Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    20-06-2024 18:53

General

  • Target

    08d531a7f7fff50d2b03fa906ab6a225_JaffaCakes118.exe

  • Size

    544KB

  • MD5

    08d531a7f7fff50d2b03fa906ab6a225

  • SHA1

    61fad11ae22a07183d2e535c0ce915b38bfac22f

  • SHA256

    4b4d5ff9c9a8ed6a202408872ca393c630ec364606963197a35292539322aa35

  • SHA512

    b11a4e78874f5208f6eb759f63944a3f72d0adc3f6c94da2de3db58b1555714b2b322ddd3ed46b06767086f128372ae2c67c4cb7caabb01325444a00b467a551

  • SSDEEP

    12288:JAhH7ss1wJoXK8nrl+CnfGew9G9OXKGS0gq9Eeq6R+JoHGVX04b7:JAhj1+8nTnfGe39cKGLH97q1oHGB04b

Score
10/10

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

  • ModiLoader Second Stage 3 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\08d531a7f7fff50d2b03fa906ab6a225_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\08d531a7f7fff50d2b03fa906ab6a225_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:3056
    • C:\Windows\SysWOW64\ddos.exe
      C:\Windows\system32\ddos.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:2680
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\system32\Deleteme.bat
      2⤵
      • Deletes itself
      PID:2536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Deleteme.bat

    Filesize

    212B

    MD5

    c511e432ebe0af9bf5ae47b27898fa10

    SHA1

    a4ee66b061df03ade296448b0d4ce3a3fcd0cad8

    SHA256

    11a0096a97c9438da8888d05c15c29e0a9c5669ba5f7887960983dec1f9d8ae4

    SHA512

    ff78385419e823e44944cb564d1b7113838c8fde6f78c591ef42ee816e5183320b5fbc01e17648b61e6e11edc3ea08c220aa93d292ac205b9adf6698ff144e3c

  • \Windows\SysWOW64\ddos.exe

    Filesize

    544KB

    MD5

    08d531a7f7fff50d2b03fa906ab6a225

    SHA1

    61fad11ae22a07183d2e535c0ce915b38bfac22f

    SHA256

    4b4d5ff9c9a8ed6a202408872ca393c630ec364606963197a35292539322aa35

    SHA512

    b11a4e78874f5208f6eb759f63944a3f72d0adc3f6c94da2de3db58b1555714b2b322ddd3ed46b06767086f128372ae2c67c4cb7caabb01325444a00b467a551

  • memory/2680-61-0x0000000000570000-0x00000000005C4000-memory.dmp

    Filesize

    336KB

  • memory/2680-60-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

  • memory/2680-51-0x0000000000570000-0x00000000005C4000-memory.dmp

    Filesize

    336KB

  • memory/2680-50-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

  • memory/3056-9-0x0000000001FB0000-0x0000000001FB1000-memory.dmp

    Filesize

    4KB

  • memory/3056-6-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

  • memory/3056-25-0x0000000003290000-0x0000000003291000-memory.dmp

    Filesize

    4KB

  • memory/3056-24-0x0000000003290000-0x0000000003291000-memory.dmp

    Filesize

    4KB

  • memory/3056-23-0x0000000003290000-0x0000000003291000-memory.dmp

    Filesize

    4KB

  • memory/3056-22-0x0000000003290000-0x0000000003291000-memory.dmp

    Filesize

    4KB

  • memory/3056-21-0x00000000032A0000-0x00000000032A1000-memory.dmp

    Filesize

    4KB

  • memory/3056-20-0x00000000032A0000-0x00000000032A1000-memory.dmp

    Filesize

    4KB

  • memory/3056-19-0x00000000032A0000-0x00000000032A1000-memory.dmp

    Filesize

    4KB

  • memory/3056-18-0x00000000032A0000-0x00000000032A1000-memory.dmp

    Filesize

    4KB

  • memory/3056-17-0x00000000032A0000-0x00000000032A1000-memory.dmp

    Filesize

    4KB

  • memory/3056-16-0x00000000032A0000-0x00000000032A1000-memory.dmp

    Filesize

    4KB

  • memory/3056-15-0x00000000032A0000-0x00000000032A1000-memory.dmp

    Filesize

    4KB

  • memory/3056-14-0x00000000032A0000-0x00000000032A1000-memory.dmp

    Filesize

    4KB

  • memory/3056-13-0x00000000032A0000-0x00000000032A1000-memory.dmp

    Filesize

    4KB

  • memory/3056-12-0x00000000032A0000-0x00000000032A1000-memory.dmp

    Filesize

    4KB

  • memory/3056-11-0x0000000000670000-0x0000000000671000-memory.dmp

    Filesize

    4KB

  • memory/3056-10-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

    Filesize

    4KB

  • memory/3056-0-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

  • memory/3056-8-0x0000000001FC0000-0x0000000001FC1000-memory.dmp

    Filesize

    4KB

  • memory/3056-7-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

  • memory/3056-26-0x0000000003290000-0x0000000003291000-memory.dmp

    Filesize

    4KB

  • memory/3056-5-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

    Filesize

    4KB

  • memory/3056-4-0x0000000000680000-0x0000000000681000-memory.dmp

    Filesize

    4KB

  • memory/3056-3-0x00000000006A0000-0x00000000006A1000-memory.dmp

    Filesize

    4KB

  • memory/3056-31-0x0000000003290000-0x0000000003293000-memory.dmp

    Filesize

    12KB

  • memory/3056-37-0x00000000032B0000-0x00000000032B1000-memory.dmp

    Filesize

    4KB

  • memory/3056-38-0x00000000003D0000-0x00000000003D1000-memory.dmp

    Filesize

    4KB

  • memory/3056-36-0x00000000032C0000-0x00000000032C1000-memory.dmp

    Filesize

    4KB

  • memory/3056-35-0x00000000032D0000-0x00000000032D1000-memory.dmp

    Filesize

    4KB

  • memory/3056-34-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

  • memory/3056-33-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

  • memory/3056-32-0x00000000032A0000-0x00000000032A1000-memory.dmp

    Filesize

    4KB

  • memory/3056-27-0x0000000003290000-0x0000000003291000-memory.dmp

    Filesize

    4KB

  • memory/3056-42-0x0000000004360000-0x00000000044CB000-memory.dmp

    Filesize

    1.4MB

  • memory/3056-28-0x0000000003290000-0x0000000003291000-memory.dmp

    Filesize

    4KB

  • memory/3056-49-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

  • memory/3056-30-0x0000000003290000-0x0000000003291000-memory.dmp

    Filesize

    4KB

  • memory/3056-29-0x0000000003290000-0x0000000003291000-memory.dmp

    Filesize

    4KB

  • memory/3056-2-0x0000000000370000-0x00000000003C4000-memory.dmp

    Filesize

    336KB

  • memory/3056-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

  • memory/3056-62-0x0000000000370000-0x00000000003C4000-memory.dmp

    Filesize

    336KB

  • memory/3056-63-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB