Analysis
-
max time kernel
125s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
04/07/2024, 04:15
Behavioral task
behavioral1
Sample
24991f1283abc05af04529f240dfc087_JaffaCakes118.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
24991f1283abc05af04529f240dfc087_JaffaCakes118.dll
Resource
win10v2004-20240508-en
General
-
Target
24991f1283abc05af04529f240dfc087_JaffaCakes118.dll
-
Size
33KB
-
MD5
24991f1283abc05af04529f240dfc087
-
SHA1
1c9e9c2545fdb805d7cdbaf5c9d656399d793838
-
SHA256
546e72e2cde9b9e386debef88437276fbf248c459de04429c5b55b5b0c4f711b
-
SHA512
619829a931ab44c486599ad1b7d53055382a12f52d0d477dc1de9ef072c622209c411356c266c1e5a258283fc47d2e9c16e6901c5a5617e18740d8d4054309c0
-
SSDEEP
768:cKSoqu380GQplBoJaeR1q7K+3XQeN4W4M49wk/T2h:Uoqu380GQplBoQwIL3XQeB4Z9wf
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage 1 IoCs
resource yara_rule behavioral2/memory/2208-0-0x0000000000820000-0x000000000082E000-memory.dmp modiloader_stage2 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1380 wrote to memory of 2208 1380 regsvr32.exe 88 PID 1380 wrote to memory of 2208 1380 regsvr32.exe 88 PID 1380 wrote to memory of 2208 1380 regsvr32.exe 88
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\24991f1283abc05af04529f240dfc087_JaffaCakes118.dll1⤵
- Suspicious use of WriteProcessMemory
PID:1380 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\24991f1283abc05af04529f240dfc087_JaffaCakes118.dll2⤵PID:2208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3772,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=4128 /prefetch:81⤵PID:4516