Analysis
-
max time kernel
143s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
14/06/2024, 20:38
General
-
Target
3c692224488efd43f8d0ee5618199c289ebbe50b43460b0106519fec4d5ec927.exe
-
Size
381KB
-
MD5
ca9810ac4f3ee0d374dfb80ce7428db2
-
SHA1
8b9e60293a076672fa45bb3a1f4a535e9bce9f80
-
SHA256
3c692224488efd43f8d0ee5618199c289ebbe50b43460b0106519fec4d5ec927
-
SHA512
5848cb206007c09138fd9b0a275f0f65e41182268ee0f6d1aea7ea8e66c629aec6eafffcfdb9bd306a558d0298eef73d86deb295b5c49b196abbfa196d621d8c
-
SSDEEP
6144:mIFL3VbVx3NbmoOQBa5+wd3SWP2kzC0qRlPq6b:ZbVbVx9b9OQBjOP2Q+q
Score
10/10
Malware Config
Extracted
Family
gcleaner
C2
185.172.128.90
185.172.128.69
Attributes
-
url_path
/advdlc.php
Signatures
-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Program crash 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3c692224488efd43f8d0ee5618199c289ebbe50b43460b0106519fec4d5ec927.exe"C:\Users\Admin\AppData\Local\Temp\3c692224488efd43f8d0ee5618199c289ebbe50b43460b0106519fec4d5ec927.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 7402⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 7842⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 8042⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 7842⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 9042⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 9802⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 7442⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5008 -ip 50081⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5008 -ip 50081⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 5008 -ip 50081⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 5008 -ip 50081⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5008 -ip 50081⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 5008 -ip 50081⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4488,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=3980 /prefetch:81⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 5008 -ip 50081⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1024KB
-
Filesize
188KB
-
Filesize
23.9MB
-
Filesize
1024KB