Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
24-05-2024 17:02
General
-
Target
6f35c9fc1ff4f6dc32392b3cf4272ab9_JaffaCakes118.exe
-
Size
257KB
-
MD5
6f35c9fc1ff4f6dc32392b3cf4272ab9
-
SHA1
29f77ff1873ae5706341a459013c22cb853f663f
-
SHA256
090926cf44cd5a1c424314e5c1dbd35e4d8e15c5b9d1f10f700768deecea410d
-
SHA512
f5322ca28c00484cf8448febf37d7f71063647a55d7a8ee03e28e5987ed0336133945c8a285a83fbacc3d2784c992771063155319838e99423c26539eb9be834
-
SSDEEP
6144:l+kxxqW+4U6Cu8fqs255X6tehCxyLnFGU3FU7Sv6:lLU6Yyr/BCxyLnFf3ms
Score
10/10
Malware Config
Signatures
-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6f35c9fc1ff4f6dc32392b3cf4272ab9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\6f35c9fc1ff4f6dc32392b3cf4272ab9_JaffaCakes118.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3016-1-0x0000000000630000-0x0000000000730000-memory.dmpFilesize
1024KB
-
memory/3016-2-0x0000000000220000-0x000000000026C000-memory.dmpFilesize
304KB
-
memory/3016-3-0x0000000000400000-0x000000000044E000-memory.dmpFilesize
312KB
-
memory/3016-4-0x0000000000400000-0x0000000000463000-memory.dmpFilesize
396KB
-
memory/3016-6-0x0000000000630000-0x0000000000730000-memory.dmpFilesize
1024KB
-
memory/3016-7-0x0000000000220000-0x000000000026C000-memory.dmpFilesize
304KB
-
memory/3016-8-0x0000000000400000-0x000000000044E000-memory.dmpFilesize
312KB