Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-06-2024 02:22
General
-
Target
02006a4eee9f3db806b28d2e3d0ceb54_JaffaCakes118.dll
-
Size
476KB
-
MD5
02006a4eee9f3db806b28d2e3d0ceb54
-
SHA1
030a2f8163eb205b0c80fc8415d99b7a67410e4b
-
SHA256
c21fe6f266eedd4b3e099f9cf63d72fa156fd432341b2c4751ffa8cdde002654
-
SHA512
a5494fb9400df50647f108bcf7440cfded739cdc4bc178305a1c79d27ed5eb596f9a1b5775e8e6ce2155546bbd839ddd8e7cdf091b868e62caddaf15660a2d7d
-
SSDEEP
12288:iW0Tgvm6uDUwgmGQDZLzj2+QbXl8RfU1ayoUbZC:v6gvm9QTQ02Exb
Score
10/10
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\02006a4eee9f3db806b28d2e3d0ceb54_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\02006a4eee9f3db806b28d2e3d0ceb54_JaffaCakes118.dll,#12⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3280-0-0x0000000000400000-0x000000000047C000-memory.dmpFilesize
496KB