Overview

overview

10

Static

static

3

590f546423...18.exe

windows7-x64

10

590f546423...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    129s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-10-2024 19:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    590f546423761972e4441b07762457c3_JaffaCakes118.exe

  • Size

    408KB

  • MD5

    590f546423761972e4441b07762457c3

  • SHA1

    190ac7ce94a98fd213b9039db05f1f24fa36dceb

  • SHA256

    794d2eb60364e0f5ddc9e557cf3e33b67666ed688580c15bd858a27871b184aa

  • SHA512

    3a5e16946e79246ba5973757066c392384dbdcd881f4e68aa881d08e1e6cefed4a77dd87a21e910600e6db3e01b4a65e3cf88b3407b4bb859794eef13f356789

  • SSDEEP

    6144:Ka9zHt2qx/TlV+DwMZ0k3cGLdq+cCZ0iRvQMksFiEbXj1/LYQSwfiMcALqTWbg:bHth5iDwMZNccdqwtFfNL8scALqab

Score
10/10
gcleaneronlyloggerdiscoveryloader

Malware Config

Extracted

Family

gcleaner

C2

ggc-partners.in

Signatures

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner
  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger
  • OnlyLogger payload 7 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\590f546423761972e4441b07762457c3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\590f546423761972e4441b07762457c3_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1288

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1288-1-0x00000000033F0000-0x00000000034F0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1288-2-0x0000000000220000-0x0000000000250000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1288-3-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1288-4-0x00000000033F0000-0x00000000034F0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1288-5-0x0000000000220000-0x0000000000250000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1288-7-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1288-6-0x0000000000400000-0x0000000003303000-memory.dmp

    Filesize

    47.0MB

    Download

  • memory/1288-18-0x0000000000400000-0x0000000003303000-memory.dmp

    Filesize

    47.0MB

    Download

  • memory/1288-19-0x0000000000400000-0x0000000003303000-memory.dmp

    Filesize

    47.0MB

    Download