Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2024 17:37

General

  • Target

    6058db89a4f5614808a8e1a7ac77caab_JaffaCakes118.exe

  • Size

    212KB

  • MD5

    6058db89a4f5614808a8e1a7ac77caab

  • SHA1

    c1f726a5a96ef80fcdba7e60a64770f0802a8b0b

  • SHA256

    766e7abb4b88bebb9923b9657a446a0bb6be847d5d4c4be046ed248b9136626d

  • SHA512

    e74d635e2b26d7fc00419f8c747c84ddc9e3f8dfebaa8b60e6d4d187de930883c7e303fa400051a50bc2fb5ecf9ff5c3c48e9c6b9b404418529ddc84370620e5

  • SSDEEP

    3072:tpBIXcL1Iy+6Ak9lN5hnY7CQJPQTTlO9rlHSzQlufVWeoZgPU05kAv1emq4rOS:tXL1Z+l8RRQRyTA95SjWerd5OkO

Score
10/10

Malware Config

Signatures

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6058db89a4f5614808a8e1a7ac77caab_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6058db89a4f5614808a8e1a7ac77caab_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2424-1-0x00000000004D0000-0x00000000005D0000-memory.dmp

    Filesize

    1024KB

  • memory/2424-3-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

  • memory/2424-2-0x00000000002B0000-0x00000000002E8000-memory.dmp

    Filesize

    224KB

  • memory/2424-4-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

  • memory/2424-5-0x00000000004D0000-0x00000000005D0000-memory.dmp

    Filesize

    1024KB

  • memory/2424-7-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB