Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21-06-2024 05:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7b1aba84c56e0ba389be083eeb723fa58cd6b1b89ccd9da368aec078afe6815e.exe

  • Size

    313KB

  • MD5

    0ff1685cec809ef4ad6f87eaaa511469

  • SHA1

    4374b34338c6dbf9b86b32c9174836ee3689389b

  • SHA256

    7b1aba84c56e0ba389be083eeb723fa58cd6b1b89ccd9da368aec078afe6815e

  • SHA512

    5b61991b865b3c6a3959abc3b6f6b4e6ea575ecec3f1dbc3746c6858861cf0e2801a3a9719053a831bc27401b2841f70a135e88a8865102813496c036195f0a9

  • SSDEEP

    3072:IeXEKUxdeKCXf/x7GKKqbjxLorIHFapgCIHeYvEKeOiLDvmJQ39Sdu8gw/M87tf:5U1/Zcf/xCCCrzpgrxleFLDvmO9SEu/

Score
10/10
gcleanerloader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Signatures

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner
  • Program crash 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b1aba84c56e0ba389be083eeb723fa58cd6b1b89ccd9da368aec078afe6815e.exe
    "C:\Users\Admin\AppData\Local\Temp\7b1aba84c56e0ba389be083eeb723fa58cd6b1b89ccd9da368aec078afe6815e.exe"
    1⤵
      PID:4372
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 476
        2⤵
        • Program crash
        PID:244
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 480
        2⤵
        • Program crash
        PID:412
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 780
        2⤵
        • Program crash
        PID:1784
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 800
        2⤵
        • Program crash
        PID:4632
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 780
        2⤵
        • Program crash
        PID:4200
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 872
        2⤵
        • Program crash
        PID:3532
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 984
        2⤵
        • Program crash
        PID:3076
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 992
        2⤵
        • Program crash
        PID:4008
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 784
        2⤵
        • Program crash
        PID:3280
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4372 -ip 4372
      1⤵
        PID:3420
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 4372 -ip 4372
        1⤵
          PID:3276
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4372 -ip 4372
          1⤵
            PID:900
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4372 -ip 4372
            1⤵
              PID:4336
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4372 -ip 4372
              1⤵
                PID:5084
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4372 -ip 4372
                1⤵
                  PID:1652
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4372 -ip 4372
                  1⤵
                    PID:2836
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4372 -ip 4372
                    1⤵
                      PID:3520
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4372 -ip 4372
                      1⤵
                        PID:2420

                      Network

                      MITRE ATT&CK Matrix

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • memory/4372-1-0x0000000000600000-0x0000000000700000-memory.dmp

                        Filesize

                        1024KB

                        Download

                      • memory/4372-2-0x0000000002160000-0x000000000219C000-memory.dmp

                        Filesize

                        240KB

                        Download

                      • memory/4372-3-0x0000000000400000-0x0000000000440000-memory.dmp

                        Filesize

                        256KB

                        Download

                      • memory/4372-4-0x0000000000400000-0x0000000000458000-memory.dmp

                        Filesize

                        352KB

                        Download

                      • memory/4372-5-0x0000000000600000-0x0000000000700000-memory.dmp

                        Filesize

                        1024KB

                        Download

                      • memory/4372-7-0x0000000000400000-0x0000000000440000-memory.dmp

                        Filesize

                        256KB

                        Download