Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...4c.exe

windows7-x64

10

JaffaCakes...4c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/01/2025, 08:32 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_97d32591342b217475d97f573fce9b4c.exe

  • Size

    382KB

  • MD5

    97d32591342b217475d97f573fce9b4c

  • SHA1

    eae87d5a63f830f4418ab18df3d77ac76ea77583

  • SHA256

    22ce5c4c7ac68256b9aa6805a89c2e8a91124929183e8428cd87d8faa6cef1cd

  • SHA512

    0dc436b7e6fda187f65b4cbbdb5f93842a2b54d72fa7eaf3e484e58d01818221a5df009721a679a1af0b305cce2d371c9a977d15d63f328c8ad0dc1574bc0b4d

  • SSDEEP

    6144:oZxtEtOv2Lk4dWzch7Q5GdATqyOFG/d5KnRn0XcBLj+/d6:Cv2Lk4dWzk7QU2TqyOodIRn0Xmn46

Score
10/10
gcleaneronlyloggerdiscoveryloader

Malware Config

Extracted

Family

gcleaner

C2

ggg-cl.biz

45.9.20.13

Signatures

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner
  • Gcleaner family
    gcleaner
  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger
  • Onlylogger family
    onlylogger
  • OnlyLogger payload 5 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_97d32591342b217475d97f573fce9b4c.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_97d32591342b217475d97f573fce9b4c.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3020

Network

  • flag-us
    DNS
    ggg-cl.biz
    JaffaCakes118_97d32591342b217475d97f573fce9b4c.exe
    Remote address:
    8.8.8.8:53
    Request
    ggg-cl.biz
    IN A
    Response
  • 45.9.20.13:80
    JaffaCakes118_97d32591342b217475d97f573fce9b4c.exe
    152 B
     3
  • 45.9.20.13:80
    JaffaCakes118_97d32591342b217475d97f573fce9b4c.exe
    152 B
     3
  • 45.9.20.13:80
    JaffaCakes118_97d32591342b217475d97f573fce9b4c.exe
    152 B
     3
  • 45.9.20.13:80
    JaffaCakes118_97d32591342b217475d97f573fce9b4c.exe
    152 B
     3
  • 45.9.20.13:80
    JaffaCakes118_97d32591342b217475d97f573fce9b4c.exe
    152 B
     3
  • 45.9.20.13:80
    JaffaCakes118_97d32591342b217475d97f573fce9b4c.exe
    152 B
     3
  • 45.9.20.13:80
    JaffaCakes118_97d32591342b217475d97f573fce9b4c.exe
    152 B
     3
  • 8.8.8.8:53
    ggg-cl.biz
    dns
    JaffaCakes118_97d32591342b217475d97f573fce9b4c.exe
    56 B
     118 B
     1
    1

    DNS Request

    ggg-cl.biz

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3020-1-0x0000000001B20000-0x0000000001C20000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/3020-2-0x0000000000220000-0x000000000024F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3020-3-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

  • memory/3020-4-0x0000000001B20000-0x0000000001C20000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/3020-5-0x0000000000220000-0x000000000024F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3020-7-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

  • memory/3020-6-0x0000000000400000-0x00000000016D3000-memory.dmp

    Filesize

    18.8MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.