Analysis
-
max time kernel
141s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
10/09/2024, 12:16
General
-
Target
d8447ccb6e76a4d96e1279c1bd27bff9_JaffaCakes118.exe
-
Size
992KB
-
MD5
d8447ccb6e76a4d96e1279c1bd27bff9
-
SHA1
50ad9191b43b9f807c02534d7d6df7faf37cd37f
-
SHA256
283958766c2805b0da9e1a5ea4dd6be61f85eab9f6f6b5979f4212ab116ab49b
-
SHA512
36dbc6978be102d7db12ced39b0658eb96237b6a12e104b8caea082d327656ad9698e961dcf3004fddd67884eb354e0f1573a370890426880b866f7ec618a220
-
SSDEEP
24576:GIynhn+SdS8Yf6JhSCVCUi8Pi/PM44Hlu+Q5Kl4B1jqSHA:eaf6Jh5KKlmqr
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage 3 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d8447ccb6e76a4d96e1279c1bd27bff9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\d8447ccb6e76a4d96e1279c1bd27bff9_JaffaCakes118.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Binder BY ~Dr.MOT~.exe"C:\Users\Admin\AppData\Local\Temp\Binder BY ~Dr.MOT~.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Huawei.exe"C:\Users\Admin\AppData\Local\Temp\Huawei.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4440,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=3032 /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
874KB
MD56e7f0df50a2700d19a7559fcc15bcf64
SHA16fdf163357f825c6a1dec3c77b7580f6bd9882d4
SHA25649486cde4267da7144003559146f678db2691070deb7faf8f13be59b5e1c323f
SHA51231d190957dac017c0936d8cde59fbb2882fc01f6aab7c56981e7e49e6a542048191a5aec7d0b54435ac1093896f26cc61d079f1ac98a099def599a0dc815dc63
-
Filesize
107KB
MD51dd81bd403030a0c8bab7a721429feaa
SHA1d8122c2e348603bf1d384a9e797b5aac714428c0
SHA256a787e56bdd9e38ea68662f59f1a9494251ee97c262c6e16d7f86496d01a1d39b
SHA512735efbb9872650f1e198fc22ac355fcedeffd2d9ef2b3f0f9a87bbf0a245e069f2579c92d55ef7322a2cbf29d8a812c7aad6359773e7643adbe62a89cf106513
-
Filesize
1020KB
-
Filesize
4KB
-
Filesize
916KB
-
Filesize
4KB