Analysis

  • max time kernel
    51s
  • max time network
    59s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-06-2024 18:45

General

  • Target

    08c66d6f32aa9fa2ec836b7a2b03e382_JaffaCakes118.exe

  • Size

    218KB

  • MD5

    08c66d6f32aa9fa2ec836b7a2b03e382

  • SHA1

    c7ed9e50a58929e56807efbdb0514d59b0a2f413

  • SHA256

    67eb4adf0e713954749b5bf019297ad339e092eda49b8d92ab1e1202d61373fa

  • SHA512

    dd6fa83e7b8c0d5d1af451778dc2b31d24accd8976dfec69a0af15170a076fb6cca3559cee37b2ae330ac5cf337a648cc9dead553c85582adab438ae7cfeac95

  • SSDEEP

    6144:JS9FeqR/9DWvb0NLPglcCmRyFvKf68ke2xzHe76:o9V/tWvwNLPglvR46sT6

Score
10/10

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

  • ModiLoader Second Stage 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\08c66d6f32aa9fa2ec836b7a2b03e382_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\08c66d6f32aa9fa2ec836b7a2b03e382_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" about:blank
      2⤵
        PID:2096
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c del "C:\Users\Admin\AppData\Local\Temp\08c66d6f32aa9fa2ec836b7a2b03e382_JaffaCakes118.exe"
        2⤵
          PID:4544

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1972-0-0x0000000013140000-0x0000000013206000-memory.dmp

        Filesize

        792KB

      • memory/1972-3-0x0000000010410000-0x000000001048C000-memory.dmp

        Filesize

        496KB

      • memory/1972-4-0x0000000010410000-0x000000001048C000-memory.dmp

        Filesize

        496KB

      • memory/1972-12-0x0000000013140000-0x0000000013206000-memory.dmp

        Filesize

        792KB