Analysis

  • max time kernel
    133s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    20-06-2024 19:53

General

  • Target

    09422e47a95b1c2fad54d948843b9f0c_JaffaCakes118.exe

  • Size

    404KB

  • MD5

    09422e47a95b1c2fad54d948843b9f0c

  • SHA1

    a3db3f2f5b272cd51d2b312ba9a388788b78bed4

  • SHA256

    139cff125dc1eac257e9a7b5dd3971f7c0d924e4a6f469b18c2f08637a5f4c2e

  • SHA512

    7b2173c53299c59d0af309f077a31d95cb144ca4a505e0edfff2e88e5a1834ea63545da5742e35c12c435e9b1c897629612cfa6180bfc57ac6ccaf5eb6d7a0be

  • SSDEEP

    12288:piKf9rHXYBKnolmQ1DUbESnDkosH7ITHD9j3w99ZcE:piKfh3Y4hhsCHxj3S9ZN

Score
10/10

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

  • ModiLoader Second Stage 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09422e47a95b1c2fad54d948843b9f0c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\09422e47a95b1c2fad54d948843b9f0c_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1644
    • C:\program files\internet explorer\IEXPLORE.EXE
      "C:\program files\internet explorer\IEXPLORE.EXE"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1988
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1988 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0a98c7f0eb7208fa9216be158ed4dcca

    SHA1

    3b25bc7b5366780c3ec44a57c023af9acfff98ec

    SHA256

    0b96156cacac92f1726ffb96a9c2708869a2c8144c3c49d82870e4fa8a0c7a2e

    SHA512

    a84cbdf4f0a3ed7e44992e68aade8b7a5c404824ba4e1ff6c9627c701467b1444cfc69ce8077be25b4bbfcd9808f9dd5bd4ba13ac8af683b50ede476f3ba0cbd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4d1e4b9b1f22798c78371def6a954090

    SHA1

    6e2c8555197104a5cf5b5c9415a961e190b534f7

    SHA256

    fb88308080f181ce468801e15cc164b1769e7968a143bf8e1a5239458573857b

    SHA512

    15b9a0abbd8a066737b3a3b5354071294724c522fe9655fc036b1d97257005e0993c4b5026f0df3be2c4691e65c03e16e9f8cfb93e5b68186eee2f882fd7c38c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    972eeb82e02b37a9e486b034fecf7174

    SHA1

    0a0dbefe2ef58c951a3790993306171692dc8132

    SHA256

    e7dbbdb88f135fb4ebbdc509b6587d16784f800cc649f616a669272df224827b

    SHA512

    bcbddf0f003c41326ca77628447901dd05bd988782ec4953d02a3225656303f74a7d288559872ac27ffedd64efd81977caf83e6ec88338c9b60e446f5d21cd4e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ce6cbf4080ab0616cff13728628923af

    SHA1

    b1586a4241676d011cc30c61edf14ec0bc29881b

    SHA256

    caa0a4db53563354d8bddcfad703090783806dde075ba5ed0fce3faad587baf7

    SHA512

    468114bacf7892f0445e8561248aec0fab2a6183c129aa92be4e5f0a4dac4e8a36010fc389772ec0636a1b83a4549286ac83514a27bd089415fc616455843bd2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    637780b38e1fcae2bb698060ddbc720f

    SHA1

    ba2f48157140664de595be7e985a308b48c02f03

    SHA256

    7118fc87a7ac9b0595a8255ae11dd97085865765f0176b81e68eb74d34948e4a

    SHA512

    2f58d12e9871eacc828e2c4c7d979defe0a72243028f4a9702faa080faa04480a9761b27145e285300d7d13e815b0d8d4c480ebba92405fdab456ba10f93b34a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    eb07d28ba768a048bc0c6abdb1482dbe

