c61ccd01a62b6c5a93bcb3c3e0adbd9c9db4d77.exe
"C:\Users\Admin\AppData\Local\Temp\cce226a84a0393a972b17f217c61ccd01a62b6c5a93bcb3c3e0adbd9c9db4d77.exe"
1⤵
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 764
2⤵
- Program crash
PID:2784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 748
2⤵
- Program crash
PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 844
2⤵
- Program crash
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 912
2⤵
- Program crash
PID:96

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 976
2⤵
- Program crash
PID:3588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 1096
2⤵
- Program crash
PID:4104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 1164
2⤵
- Program crash
PID:1424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 1136
2⤵
- Program crash
PID:4368

memory/4676-1-0x0000000000740000-0x0000000000840000-memory.dmp

Filesize
1024KB

Download
memory/4676-2-0x00000000006F0000-0x000000000071D000-memory.dmp

Filesize
180KB

Download
memory/4676-3-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4676-5-0x0000000000400000-0x000000000068B000-memory.dmp

Filesize
2.5MB

Download
memory/4676-7-0x0000000000740000-0x0000000000840000-memory.dmp

Filesize
1024KB

Download
memory/4676-8-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download