Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    291s
  • max time network
    261s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    13-06-2024 23:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c405c0cc45fd3ad0c7be46ec67a7c94bb0d07ee381f36a50ea170a215fdcdc33.exe

  • Size

    256KB

  • MD5

    81a8fefdf803a3e4ff0d94e17a427a0c

  • SHA1

    256a6618a92486211c32bc557141ff328032bcf6

  • SHA256

    c405c0cc45fd3ad0c7be46ec67a7c94bb0d07ee381f36a50ea170a215fdcdc33

  • SHA512

    849ae2ffc88ac129c17611b17e6266ed080f43d1badc7389cf3a0cf8fa681064505379461f0c5b4c8d26b71863ca47660fdd1faf2f83d92ef0d56fbef9ad3496

  • SSDEEP

    3072:D6vq3HIP+Wx2LKBzAvai+Z04Z6JjMCApI88mJijW0SEDinl/+gkog81L2zpxXLvr:WvGPvZ4XgK0SAinl2gGxpxbVBxa7cyT

Score
10/10
gcleanerloader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

185.172.128.69
Attributes
  • url_path

    /advdlc.php

Signatures

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner
  • Program crash 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c405c0cc45fd3ad0c7be46ec67a7c94bb0d07ee381f36a50ea170a215fdcdc33.exe
    "C:\Users\Admin\AppData\Local\Temp\c405c0cc45fd3ad0c7be46ec67a7c94bb0d07ee381f36a50ea170a215fdcdc33.exe"
    1⤵
      PID:2796
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 760
        2⤵
        • Program crash
        PID:1076
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 744
        2⤵
        • Program crash
        PID:4936
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 840
        2⤵
        • Program crash
        PID:4812
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 948
        2⤵
        • Program crash
        PID:4696
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 920
        2⤵
        • Program crash
        PID:2800
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 1112
        2⤵
        • Program crash
        PID:4620
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 1124
        2⤵
        • Program crash
        PID:820
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 1156
        2⤵
        • Program crash
        PID:4860

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2796-3-0x0000000000400000-0x000000000042F000-memory.dmp
      Filesize

      188KB

      Download
    • memory/2796-2-0x00000000007A0000-0x00000000007CD000-memory.dmp
      Filesize

      180KB

      Download
    • memory/2796-1-0x00000000006A0000-0x00000000007A0000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/2796-5-0x0000000000400000-0x0000000000671000-memory.dmp
      Filesize

      2.4MB

      Download
    • memory/2796-6-0x00000000006A0000-0x00000000007A0000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/2796-8-0x0000000000400000-0x000000000042F000-memory.dmp
      Filesize

      188KB

      Download