gcleaner | 41fede371f902185e2ad1e00eb4e2780fd79572af19c9c64e6d9bfea9e2ae565

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 11:49

Target

d1dd5311cf63a16c5041b4f495e15044_JaffaCakes118.exe
Size

443KB
MD5

d1dd5311cf63a16c5041b4f495e15044
SHA1

984d011ba18eec2fd34367ac770ea10dde574e51
SHA256

41fede371f902185e2ad1e00eb4e2780fd79572af19c9c64e6d9bfea9e2ae565
SHA512

f971e8bbd1b7e6d3866367e7a27cc380ce342e44dc290ed954f884f83972d78741e02e50be0b4b4537b45c193f07904e7e2e3a9246880999b7ce4142f8ce148d
SSDEEP

12288:kaTgnMvVi60EBSSe1JElXR64kJX4qy5Z:ksgMvViTkS11JErpkJX4qA

Score

10^/10

gcleaner loader upx

GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
loader gcleaner

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2308-0-0x0000000000400000-0x00000000007E6000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\d1dd5311cf63a16c5041b4f495e15044_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d1dd5311cf63a16c5041b4f495e15044_JaffaCakes118.exe"
1⤵
PID:2308

memory/2308-0-0x0000000000400000-0x00000000007E6000-memory.dmp

Filesize
3.9MB

Download
memory/2308-2-0x0000000000860000-0x0000000000960000-memory.dmp

Filesize
1024KB

Download
memory/2308-3-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/2308-7-0x0000000000860000-0x0000000000960000-memory.dmp

Filesize
1024KB

Download
memory/2308-6-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/2308-5-0x0000000000400000-0x00000000007E6000-memory.dmp

Filesize
3.9MB

Download