Analysis
-
max time kernel
92s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
13-12-2024 02:10
Static task
static1
Behavioral task
behavioral1
Sample
dececa666d83bb8f036784aeba5c2597172e79f72070cbb6c6b9d4767b42ddb1.exe
Resource
win7-20241023-en
General
-
Target
dececa666d83bb8f036784aeba5c2597172e79f72070cbb6c6b9d4767b42ddb1.exe
-
Size
2.9MB
-
MD5
0c53afecbbd3f407b034f4cc00cf1312
-
SHA1
e403b62044287540ab7686656a98561f9b959ecc
-
SHA256
dececa666d83bb8f036784aeba5c2597172e79f72070cbb6c6b9d4767b42ddb1
-
SHA512
d796f40d4581462bc29374cb8a1164ea8af58107e8be1b19e6a85faff0cc66c080f2e0656243dccb8dd6198ff474e4e9e50e3bc7ab04edd1c480be3041e370a1
-
SSDEEP
49152:9m8e/DRmWNtmMOWIzLpfJP4/c+gGwzXCCAcM5dzDcoe9:pe/DRmWNtmMZIzLpfJQ/TgGwzXCCAcM6
Malware Config
Extracted
gcleaner
62.197.136.41
87.251.71.107
62.197.136.196
2.56.57.69
-
url_path
/i.php
/get.php
/setup.php
/setup.php
Signatures
-
Gcleaner family
-
Program crash 1 IoCs
pid pid_target Process procid_target 3208 2016 WerFault.exe 81 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language dececa666d83bb8f036784aeba5c2597172e79f72070cbb6c6b9d4767b42ddb1.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\dececa666d83bb8f036784aeba5c2597172e79f72070cbb6c6b9d4767b42ddb1.exe"C:\Users\Admin\AppData\Local\Temp\dececa666d83bb8f036784aeba5c2597172e79f72070cbb6c6b9d4767b42ddb1.exe"1⤵
- System Location Discovery: System Language Discovery
PID:2016 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 7802⤵
- Program crash
PID:3208
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2016 -ip 20161⤵PID:2960