Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/07/2024, 11:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1d9d3a2475130acac4c93c053b598152607f43ab3f8278d24f9baf72dd5e7d72.exe

  • Size

    287KB

  • MD5

    6567e8f03d6943510e84981f676840e9

  • SHA1

    8bcd68e58ec2179a5b1d1e25d9a8312e02227f77

  • SHA256

    1d9d3a2475130acac4c93c053b598152607f43ab3f8278d24f9baf72dd5e7d72

  • SHA512

    b3ed7b7f36d38f2abe2581eeda24f4f514bb4b22ddd5a2ad2b2e3dab65107c4534d7f746db664926ac9638a6b235f540ab893022d55c36fc65af3fe9c5680c12

  • SSDEEP

    6144:4X196z7NHgOdDZLLtQrrzpJw6ajvhO2eEbHkW:4X19y7qeNLEzpCdjvSE

Score
10/10
gcleanerloader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

77.105.160.30

185.172.128.69

Signatures

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner
  • Program crash 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d9d3a2475130acac4c93c053b598152607f43ab3f8278d24f9baf72dd5e7d72.exe
    "C:\Users\Admin\AppData\Local\Temp\1d9d3a2475130acac4c93c053b598152607f43ab3f8278d24f9baf72dd5e7d72.exe"
    1⤵
      PID:1436
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 456
        2⤵
        • Program crash
        PID:920
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 492
        2⤵
        • Program crash
        PID:1344
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 752
        2⤵
        • Program crash
        PID:4188
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 752
        2⤵
        • Program crash
        PID:4804
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 808
        2⤵
        • Program crash
        PID:4024
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 844
        2⤵
        • Program crash
        PID:2020
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 912
        2⤵
        • Program crash
        PID:1656
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 1008
        2⤵
        • Program crash
        PID:2916
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 756
        2⤵
        • Program crash
        PID:3264
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1436 -ip 1436
      1⤵
        PID:1116
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1436 -ip 1436
        1⤵
          PID:2492
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1436 -ip 1436
          1⤵
            PID:4868
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1436 -ip 1436
            1⤵
              PID:4244
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1436 -ip 1436
              1⤵
                PID:452
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1436 -ip 1436
                1⤵
                  PID:1508
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1436 -ip 1436
                  1⤵
                    PID:3672
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 1436 -ip 1436
                    1⤵
                      PID:1880
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1436 -ip 1436
                      1⤵
                        PID:3768

                      Network

                      MITRE ATT&CK Matrix

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • memory/1436-1-0x0000000002AC0000-0x0000000002BC0000-memory.dmp

                        Filesize

                        1024KB

                        Download

                      • memory/1436-2-0x0000000004570000-0x00000000045AC000-memory.dmp

                        Filesize

                        240KB

                        Download

                      • memory/1436-3-0x0000000000400000-0x0000000000440000-memory.dmp

                        Filesize

                        256KB

                        Download

                      • memory/1436-4-0x0000000000400000-0x000000000282F000-memory.dmp

                        Filesize

                        36.2MB

                        Download

                      • memory/1436-6-0x0000000002AC0000-0x0000000002BC0000-memory.dmp

                        Filesize

                        1024KB

                        Download

                      • memory/1436-7-0x0000000004570000-0x00000000045AC000-memory.dmp

                        Filesize

                        240KB

                        Download

                      • memory/1436-8-0x0000000000400000-0x0000000000440000-memory.dmp

                        Filesize

                        256KB

                        Download