gcleaner | dec442f99b9cbc46799b4b1a416ec15cd90632a465c46470588552722481bdf0

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20-05-2024 00:33

Target

5c485539c2f24f1f8e54102a43c2df53_JaffaCakes118.exe
Size

423KB
MD5

5c485539c2f24f1f8e54102a43c2df53
SHA1

3aa9d1d789ff10811f21ba1110a00b8f8fccefbd
SHA256

dec442f99b9cbc46799b4b1a416ec15cd90632a465c46470588552722481bdf0
SHA512

b5ea9bd4213ca4504aa215dc6b34fe001e435c86ac84f8c6b46c247970a3084811b3a321d789ddd922dc539020aa773ab96017faabc5579a9c6d9e4daa03addc
SSDEEP

6144:KvMpHU5es68BZ/Fcba3tBIj0wKXapiFSK3VB3udzk46CGjpeC4tOOU1XuuB:lHD+LTdwZKS4+dWs3tODVB

Score

10^/10

gcleaner loader

GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
loader gcleaner
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

5c485539c2f24f1f8e54102a43c2df53_JaffaCakes118.exe

pid process

2080 5c485539c2f24f1f8e54102a43c2df53_JaffaCakes118.exe

pid	process
2080	5c485539c2f24f1f8e54102a43c2df53_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5c485539c2f24f1f8e54102a43c2df53_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5c485539c2f24f1f8e54102a43c2df53_JaffaCakes118.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2080

memory/2080-1-0x0000000000400000-0x0000000001400000-memory.dmp

Filesize
16.0MB

Download