Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20-06-2024 15:05

General

  • Target

    0718c590352a10a5fb647c775059f447_JaffaCakes118.exe

  • Size

    589KB

  • MD5

    0718c590352a10a5fb647c775059f447

  • SHA1

    ef7037a97789c9670c60a02395aaebcc739652fc

  • SHA256

    bb60fd410e1a3fd36f5d8e43ff0e5534dc2a2765ae2a3000a8d14b9304d1bd92

  • SHA512

    169985b972ec6a9d62618dbd6912bd446ac0b452d935c95340fa3cc3450f8f59b5f82ac4def5ab2e58da2dfb1190af8f56e42911d2c128321f2bf243231b9d07

  • SSDEEP

    12288:Let/IVLAmSdWnrdDWK+XRHWPKcPn+vF3Z4mxxvYJphAR2USG4:LcgOmqWrdDWfHWScwQmXvYaR2USG4

Score
10/10

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

  • ModiLoader Second Stage 4 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0718c590352a10a5fb647c775059f447_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0718c590352a10a5fb647c775059f447_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2952
    • C:\Program Files\Common Files\Microsoft Shared\MSINFO\time.exe
      "C:\Program Files\Common Files\Microsoft Shared\MSINFO\time.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:2168
      • C:\Windows\SysWOW64\calc.exe
        "C:\Windows\system32\calc.exe"
        3⤵
          PID:1584
        • C:\Windows\SysWOW64\svchost.exe
          "C:\Windows\system32\svchost.exe"
          3⤵
            PID:2644
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c ""C:\Program Files\Common Files\Microsoft Shared\MSINFO\Delet.bat""
          2⤵
          • Deletes itself
          PID:2840

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files\Common Files\Microsoft Shared\MSInfo\Delet.bat

        Filesize

        212B

        MD5

        76f4f64c36235149e1b93f1420e29311

        SHA1

        d918584788206e19231cc084ad545940f41528a0

        SHA256

        daa33e8c3a34e27a56ad316be88e45c739a13934e43e6057510d547c04833b6f

        SHA512

        503be45fa1ff869ed51586254b4d8cdfd28dd0b642e5db8290ec5b8c5624bd68cf2c4c25310052bc2179358f9bc002189b23ed246b993e122d3d788bbf10abc7

      • \Program Files\Common Files\Microsoft Shared\MSInfo\time.exe

        Filesize

        589KB

        MD5

        0718c590352a10a5fb647c775059f447

        SHA1

        ef7037a97789c9670c60a02395aaebcc739652fc

        SHA256

        bb60fd410e1a3fd36f5d8e43ff0e5534dc2a2765ae2a3000a8d14b9304d1bd92

        SHA512

        169985b972ec6a9d62618dbd6912bd446ac0b452d935c95340fa3cc3450f8f59b5f82ac4def5ab2e58da2dfb1190af8f56e42911d2c128321f2bf243231b9d07

      • memory/1584-95-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

        Filesize

        4KB

      • memory/1584-97-0x0000000000400000-0x0000000000557000-memory.dmp

        Filesize

        1.3MB

      • memory/2168-90-0x0000000000400000-0x0000000000557000-memory.dmp

        Filesize

        1.3MB

      • memory/2168-91-0x0000000000400000-0x0000000000557000-memory.dmp

        Filesize

        1.3MB

      • memory/2168-112-0x0000000000400000-0x0000000000557000-memory.dmp

        Filesize

        1.3MB

      • memory/2644-103-0x0000000000400000-0x0000000000557000-memory.dmp

        Filesize

        1.3MB

      • memory/2952-41-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-47-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-76-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-75-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-74-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-35-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-72-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-71-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-70-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-69-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-68-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-67-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-66-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-65-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-64-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-63-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-62-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-61-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-60-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-58-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-57-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-56-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-55-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-54-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-53-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-52-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-51-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-50-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-49-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-48-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-36-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-46-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-45-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-44-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-43-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-42-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-59-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-40-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-39-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-38-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-21-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-77-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-73-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-34-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-33-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-32-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-31-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-30-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-29-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-28-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-27-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-26-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-25-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-24-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-23-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-22-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-37-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-20-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-19-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-18-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-17-0x00000000033C0000-0x00000000033C1000-memory.dmp

        Filesize

        4KB

      • memory/2952-16-0x00000000033D0000-0x00000000033D1000-memory.dmp

        Filesize

        4KB

      • memory/2952-15-0x00000000033D0000-0x00000000033D1000-memory.dmp

        Filesize

        4KB

      • memory/2952-14-0x00000000033D0000-0x00000000033D1000-memory.dmp

        Filesize

        4KB

      • memory/2952-13-0x00000000033D0000-0x00000000033D1000-memory.dmp

        Filesize

        4KB

      • memory/2952-12-0x00000000033D0000-0x00000000033D1000-memory.dmp

        Filesize

        4KB

      • memory/2952-11-0x00000000033D0000-0x00000000033D1000-memory.dmp

        Filesize

        4KB

      • memory/2952-10-0x0000000000630000-0x0000000000631000-memory.dmp

        Filesize

        4KB

      • memory/2952-9-0x0000000001E70000-0x0000000001E71000-memory.dmp

        Filesize

        4KB

      • memory/2952-8-0x0000000001E40000-0x0000000001E41000-memory.dmp

        Filesize

        4KB

      • memory/2952-7-0x0000000001E50000-0x0000000001E51000-memory.dmp

        Filesize

        4KB

      • memory/2952-6-0x0000000000610000-0x0000000000611000-memory.dmp

        Filesize

        4KB

      • memory/2952-5-0x0000000000620000-0x0000000000621000-memory.dmp

        Filesize

        4KB

      • memory/2952-4-0x0000000001E60000-0x0000000001E61000-memory.dmp

        Filesize

        4KB

      • memory/2952-2-0x00000000006A0000-0x00000000006A1000-memory.dmp

        Filesize

        4KB

      • memory/2952-1-0x0000000001DE0000-0x0000000001E34000-memory.dmp

        Filesize

        336KB

      • memory/2952-0-0x0000000000400000-0x0000000000557000-memory.dmp

        Filesize

        1.3MB

      • memory/2952-3-0x0000000000640000-0x0000000000641000-memory.dmp

        Filesize

        4KB

      • memory/2952-78-0x0000000000400000-0x0000000000557000-memory.dmp

        Filesize

        1.3MB

      • memory/2952-88-0x00000000043F0000-0x0000000004547000-memory.dmp

        Filesize

        1.3MB

      • memory/2952-87-0x00000000043F0000-0x0000000004547000-memory.dmp

        Filesize

        1.3MB

      • memory/2952-115-0x0000000001DE0000-0x0000000001E34000-memory.dmp

        Filesize

        336KB

      • memory/2952-114-0x0000000000400000-0x0000000000557000-memory.dmp

        Filesize

        1.3MB