Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
20-06-2024 11:10
General
-
Target
0574ba053f676337d4fa1d7d3851ada3_JaffaCakes118.exe
-
Size
176KB
-
MD5
0574ba053f676337d4fa1d7d3851ada3
-
SHA1
30edab748632fab8dba7bf586019bcb4e7436cc3
-
SHA256
7fb0ad2dda136efc7860caeaf4eb2ba2205fbedf7f7c919fd9ec4c78589e8fc0
-
SHA512
bdfb12b6311ebd9caa7d3e7914555b589b6fe6b92e6452f5c4fa6abd4161f6b1f14031b14a39a4d57e486534aa5bb896fc86c1f4314d007c72d5d0db7a854986
-
SSDEEP
3072:XFRZxizN4ExwNMcf3BOYphy+ryk0W87JjcL2u9aL+pTo:X3OvkxfYJj22UaL+pc
Score
10/10
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage 13 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0574ba053f676337d4fa1d7d3851ada3_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0574ba053f676337d4fa1d7d3851ada3_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe11⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe15⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe16⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe17⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe18⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe19⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe20⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe21⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe22⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe23⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe24⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe25⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe26⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe27⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe28⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe29⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe30⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe31⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe32⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe63⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe64⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe66⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe67⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe68⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe69⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe70⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe71⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe72⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe73⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe74⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe75⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe76⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe77⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe78⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe79⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe80⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe81⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe82⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe83⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe84⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe85⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe86⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe87⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe88⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe89⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe90⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe91⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe92⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe93⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe94⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe95⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe96⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe97⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe98⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe99⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe100⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe101⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe102⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe103⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe104⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe105⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe106⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe107⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe108⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe109⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe110⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe111⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe112⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe113⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe114⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe115⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe116⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe117⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe118⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe119⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe120⤵
-
C:\Windows\SysWOW64\explore.exeC:\Windows\system32\explore.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-