Analysis
-
max time kernel
54s -
max time network
63s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/07/2024, 15:29
Behavioral task
behavioral1
Sample
22d9c53426a56f2d4a894a3e15b795a0_JaffaCakes118.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
22d9c53426a56f2d4a894a3e15b795a0_JaffaCakes118.dll
Resource
win10v2004-20240508-en
General
-
Target
22d9c53426a56f2d4a894a3e15b795a0_JaffaCakes118.dll
-
Size
289KB
-
MD5
22d9c53426a56f2d4a894a3e15b795a0
-
SHA1
1b5d75d673342a8152ed83471b956e8eaa5012bc
-
SHA256
f8c14652b75f640f6c9009d60d5009118433783ec64c3221b76ef3a26ce8c12c
-
SHA512
052f1fa32f9cd6fc00673b90ef9722869175f843bd76578ea52d33e634ae012cb91030e6a1972b4347568939983a4872997ca9cbceabf4e9f8acc9d34c5eea52
-
SSDEEP
6144:46gbdfWGCqzc8vUkqxW4M8SgsApp6E3QNfCn5jDMlrJn:OdfQ2c8vr4ygCE3QhCnJAlrB
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage 2 IoCs
resource yara_rule behavioral2/memory/1840-0-0x0000000000AB0000-0x0000000000AFE000-memory.dmp modiloader_stage2 behavioral2/memory/1840-1-0x0000000000AB0000-0x0000000000AFE000-memory.dmp modiloader_stage2 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3156 wrote to memory of 1840 3156 rundll32.exe 81 PID 3156 wrote to memory of 1840 3156 rundll32.exe 81 PID 3156 wrote to memory of 1840 3156 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\22d9c53426a56f2d4a894a3e15b795a0_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3156 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\22d9c53426a56f2d4a894a3e15b795a0_JaffaCakes118.dll,#12⤵PID:1840
-