    SHA1

    3bf164c493c506a23d6ce64621e2c40cfd6f9098

    SHA256

    733858d55ebc9916b6e0408a2db96e94616276151ba6c2e1a6ce4f9728fa58d6

    SHA512

    1c0e5e3f6dea0a35df025a6a145fc7bfe9739e070eea236adb12a9567c66fd00cf0f99012858993d45d006593a4448200e1218acc7af49d572ceb136507451dd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    519083825c4e2e5c3924b0ef1646f5e0

    SHA1

    886d2bad1d2115dabaa2d6067f6c40fce058afc2

    SHA256

    75b0380f2c32f922804a05da5a03b6b224a7480165715b40c79720be509d554b

    SHA512

    7bf18e391b473a263a39fc69ba8cdbfadc1b2ea206a9e245795de8d8198fca8dbdb987afd72d04fd6a6e57c5d0a495344753d2030f6436e4eb1e11d5d722eb32

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    48d337f82be0e70ecbcce84eb9c07c91

    SHA1

    6f0921043e53584eb280df4b5c53a4969d5b4f65

    SHA256

    70b68ba249cf195cd4d761cafd3c3d60d2cd867ce812425e645041093d4915f6

    SHA512

    42d9b3aa25cf00c60759fe73620086be8de1def846bdfe35b156f8353e0ad1f656a025df561ba38f003d965fe39a91a079b05c636953366a85243ba3e4802f7d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8b93d77959f143dfe798eea07e58ea50

    SHA1

    4d14145e9c7bcca0ae7606e1e48e2a0324b1aadf

    SHA256

    52a318a434693e58ac8dc69dc9bfaf08a989d8a38d2b84692a2cd64523dcf0f6

    SHA512

    a203004baa884dea87f307173f6ff68897b18c74e743930cacc3dd62207b70f9b4fd28b33d94500475e58d360dc07da8ff8aaf795a53647c87e8c90fa3c3051c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e56ed9131098fea3fc2a20e4915e11df

    SHA1

    d0b88fbd87450bbe3cb52f76c0085c4e93bf3b33

    SHA256

    eed36fc275d9a3e63bbaf3897d05d900c672e7fb0f0b438e3b7b849cc0ad1808

    SHA512

    9152841c995c03b0bd42a93eb466c710ff953d602a6b16089123af922dd8d88386a66f7fd40c71cc26bcbf6fa80d67e180d21ba017dad948cc3b22719c8b5455

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    da12bfea8a8226bf21ed3318b2f152e2

    SHA1

    1e9d0ce475d703914012798da888e4f65ff6a1e6

    SHA256

    aed96a380952d281afee326da7cabb77611c85abeb28cc799d26647694a9967a

    SHA512

    2f92125b9ca93ea3c05a7ed96479915a660da67420b250b121d1d940cb058ef8d07a9a298038f02135609ecb1be0896954ca1df42bd3e3eef2d873bc4d918faf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2ce37956f9811ca3aef43f8a2247fd76

    SHA1

    4dbb60379fd3baa4de08e3e938478d36f9dba311

    SHA256

    dd15d3201484d2a164f4dbf7ff915098e29ffbc9d046bafd6e48979c18770ccf

    SHA512

    eb4c8122b4c239d0d459aacf91756fda9ef3cd8565546f1d1209cf597b094564e9a57c17e31cbf8aada11ab38d0ee190459ac6022504a1d128b580b3daad5154

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    24916f718a666fd88343f9145bfeaaff

    SHA1

    fde758110838f9fdf918577212abeaf97f754612

    SHA256

    c56d4cdb224292ed25d4e418f9e3c3169da5c0a6fd75387e9242df690cdcbdcd

    SHA512

    6c4263bf85cd02e3471c27d634bafb7ae1025ed8c2bbc9a298bed77883ccc11d2b3bdb62202cf44806ac53996893cdc219a451f2968878e8df17eff99396eaf3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    22267602bab1d3c2707e66121c1688a4

