Overview

overview

10

Static

static

3

f7fe253b2b...0e.exe

windows7-x64

10

f7fe253b2b...0e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-06-2024 09:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f7fe253b2b96cbd902ec708972de10d2d3d5146f6284d38dbcc5e49871c4e90e.exe

  • Size

    247KB

  • MD5

    d57fb6572ec7d05f3d588643c3bc0e81

  • SHA1

    8aef2c290a3f274085607b63547d7664d61d3cbd

  • SHA256

    f7fe253b2b96cbd902ec708972de10d2d3d5146f6284d38dbcc5e49871c4e90e

  • SHA512

    8040c9d52af4c895a51f86bec93275f9573ea73da12d6d0c416f5e080f3b891e88d13dcf63a72189a1fa232ae7f057cf4fc051d5c68f4e727035e53e303e533d

  • SSDEEP

    6144:C167iAzXCJ/Xw8682uWbewEspMQ2CCXxbqyOq:Cc7iAzXCJAmWS8Ir

Score
10/10
gcleanerloader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

185.172.128.69
Attributes
  • url_path

    /advdlc.php

Signatures

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner
  • Program crash 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f7fe253b2b96cbd902ec708972de10d2d3d5146f6284d38dbcc5e49871c4e90e.exe
    "C:\Users\Admin\AppData\Local\Temp\f7fe253b2b96cbd902ec708972de10d2d3d5146f6284d38dbcc5e49871c4e90e.exe"
    1⤵
      PID:2056
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 740
        2⤵
        • Program crash
        PID:872
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 740
        2⤵
        • Program crash
        PID:772
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 776
        2⤵
        • Program crash
        PID:2192
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 740
        2⤵
        • Program crash
        PID:4480
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 904
        2⤵
        • Program crash
        PID:3016
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 980
        2⤵
        • Program crash
        PID:436
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 744
        2⤵
        • Program crash
        PID:1012
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2056 -ip 2056
      1⤵
        PID:2156
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2056 -ip 2056
        1⤵
          PID:3044
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2056 -ip 2056
          1⤵
            PID:4200
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2056 -ip 2056
            1⤵
              PID:228
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2056 -ip 2056
              1⤵
                PID:2300
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2056 -ip 2056
                1⤵
                  PID:4168
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2056 -ip 2056
                  1⤵
                    PID:1392

                  Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • memory/2056-3-0x0000000000400000-0x000000000042F000-memory.dmp
                    Filesize

                    188KB

                    Download
                  • memory/2056-2-0x0000000002D60000-0x0000000002D8D000-memory.dmp
                    Filesize

                    180KB

                    Download
                  • memory/2056-1-0x0000000002DD0000-0x0000000002ED0000-memory.dmp
                    Filesize

                    1024KB

                    Download
                  • memory/2056-4-0x0000000000400000-0x0000000002BF6000-memory.dmp
                    Filesize

                    40.0MB

                    Download
                  • memory/2056-6-0x0000000002DD0000-0x0000000002ED0000-memory.dmp
                    Filesize

                    1024KB

                    Download