Overview

overview

10

Static

static

3

fa586e99c8...18.exe

windows7-x64

10

fa586e99c8...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/04/2024, 12:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fa586e99c8ab70b0cabafd3590ba3048_JaffaCakes118.exe

  • Size

    351KB

  • MD5

    fa586e99c8ab70b0cabafd3590ba3048

  • SHA1

    afb14e3bf00bdf57e2c321e34cf00b45fbad830a

  • SHA256

    1175ebdd0113fd93eadaa2bf5b3633981e4b9606ee52b8dccff2a3ef9dce297b

  • SHA512

    af657e8309d76b62d517da0d91e4885a2ba0f1816ad5e70f4291124027b346ab8d69874c8ed57ed570d4ebe4849e0cc5a2495bc6829ae88eafa1ae297dbde440

  • SSDEEP

    6144:VRp0rKNJkQ2vwzkIIZwpfGQJCyr3tN/dwcn45zfKGSmkbsf0+qouPZX:ZkKnkQ2v5IIxQJTGc4zKGSaR5uxX

Score
10/10
gcleaneronlyloggerloader

Malware Config

Signatures

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner
  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger
  • OnlyLogger payload 4 IoCs
  • Program crash 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fa586e99c8ab70b0cabafd3590ba3048_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fa586e99c8ab70b0cabafd3590ba3048_JaffaCakes118.exe"
    1⤵
      PID:3732
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 440
        2⤵
        • Program crash
        PID:2052
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 640
        2⤵
        • Program crash
        PID:4352
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 680
        2⤵
        • Program crash
        PID:2296
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 800
        2⤵
        • Program crash
        PID:3372
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 796
        2⤵
        • Program crash
        PID:2492
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 1016
        2⤵
        • Program crash
        PID:456
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 1072
        2⤵
        • Program crash
        PID:1412
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 1644
        2⤵
        • Program crash
        PID:1460
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3732 -ip 3732
      1⤵
        PID:3784
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3732 -ip 3732
        1⤵
          PID:388
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3732 -ip 3732
          1⤵
            PID:4820
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3732 -ip 3732
            1⤵
              PID:8
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3732 -ip 3732
              1⤵
                PID:4496
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3732 -ip 3732
                1⤵
                  PID:3304
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3732 -ip 3732
                  1⤵
                    PID:2484
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3732 -ip 3732
                    1⤵
                      PID:2640

                    Network

                    MITRE ATT&CK Matrix

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • memory/3732-1-0x0000000000A50000-0x0000000000B50000-memory.dmp

                      Filesize

                      1024KB

                      Download

                    • memory/3732-2-0x00000000001C0000-0x00000000001F0000-memory.dmp

                      Filesize

                      192KB

                      Download

                    • memory/3732-3-0x0000000000400000-0x000000000090E000-memory.dmp

                      Filesize

                      5.1MB

                      Download

                    • memory/3732-5-0x0000000000A50000-0x0000000000B50000-memory.dmp

                      Filesize

                      1024KB

                      Download

                    • memory/3732-7-0x00000000001C0000-0x00000000001F0000-memory.dmp

                      Filesize

                      192KB

                      Download

                    • memory/3732-17-0x0000000000400000-0x000000000090E000-memory.dmp

                      Filesize

                      5.1MB

                      Download