Overview

overview

10

Static

static

3

a0527f548f...67.exe

windows7-x64

10

a0527f548f...67.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-06-2024 01:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a0527f548f6ed392f4d578d32ce5d75677492875b13a60a068e55f8ad6105267.exe

  • Size

    371KB

  • MD5

    8a531ac1850e79081759de09b70251db

  • SHA1

    1cc10eb949d449c7152ca0e3409d94b8d61db5d4

  • SHA256

    a0527f548f6ed392f4d578d32ce5d75677492875b13a60a068e55f8ad6105267

  • SHA512

    ecbc061a19c0c839f49ae790de0b38b34b582b34ce16095bf2ee3287745edc5823dbfc29fb84229bdc81c7b5c157c7f2eb80b01a236b8ac3e38d8e8493995efc

  • SSDEEP

    6144:qFbhWI22curenuAAH84PPt2cW5Gz4KvNGbtqSvTH:q/2orjbPPtr/YHH

Score
10/10
gcleanerloader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Signatures

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner
  • Program crash 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a0527f548f6ed392f4d578d32ce5d75677492875b13a60a068e55f8ad6105267.exe
    "C:\Users\Admin\AppData\Local\Temp\a0527f548f6ed392f4d578d32ce5d75677492875b13a60a068e55f8ad6105267.exe"
    1⤵
      PID:1328
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 452
        2⤵
        • Program crash
        PID:4960
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 512
        2⤵
        • Program crash
        PID:2216
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 748
        2⤵
        • Program crash
        PID:2548
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 768
        2⤵
        • Program crash
        PID:992
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 748
        2⤵
        • Program crash
        PID:3756
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 788
        2⤵
        • Program crash
        PID:4060
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 912
        2⤵
        • Program crash
        PID:1436
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 916
        2⤵
        • Program crash
        PID:1764
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 752
        2⤵
        • Program crash
        PID:3012
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1328 -ip 1328
      1⤵
        PID:3272
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1328 -ip 1328
        1⤵
          PID:3028
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1328 -ip 1328
          1⤵
            PID:3188
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1328 -ip 1328
            1⤵
              PID:2204
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1328 -ip 1328
              1⤵
                PID:2928
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1328 -ip 1328
                1⤵
                  PID:2004
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1328 -ip 1328
                  1⤵
                    PID:3604
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1328 -ip 1328
                    1⤵
                      PID:2176
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1328 -ip 1328
                      1⤵
                        PID:448

                      Network

                      MITRE ATT&CK Matrix

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • memory/1328-1-0x0000000000760000-0x0000000000860000-memory.dmp
                        Filesize

                        1024KB

                        Download
                      • memory/1328-2-0x00000000006E0000-0x000000000071C000-memory.dmp
                        Filesize

                        240KB

                        Download
                      • memory/1328-3-0x0000000000400000-0x0000000000440000-memory.dmp
                        Filesize

                        256KB

                        Download
                      • memory/1328-4-0x0000000000400000-0x000000000046E000-memory.dmp
                        Filesize

                        440KB

                        Download
                      • memory/1328-6-0x0000000000760000-0x0000000000860000-memory.dmp
                        Filesize

                        1024KB

                        Download
                      • memory/1328-7-0x0000000000400000-0x0000000000440000-memory.dmp
                        Filesize

                        256KB

                        Download