Analysis Overview
SHA256
97fa4860ddfd62eae525d2d021f026d85b361bf0f3220598a35b5f4c16db1ea8
Threat Level: Known bad
The file 006f370d71f60e4f449565d64c67ab37_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
ModiLoader, DBatLoader
ModiLoader Second Stage
Loads dropped DLL
Drops file in Program Files directory
Unsigned PE
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-19 20:49
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-19 20:49
Reported
2024-06-19 20:52
Platform
win7-20240508-en
Max time kernel
121s
Max time network
121s
Command Line
Signatures
ModiLoader, DBatLoader
ModiLoader Second Stage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\Microsoft Shared\MSINFO\atmQQ2.dll | C:\Users\Admin\AppData\Local\Temp\006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exe"
Network
Files
memory/2040-0-0x0000000000400000-0x0000000000425000-memory.dmp
\Program Files\Common Files\Microsoft Shared\MSInfo\atmQQ2.dll
| MD5 | 4f295581caf2904699cdd4fced41c810 |
| SHA1 | 98d1e85ea54d42d08bca6f78ceaa98b8ad947039 |
| SHA256 | e0aa03a2e84c19d1acdbd83f5ba3ed80aff9a3321ddd2ec9c2bf7ecf284f6c4a |
| SHA512 | 260a22f71df19ea650a11be59a6c5eb9b0f1196e57b3dae0d14c7ae9db56b837771380893b3ee1beaa9114dfed34664ec4210cd31d0bba19fbe74ded4da11eab |
memory/2040-5-0x0000000000240000-0x0000000000241000-memory.dmp
memory/2040-4-0x0000000000220000-0x000000000023F000-memory.dmp
memory/2040-6-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2040-7-0x0000000000240000-0x0000000000241000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-19 20:49
Reported
2024-06-19 20:52
Platform
win10v2004-20240508-en
Max time kernel
80s
Max time network
100s
Command Line
Signatures
ModiLoader, DBatLoader
ModiLoader Second Stage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\Microsoft Shared\MSINFO\atmQQ2.dll | C:\Users\Admin\AppData\Local\Temp\006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\006f370d71f60e4f449565d64c67ab37_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 52.111.227.11:443 | tcp |
Files
memory/2984-0-0x0000000000400000-0x0000000000425000-memory.dmp
C:\Program Files\Common Files\microsoft shared\MSInfo\atmQQ2.dll
| MD5 | 4f295581caf2904699cdd4fced41c810 |
| SHA1 | 98d1e85ea54d42d08bca6f78ceaa98b8ad947039 |
| SHA256 | e0aa03a2e84c19d1acdbd83f5ba3ed80aff9a3321ddd2ec9c2bf7ecf284f6c4a |
| SHA512 | 260a22f71df19ea650a11be59a6c5eb9b0f1196e57b3dae0d14c7ae9db56b837771380893b3ee1beaa9114dfed34664ec4210cd31d0bba19fbe74ded4da11eab |
memory/2984-6-0x00000000004B0000-0x00000000004CF000-memory.dmp
memory/2984-8-0x00000000004B0000-0x00000000004CF000-memory.dmp
memory/2984-9-0x00000000004B0000-0x00000000004CF000-memory.dmp
memory/2984-10-0x00000000004D0000-0x00000000004D1000-memory.dmp
memory/2984-11-0x0000000000400000-0x0000000000425000-memory.dmp
memory/2984-12-0x00000000004B0000-0x00000000004CF000-memory.dmp
memory/2984-13-0x00000000004D0000-0x00000000004D1000-memory.dmp