Analysis

  • max time kernel
    140s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-09-2024 11:50

General

  • Target

    e6c2004f8b577bd10e9682271bdf19ba_JaffaCakes118.exe

  • Size

    19KB

  • MD5

    e6c2004f8b577bd10e9682271bdf19ba

  • SHA1

    bbd1eb059677543dd65b1b308163aee4a7d0a8fd

  • SHA256

    fe6466ccf7c38a4b9b9b9cc0e0f59153ed5cc421d6a1f5f94cd867e5fcc98b44

  • SHA512

    e1869884287a7efd22a0df0606bd7f497fb88fb259c4b5a7a1091e57cd77221200606d015ad13972ef68b5c9c4317ff081ba826f6cc497c049498aa66dddaaec

  • SSDEEP

    192:ntdLcj8WDkB9Cab+peklBs97THnRaT5S545myq29:7NB9C4+lTs9paY545myn

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

  • ModiLoader Second Stage 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\e6c2004f8b577bd10e9682271bdf19ba_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e6c2004f8b577bd10e9682271bdf19ba_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4928

Network

  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    45.56.20.217.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    45.56.20.217.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    67.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    67.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    154.239.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    154.239.44.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    121.170.16.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    121.170.16.2.in-addr.arpa
    IN PTR
    Response
    121.170.16.2.in-addr.arpa
    IN PTR
    a2-16-170-121deploystaticakamaitechnologiescom
  • flag-us
    DNS
    240.143.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.143.123.92.in-addr.arpa
    IN PTR
    Response
    240.143.123.92.in-addr.arpa
    IN PTR
    a92-123-143-240deploystaticakamaitechnologiescom
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    45.56.20.217.in-addr.arpa
    dns
    71 B
    131 B
    1
    1

    DNS Request

    45.56.20.217.in-addr.arpa

  • 8.8.8.8:53
    67.31.126.40.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    67.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    154.239.44.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    154.239.44.20.in-addr.arpa

  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    121.170.16.2.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    121.170.16.2.in-addr.arpa

  • 8.8.8.8:53
    240.143.123.92.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    240.143.123.92.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4928-0-0x0000000040000000-0x000000004000A000-memory.dmp

    Filesize

    40KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.