Analysis
-
max time kernel
100s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20250619-en -
resource tags
arch:x64arch:x86image:win10v2004-20250619-enlocale:en-usos:windows10-2004-x64system -
submitted
02/07/2025, 19:22
Static task
static1
General
-
Target
SecuriteInfo.com.Win32.MalwareX-gen.10517.25410.exe
-
Size
4.8MB
-
MD5
7f27d225aa3f116880004186725b0a88
-
SHA1
c5cb2a6abb97a21b6c548bd17b4e20af6c2212b4
-
SHA256
147d8db1e9c0a4ff6ae8b02342054c3d9a8d4d7ea25ab3adea6641cde8c7d065
-
SHA512
1e698faeb4c399764461b2d651ab29d070cb2fca5f51acafafbfe79dac040fc5e40f8e3779538948faef0e8d888e5342a46bf8e87e3e5a23ae3d6b15da5d519d
-
SSDEEP
98304:QgfzwRx1KHRs4EQq9o/qAhWYLjj1ZZK9Rakzy:QSQ2s4EQ9hr/hqMkzy
Malware Config
Extracted
gcleaner
45.91.200.135
Signatures
-
Gcleaner family
-
Downloads MZ/PE file 1 IoCs
flow pid Process 70 3424 svchost015.exe -
Executes dropped EXE 1 IoCs
pid Process 3424 svchost015.exe -
Loads dropped DLL 1 IoCs
pid Process 3424 svchost015.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 4324 set thread context of 3424 4324 SecuriteInfo.com.Win32.MalwareX-gen.10517.25410.exe 88 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SecuriteInfo.com.Win32.MalwareX-gen.10517.25410.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost015.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 4324 wrote to memory of 3424 4324 SecuriteInfo.com.Win32.MalwareX-gen.10517.25410.exe 88 PID 4324 wrote to memory of 3424 4324 SecuriteInfo.com.Win32.MalwareX-gen.10517.25410.exe 88 PID 4324 wrote to memory of 3424 4324 SecuriteInfo.com.Win32.MalwareX-gen.10517.25410.exe 88 PID 4324 wrote to memory of 3424 4324 SecuriteInfo.com.Win32.MalwareX-gen.10517.25410.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.MalwareX-gen.10517.25410.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.MalwareX-gen.10517.25410.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4324 -
C:\Users\Admin\AppData\Local\Temp\svchost015.exeC:\Users\Admin\AppData\Local\Temp\svchost015.exe2⤵
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3424
-
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1B
MD5cfcd208495d565ef66e7dff9f98764da
SHA1b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA2565feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA51231bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99
-
Filesize
2.6MB
MD5ceeae1523c3864b719e820b75bf728aa
SHA1cf607927b6ef864a11bf7ebbcdbb59891d23d320
SHA2564e04e2fb20a9c6846b5d693ea67098214f77737f4f1f3df5f0c78594650e7f71
SHA512a06da3b96084040d49964b2227402ff1a2548ee5f1459df6b64bc6cbb271f19a00a798333e0f608d03c5a6de7355ae916309250204900117e3ef101f764d0f5f