gcleaner | dd4a3debbde85897c2254f7f784819aa7d49bbbf699bd62b521eea018bf8e264

Analysis

max time kernel
291s
max time network
264s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
14-06-2024 00:01

Target

dd4a3debbde85897c2254f7f784819aa7d49bbbf699bd62b521eea018bf8e264.exe
Size

387KB
MD5

d9d25e962511c6b579710ccc9b0322e9
SHA1

52b93d3935297dafc6c1b96bc2c06e25d74f4a75
SHA256

dd4a3debbde85897c2254f7f784819aa7d49bbbf699bd62b521eea018bf8e264
SHA512

e2267b95bdec0616693f6f1e158faf0f7ad4d6cd1b0d8a9990b12acc30f6a11d9fd5e751243e995643e1007420997bc263f560a543bcacec77712d3d226ef42b
SSDEEP

6144:j0L5ptLeCLeGZevoTf9y3ix0zuOZl9hqeW:o1p5RLeGZevKBxNu

Score

10^/10

gcleaner loader

Family

gcleaner

185.172.128.90

185.172.128.69

Attributes

GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
loader gcleaner

Program crash 8 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1116	164	WerFault.exe	dd4a3debbde85897c2254f7f784819aa7d49bbbf699bd62b521eea018bf8e264.exe
5112	164	WerFault.exe	dd4a3debbde85897c2254f7f784819aa7d49bbbf699bd62b521eea018bf8e264.exe
3548	164	WerFault.exe	dd4a3debbde85897c2254f7f784819aa7d49bbbf699bd62b521eea018bf8e264.exe
3308	164	WerFault.exe	dd4a3debbde85897c2254f7f784819aa7d49bbbf699bd62b521eea018bf8e264.exe
424	164	WerFault.exe	dd4a3debbde85897c2254f7f784819aa7d49bbbf699bd62b521eea018bf8e264.exe
1808	164	WerFault.exe	dd4a3debbde85897c2254f7f784819aa7d49bbbf699bd62b521eea018bf8e264.exe
5044	164	WerFault.exe	dd4a3debbde85897c2254f7f784819aa7d49bbbf699bd62b521eea018bf8e264.exe
4528	164	WerFault.exe	dd4a3debbde85897c2254f7f784819aa7d49bbbf699bd62b521eea018bf8e264.exe

C:\Users\Admin\AppData\Local\Temp\dd4a3debbde85897c2254f7f784819aa7d49bbbf699bd62b521eea018bf8e264.exe
"C:\Users\Admin\AppData\Local\Temp\dd4a3debbde85897c2254f7f784819aa7d49bbbf699bd62b521eea018bf8e264.exe"
1⤵
PID:164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 164 -s 764
2⤵
- Program crash
PID:1116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 164 -s 804
2⤵
- Program crash
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 164 -s 896
2⤵
- Program crash
PID:3548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 164 -s 1008
2⤵
- Program crash
PID:3308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 164 -s 808
2⤵
- Program crash
PID:424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 164 -s 1112
2⤵
- Program crash
PID:1808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 164 -s 1156
2⤵
- Program crash
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 164 -s 1132
2⤵
- Program crash
PID:4528

memory/164-2-0x0000000001E40000-0x0000000001E6D000-memory.dmp

Filesize
180KB

Download
memory/164-1-0x0000000001EB0000-0x0000000001FB0000-memory.dmp

Filesize
1024KB

Download
memory/164-3-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/164-5-0x0000000000400000-0x0000000001BDC000-memory.dmp

Filesize
23.9MB

Download
memory/164-8-0x0000000001E40000-0x0000000001E6D000-memory.dmp

Filesize
180KB

Download
memory/164-7-0x0000000001EB0000-0x0000000001FB0000-memory.dmp

Filesize
1024KB

Download
memory/164-9-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download