Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
28/11/2024, 17:26
General
-
Target
ad0f9009d880d4326ccbe286aa53a36d_JaffaCakes118.exe
-
Size
68KB
-
MD5
ad0f9009d880d4326ccbe286aa53a36d
-
SHA1
6c96b50e3e346ff5d09dfd27d8def6a4f4a2a018
-
SHA256
d2959b83ce5e903efbca788536d024a3de86c688c6ca73f4429e6c4cd891a5b1
-
SHA512
38b6fa65a0ba7017ddd0fc4688d9807adc75226122ddc6cb6f7edfd50b492ffac2fbe10ae3c50b0f815b970da9a9bd96b999f9465160728cc417ce9d78bef5bc
-
SSDEEP
1536:BqqYFQ0CymOK5qsmQHgNuDvCKRJecKuU9J5eQr/Yxk:kFRCLOdLNeCeJBK19JfrAxk
Score
10/10
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage 33 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ad0f9009d880d4326ccbe286aa53a36d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ad0f9009d880d4326ccbe286aa53a36d_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe17⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe27⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe29⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe32⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe45⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe63⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe64⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe65⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe66⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe67⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe68⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe69⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe70⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe71⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe72⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe73⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe74⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe75⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe76⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe77⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe78⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe79⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe80⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe81⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe82⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe83⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe84⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe85⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe86⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe87⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe88⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe89⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe90⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe91⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe92⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe93⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe94⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe95⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe96⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe97⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe98⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe99⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe100⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe101⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe102⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe103⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe104⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe105⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe106⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe107⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe108⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe109⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe110⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe111⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe112⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe113⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe114⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe115⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe116⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe117⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe118⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe119⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe120⤵
-
C:\Windows\SysWOW64\grtosts.exeC:\Windows\system32\grtosts.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-