Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-09-2024 14:18

General

  • Target

    e94e3b8e51032773f456ea39a5135cf8_JaffaCakes118.exe

  • Size

    141KB

  • MD5

    e94e3b8e51032773f456ea39a5135cf8

  • SHA1

    0d0574d3713364be46f96f6ace785b52d71e779f

  • SHA256

    2a0869fd9b64ece60bce02fb856d9d113ca5f5740a06db06264ccf9375723403

  • SHA512

    8682ada3702a406812dfef04ca0d9b4fbe6380b65f30826c4ba957a75a9c9f6fd21e8e5aa16c79f3ebd37c9a80d45fc773d52ef5d722c626935deb12c5e89206

  • SSDEEP

    3072:Eh8YRHE5GsBZCu9MxOLMJN9BwFWv6S+iJuo2:e8C0GAZCvach5v6S+A2

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

  • ModiLoader Second Stage 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e94e3b8e51032773f456ea39a5135cf8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e94e3b8e51032773f456ea39a5135cf8_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Users\Admin\AppData\Local\Temp\e94e3b8e51032773f456ea39a5135cf8_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\e94e3b8e51032773f456ea39a5135cf8_JaffaCakes118.exe
      2⤵
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2868
      • C:\Users\Admin\AppData\Local\Temp\e94e3b8e51032773f456ea39a5135cf8_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\e94e3b8e51032773f456ea39a5135cf8_JaffaCakes118.exe"
        3⤵
          PID:2568

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1740-7-0x0000000020000000-0x0000000020028000-memory.dmp

      Filesize

      160KB

    • memory/1740-1-0x0000000000220000-0x0000000000248000-memory.dmp

      Filesize

      160KB

    • memory/1740-0-0x0000000020000000-0x0000000020028000-memory.dmp

      Filesize

      160KB

    • memory/2568-15-0x0000000000400000-0x0000000000405000-memory.dmp

      Filesize

      20KB

    • memory/2568-13-0x0000000000400000-0x0000000000405000-memory.dmp

      Filesize

      20KB

    • memory/2568-11-0x0000000000400000-0x0000000000405000-memory.dmp

      Filesize

      20KB

    • memory/2868-2-0x0000000000400000-0x0000000000413000-memory.dmp

      Filesize

      76KB

    • memory/2868-8-0x0000000000400000-0x0000000000413000-memory.dmp

      Filesize

      76KB

    • memory/2868-3-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

    • memory/2868-9-0x0000000000400000-0x0000000000413000-memory.dmp

      Filesize

      76KB

    • memory/2868-10-0x0000000000400000-0x0000000000413000-memory.dmp

      Filesize

      76KB

    • memory/2868-5-0x0000000000400000-0x0000000000413000-memory.dmp

      Filesize

      76KB

    • memory/2868-19-0x0000000000400000-0x0000000000413000-memory.dmp

      Filesize

      76KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.