Analysis
-
max time kernel
140s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
16-05-2024 10:39
Behavioral task
behavioral1
Sample
4aa9dfe5f96e03baa8993ced17d5556d_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
4aa9dfe5f96e03baa8993ced17d5556d_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
4aa9dfe5f96e03baa8993ced17d5556d_JaffaCakes118.exe
-
Size
114KB
-
MD5
4aa9dfe5f96e03baa8993ced17d5556d
-
SHA1
27d297e9707e346696ce7eed2d19350b3c8306d3
-
SHA256
019d7dafcfcd9588d9b09042d57c24d9a8de6270573fab285a27fc3711066fc1
-
SHA512
4dad9ebfca9c855b275676129e9aea2e1fb4331755f229482c19daa8da7fd3b74f6c02e1940d68a8ad15578803bf9a8f3d802fef98f40b66e63ffc7038000fe0
-
SSDEEP
1536:44qYAQntAt59qZQI0DMrqNKTGgbfw+Wqcr7QFQG4ekLajPTlm5A3B+eKx0W:rApte0DsaK6gbY++5NKhcjx0W
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage 2 IoCs
Processes:
resource yara_rule \Program Files\Common Files\Microsoft Shared\MSInfo\SysInfo1.dll modiloader_stage2 behavioral1/memory/1700-3-0x0000000000400000-0x0000000000423000-memory.dmp modiloader_stage2 -
Loads dropped DLL 1 IoCs
Processes:
4aa9dfe5f96e03baa8993ced17d5556d_JaffaCakes118.exepid process 1700 4aa9dfe5f96e03baa8993ced17d5556d_JaffaCakes118.exe -
Drops file in Program Files directory 1 IoCs
Processes:
4aa9dfe5f96e03baa8993ced17d5556d_JaffaCakes118.exedescription ioc process File created C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysInfo1.dll 4aa9dfe5f96e03baa8993ced17d5556d_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
4aa9dfe5f96e03baa8993ced17d5556d_JaffaCakes118.exepid process 1700 4aa9dfe5f96e03baa8993ced17d5556d_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Program Files\Common Files\Microsoft Shared\MSInfo\SysInfo1.dllFilesize
90KB
MD5208b101aedd339553aa990380a202e63
SHA1003970b74b2343885e313d8c06bc55709a127121
SHA2561b6ebb4f50fddaf7d48c48b3ab2734300519c13855a78e06835988d951f776bf
SHA512e1c4ac1c7285ca27fa187e1edc31a8b54ddf922e571de3e9aa8b339e20337d37587355256860be1b40126c8a475edbcb97edf6c3129dd4084b96507e8bb1e00b
-
memory/1700-3-0x0000000000400000-0x0000000000423000-memory.dmpFilesize
140KB