Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    20-06-2024 22:47

General

  • Target

    09ec276b9abfb0a90cea10347b6e8cc1_JaffaCakes118.exe

  • Size

    413KB

  • MD5

    09ec276b9abfb0a90cea10347b6e8cc1

  • SHA1

    2b341df165dc18f3775f59a0d20da18613e40fd9

  • SHA256

    3a092a9b8db31ab68798137f020a043bc4b26181f9156f04fb4677a2b13acd51

  • SHA512

    332e90768b63185525a5a33cc4d25952041f65bb234ea6088e71e6bc0277ba63e913206745a61f8098c4f50770c0ed99c082524016c7343037c4fbc07972754f

  • SSDEEP

    6144:t+DbBikiaHIOujx5HFMvdAKwrm8A420WyLrvUSWcC2mtr/p1jTB8u0v8:tabEkia2N5HGEA50WyLBWzBjTe9v8

Score
10/10

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

  • ModiLoader Second Stage 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09ec276b9abfb0a90cea10347b6e8cc1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\09ec276b9abfb0a90cea10347b6e8cc1_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:288
    • C:\program files\internet explorer\IEXPLORE.EXE
      "C:\program files\internet explorer\IEXPLORE.EXE"
      2⤵
        PID:2500

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/288-0-0x0000000000400000-0x00000000004BE03E-memory.dmp

      Filesize

      760KB

    • memory/288-2-0x00000000003E0000-0x00000000003E1000-memory.dmp

      Filesize

      4KB

    • memory/288-3-0x0000000000400000-0x00000000004BE03E-memory.dmp

      Filesize

      760KB