Analysis
-
max time kernel
80s -
max time network
100s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
19-06-2024 20:49
Static task
static1
Behavioral task
behavioral1
Sample
006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exe
-
Size
36KB
-
MD5
006f370d71f60e4f449565d64c67ab37
-
SHA1
247a478b05869606455f62f7e4fc9410684d0b54
-
SHA256
97fa4860ddfd62eae525d2d021f026d85b361bf0f3220598a35b5f4c16db1ea8
-
SHA512
620d7ab8d3407529a917daa27e16b36a88c3d4228011bfc74292cc97614ff6d328ab7943bbe4bce60610398fcf61b49fce533c083ee54df206b2bde9dcfbefe0
-
SSDEEP
768:dCs1VT4DmmGWFW4ckEC9vpCnY9m6y+nHVNxo1HDDme:d1TClGi1cOVM3Axo1HDN
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage 2 IoCs
Processes:
resource yara_rule behavioral2/memory/2984-9-0x00000000004B0000-0x00000000004CF000-memory.dmp modiloader_stage2 behavioral2/memory/2984-12-0x00000000004B0000-0x00000000004CF000-memory.dmp modiloader_stage2 -
Loads dropped DLL 2 IoCs
Processes:
006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exepid process 2984 006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exe 2984 006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exe -
Drops file in Program Files directory 1 IoCs
Processes:
006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exedescription ioc process File created C:\Program Files\Common Files\Microsoft Shared\MSINFO\atmQQ2.dll 006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exepid process 2984 006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Common Files\microsoft shared\MSInfo\atmQQ2.dllFilesize
25KB
MD54f295581caf2904699cdd4fced41c810
SHA198d1e85ea54d42d08bca6f78ceaa98b8ad947039
SHA256e0aa03a2e84c19d1acdbd83f5ba3ed80aff9a3321ddd2ec9c2bf7ecf284f6c4a
SHA512260a22f71df19ea650a11be59a6c5eb9b0f1196e57b3dae0d14c7ae9db56b837771380893b3ee1beaa9114dfed34664ec4210cd31d0bba19fbe74ded4da11eab
-
memory/2984-0-0x0000000000400000-0x0000000000425000-memory.dmpFilesize
148KB
-
memory/2984-6-0x00000000004B0000-0x00000000004CF000-memory.dmpFilesize
124KB
-
memory/2984-8-0x00000000004B0000-0x00000000004CF000-memory.dmpFilesize
124KB
-
memory/2984-9-0x00000000004B0000-0x00000000004CF000-memory.dmpFilesize
124KB
-
memory/2984-10-0x00000000004D0000-0x00000000004D1000-memory.dmpFilesize
4KB
-
memory/2984-11-0x0000000000400000-0x0000000000425000-memory.dmpFilesize
148KB
-
memory/2984-12-0x00000000004B0000-0x00000000004CF000-memory.dmpFilesize
124KB
-
memory/2984-13-0x00000000004D0000-0x00000000004D1000-memory.dmpFilesize
4KB