Malware Analysis Report

2024-10-19 07:00

Sample ID 240620-s8f5lazbpp
Target 076eb2db84aebf2350414a657c88f7ff_JaffaCakes118
SHA256 79717bbefa00956f137d446b83271ea5df10aa751928be1a4976891447990eed
Tags
modiloader trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

79717bbefa00956f137d446b83271ea5df10aa751928be1a4976891447990eed

Threat Level: Known bad

The file 076eb2db84aebf2350414a657c88f7ff_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

modiloader trojan

ModiLoader Second Stage

Modiloader family

ModiLoader, DBatLoader

ModiLoader Second Stage

Loads dropped DLL

Executes dropped EXE

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-20 15:47

Signatures

ModiLoader Second Stage

Description Indicator Process Target
N/A N/A N/A N/A

Modiloader family

modiloader

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-20 15:47

Reported

2024-06-20 15:50

Platform

win7-20240611-en

Max time kernel

118s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\076eb2db84aebf2350414a657c88f7ff_JaffaCakes118.exe"

Signatures

ModiLoader, DBatLoader

trojan modiloader

ModiLoader Second Stage

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\RECYCLER\wmsj.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\076eb2db84aebf2350414a657c88f7ff_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\076eb2db84aebf2350414a657c88f7ff_JaffaCakes118.exe"

C:\RECYCLER\wmsj.exe

C:\RECYCLER\wmsj.exe

Network

N/A

Files

memory/2416-0-0x0000000000400000-0x0000000000427000-memory.dmp

\RECYCLER\wmsj.exe

MD5 076eb2db84aebf2350414a657c88f7ff
SHA1 03c802c74d4ef1a4df42918aae9455dd0718224f
SHA256 79717bbefa00956f137d446b83271ea5df10aa751928be1a4976891447990eed
SHA512 6572452e509d6a006540b253ef4e7bc100480ea496a49beb6ef1e8101aba7bc7523e4388ca1680d540b2908a680eaa0a04dd5911774ed7f66664253a33062aad

memory/2416-12-0x0000000000400000-0x0000000000427000-memory.dmp

C:\RECYCLER\video.dll

MD5 efc90757e4df598f033faa078ba289c0
SHA1 c8f52f6d9a1eb7ed953d7d539156569c62c61f66
SHA256 bc92e523187d22cde3508219902f1bee003199ff07bc55a7a7e956e972bf8861
SHA512 b0ae4615fc76de00dd7d0d21e3b72f58ce36cd69a8dd22333fbc65a6729a1bd01e293c9c51243fc769096acb7e9704d0a4165f7aed90e90ac82c13df0735bc6a

memory/2936-13-0x0000000000400000-0x0000000000427000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-20 15:47

Reported

2024-06-20 15:50

Platform

win10v2004-20240508-en

Max time kernel

140s

Max time network

99s

Command Line

"C:\Users\Admin\AppData\Local\Temp\076eb2db84aebf2350414a657c88f7ff_JaffaCakes118.exe"

Signatures

ModiLoader, DBatLoader

trojan modiloader

ModiLoader Second Stage

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\RECYCLER\wmsj.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\RECYCLER\wmsj.exe N/A
N/A N/A C:\RECYCLER\wmsj.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\RECYCLER\wmsj.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\076eb2db84aebf2350414a657c88f7ff_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\076eb2db84aebf2350414a657c88f7ff_JaffaCakes118.exe"

C:\RECYCLER\wmsj.exe

C:\RECYCLER\wmsj.exe

Network

Country Destination Domain Proto
US 52.111.229.43:443 tcp

Files

memory/1588-0-0x0000000000400000-0x0000000000427000-memory.dmp

C:\RECYCLER\wmsj.exe

MD5 076eb2db84aebf2350414a657c88f7ff
SHA1 03c802c74d4ef1a4df42918aae9455dd0718224f
SHA256 79717bbefa00956f137d446b83271ea5df10aa751928be1a4976891447990eed
SHA512 6572452e509d6a006540b253ef4e7bc100480ea496a49beb6ef1e8101aba7bc7523e4388ca1680d540b2908a680eaa0a04dd5911774ed7f66664253a33062aad

memory/2388-8-0x0000000000400000-0x0000000000427000-memory.dmp

C:\RECYCLER\video.dll

MD5 efc90757e4df598f033faa078ba289c0
SHA1 c8f52f6d9a1eb7ed953d7d539156569c62c61f66
SHA256 bc92e523187d22cde3508219902f1bee003199ff07bc55a7a7e956e972bf8861
SHA512 b0ae4615fc76de00dd7d0d21e3b72f58ce36cd69a8dd22333fbc65a6729a1bd01e293c9c51243fc769096acb7e9704d0a4165f7aed90e90ac82c13df0735bc6a

memory/1588-15-0x0000000000400000-0x0000000000427000-memory.dmp

memory/2388-12-0x0000000000550000-0x000000000055F000-memory.dmp

memory/2388-16-0x0000000000550000-0x000000000055F000-memory.dmp

memory/2388-18-0x0000000000400000-0x0000000000427000-memory.dmp