    SHA1

    a800236c06c2ea8f72ea7335ca69c052d478e81e

    SHA256

    c9795a4339b04b57140e7ac1cf58865aa77ca830754b40aac405057b5722a725

    SHA512

    e18dfe4a087e99fe7ee1d3d90d6a380f63cf16a9ed16ea34db76df4a67458ad307c0d268d50d1afc8ca58e9be0d81c7826ae1b7c4d6a23dd59f790260ebd0f65

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c0544c491589f369d51a87f9e3a4b4d1

    SHA1

    b07008258d0f1bd24b0bd4d11e6cd36895ad8a3f

    SHA256

    080966dee1faa1eedc8c78b9f18fd01f53cf4abcedb7540f42f548cf5d9ef709

    SHA512

    bc6a822c6fea31cdd4c5dcc84cfdabf2804bd7f5996d8b608199ec857d7c16ebd70b7cef1942e1fcbc61bfb83574e8195241bb02682a1dff63e32ef6d5cbb59d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2215cdf848f2b4dd9a8ec49d4ca9b48a

    SHA1

    4942e72f30beb842033748cb9101b03169f6c133

    SHA256

    941bb9206d807cf35ca59b23a77b81295c709cf2bac4f50bb9cb3cd273efa13c

    SHA512

    d741cfba74abf3629769f24d951ceabd744acbe4e972b373ea4c15620bfe5dcd85e253d3de3727a358adddeec79e4c0aea8d3cbdd571c09e17252e879b8d820f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ee8f55b3449163a05a49e2d22da6ca63

    SHA1

    353fcc77416d6d94df62c3e14bb34406f7c3c062

    SHA256

    1d1b18f4c98c76d17860b018c6a6236e20dbef90c28b9cf015bf804def3e9e4d

    SHA512

    86fbd263b77dac38a7cc814a43d99885fa282ee23be2df1062dfed252d5869d1a41c8f991f61bd8b5d794c44ad14189734453daa7a7cfbe7037e3df81f75e75d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7a33f713906c3ff09ab49f72c5badb9d

    SHA1

    e1515c48fa5a417a8d7428d298e1d14214d75c40

    SHA256

    10c21e0891ed9ff45be258aeecfe90c40bac19f3790a54871c9ae62d6abdca14

    SHA512

    53d8a939ce2b343bed9f6ac7b6796d71927c1eb9e1ef5cd58505a9bf23add57852756166d8090a50fd8a917ae35ec8ae661cf1660d1d46aac92e4c5053207dcf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    28ebffff3194c53cdcefb19a46bac451

    SHA1

    a534540108a26bdbad05dceade169d65c793859e

    SHA256

    68e920da5fe85a62e50ced117ef320970b6a2fcf73df474aea628d92dd808cac

    SHA512

    d7a4efe14d9ad78bdda691ac88933b56d4711033e59d783e1528245db19d19b2242a48a6869f6bd2b7d3372997ee28972903b0a93b326afa36ccf6ed4c9ea76b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c6de8d0b4cd7c624ab660235dbee88bc

    SHA1

    2804c1442e977925adef8357f51bb380e906ad9f

    SHA256

    b5bc60aac35e93f71c2b07ea0c87fa3ea3a77615e42af0a92434bfa2716edbaf

    SHA512

    377a6e471a9c037637010c536c2f9e53ebc04dc4c5a0260ecc6991099b153a61f0603591cb1388be622f6a5ac74114590589e139dd19496f86b5c45f4635ff9b

  • C:\Users\Admin\AppData\Local\Temp\Cab49C0.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar4A44.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/1644-6-0x0000000000400000-0x00000000004CA000-memory.dmp

    Filesize

    808KB

  • memory/1644-0-0x0000000000400000-0x00000000004CA000-memory.dmp

    Filesize

    808KB

  • memory/1644-1-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

  • memory/1644-5-0x0000000000415000-0x0000000000416000-memory.dmp

    Filesize

    4KB

  • memory/1988-3-0x0000000000060000-0x000000000012A000-memory.dmp

    Filesize

    808KB