Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

3659d9af87...18.exe

windows7-x64

10

3659d9af87...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    10/07/2024, 20:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3659d9af87a662dcd23aa95129a8a18a_JaffaCakes118.exe

  • Size

    302KB

  • MD5

    3659d9af87a662dcd23aa95129a8a18a

  • SHA1

    65c09ed0e94bc1c0753c73b43bee3c038805e942

  • SHA256

    3a90812055ef0af5675ec83402e35ad35e74f8922bd99e01002ba9f8f760d73a

  • SHA512

    18136f1f76b6eb8b2d10ebc28b8a13156abaecf7faf972546d939d4b2b2859b2e29036d7d3ced429586212848a8b27c05536e3b8215d5557a1d44cc5edb04382

  • SSDEEP

    6144:5vpfBGU88YNSSpAMwpTBZTJYr/MZ+5Xol60MXK1vsy:5hpL88YFpaFdzZ+hoLIKN5

Score
10/10
gcleaneronlyloggerloader

Malware Config

Extracted

Family

gcleaner

C2

gcl-page.biz

194.145.227.161

Signatures

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner
  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger
  • OnlyLogger payload 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3659d9af87a662dcd23aa95129a8a18a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3659d9af87a662dcd23aa95129a8a18a_JaffaCakes118.exe"
    1⤵
      PID:3020

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3020-3-0x0000000000400000-0x0000000000431000-memory.dmp

      Filesize

      196KB

      Download

    • memory/3020-2-0x0000000000220000-0x000000000024F000-memory.dmp

      Filesize

      188KB

      Download

    • memory/3020-1-0x00000000009C0000-0x0000000000AC0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/3020-4-0x0000000000400000-0x000000000087B000-memory.dmp

      Filesize

      4.5MB

      Download

    • memory/3020-6-0x00000000009C0000-0x0000000000AC0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/3020-9-0x0000000000400000-0x000000000087B000-memory.dmp

      Filesize

      4.5MB

      Download