Analysis
-
max time kernel
143s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
28-06-2024 09:44
Static task
static1
Behavioral task
behavioral1
Sample
19ab998678cac958a77b56a184542ef4_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
19ab998678cac958a77b56a184542ef4_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
19ab998678cac958a77b56a184542ef4_JaffaCakes118.exe
-
Size
373KB
-
MD5
19ab998678cac958a77b56a184542ef4
-
SHA1
f276e754de9070cceb49f8156d2cca3d6d6234f8
-
SHA256
559ff87a36f3da860eed67fa41844d1d73cdfbba466d8dd7c9664be3698d8e5c
-
SHA512
e3c1438e39a4157625d4c3cee34c9f6ac2f97f57798c0c03c1b301204872d17fcdb8f45de7d785e8e60a65f927cab63f3f240e644875e42b823fd4ddd5429335
-
SSDEEP
6144:Ch7BFTjgLcD6Pse5CqubrFzNl12SnClijtLgqJL6+OOhxxdeTr/ekI:CSgD63M5/FzIhijtBL68zxd6L
Malware Config
Extracted
gcleaner
gcl-page.biz
194.145.227.161
Signatures
-
OnlyLogger
A tiny loader that uses IPLogger to get its payload.
-
OnlyLogger payload 5 IoCs
Processes:
resource yara_rule behavioral1/memory/2072-3-0x0000000000400000-0x0000000000431000-memory.dmp family_onlylogger behavioral1/memory/2072-2-0x00000000003C0000-0x00000000003EF000-memory.dmp family_onlylogger behavioral1/memory/2072-4-0x0000000000400000-0x000000000046A000-memory.dmp family_onlylogger behavioral1/memory/2072-5-0x0000000000400000-0x000000000046A000-memory.dmp family_onlylogger behavioral1/memory/2072-7-0x0000000000400000-0x0000000000431000-memory.dmp family_onlylogger
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2072-1-0x0000000000250000-0x0000000000350000-memory.dmpFilesize
1024KB
-
memory/2072-3-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB
-
memory/2072-2-0x00000000003C0000-0x00000000003EF000-memory.dmpFilesize
188KB
-
memory/2072-4-0x0000000000400000-0x000000000046A000-memory.dmpFilesize
424KB
-
memory/2072-5-0x0000000000400000-0x000000000046A000-memory.dmpFilesize
424KB
-
memory/2072-6-0x0000000000250000-0x0000000000350000-memory.dmpFilesize
1024KB
-
memory/2072-7-0x0000000000400000-0x0000000000431000-memory.dmpFilesize
196KB