Analysis

  • max time kernel
    141s
  • max time network
    99s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15/01/2025, 17:05 UTC

General

  • Target

    JaffaCakes118_5cff2e754fda9807c74fca18a849e643.exe

  • Size

    693KB

  • MD5

    5cff2e754fda9807c74fca18a849e643

  • SHA1

    68b72c6e95075d14d6e18921595f1302c9aa884c

  • SHA256

    a669e51e17ddde4aef6e6218bca0abb06f953e8d05a4ee1031ea5d52fb8c65fa

  • SHA512

    1ff15b67344b0ebc75a8fa3569b74ae9fc4666e3605bd9f3be00f70f2fb75b7667cf461c8ef46251f700d3fcf5c04cf57537ab19de0e861c8fbb24e01638c388

  • SSDEEP

    12288:8KlN8Co1ksS4oO6ePKBGwe5QxtDwx02YltukAWjh6iQvQPeCHwjFQTOfFhaQpSkf:8yo1ksS4BiAwe5W40pReCHPTOfF8Qpx

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

  • Modiloader family
  • ModiLoader Second Stage 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5cff2e754fda9807c74fca18a849e643.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5cff2e754fda9807c74fca18a849e643.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\program files\internet explorer\IEXPLORE.EXE
      "C:\program files\internet explorer\IEXPLORE.EXE"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2552
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2432

Network

  • flag-us
    DNS
    api.bing.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    api.bing.com
    IN A
    Response
    api.bing.com
    IN CNAME
    api-bing-com.e-0001.e-msedge.net
    api-bing-com.e-0001.e-msedge.net
    IN CNAME
    e-0001.e-msedge.net
    e-0001.e-msedge.net
    IN A
    13.107.5.80
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    IEXPLORE.EXE
    1.4kB
    8.1kB
    16
    15
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    IEXPLORE.EXE
    1.6kB
    8.2kB
    16
    16
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    IEXPLORE.EXE
    1.6kB
    7.8kB
    13
    12
  • 8.8.8.8:53
    api.bing.com
    dns
    IEXPLORE.EXE
    58 B
    134 B
    1
    1

    DNS Request

    api.bing.com

    DNS Response

    13.107.5.80

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c4a7a54beca78b8f479f2b8dcfefc4dc

    SHA1

    12bb044c4119cda64b53e3c3de8a01c0debaf2d4

    SHA256

    5f21c54a824a56b8565862aa3ced03170784ac40901590f5eb5ea2551d438cc2

    SHA512

    93c8000f6e25aba4ae8bbddf87145eeda23ee322d05e2938258c94cb68250aa764e4ed6d200bdf2e0bc5cd51899c28c96a28209fb357972be149edd2414082f5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    296b77fb0fa4893b2baa8737ee240e6e

    SHA1

    eb2f8f3a2253f1e0e9b39ff01ba9d6b41c36fcd1

    SHA256

    59812bccfbd23a566fa01f75250d5a3ead2d9700c844a48952290e7e864f2f36

    SHA512

    387aa22db0b021d9824e5c184c1f116c4fdc328e0b40e0d052b7d9656ee5e576ba7d10620ac3ad7ab52fcffd36d8d2260e01241c6d6c13114683934b16418140

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2e9bbd4fe84a7bd462772305c5ede973

    SHA1

    4e83d93628837ff2cedec77e476e5b5513eaf695

    SHA256

    d4391261abc3b542bf888790875fe98380d06cc9df51eb3bd58d36b2d8c27721

    SHA512

    467eb8b30cd640ea1ea98ed3e605e926260afa7691e55681ad7c5a921e5f347094b5a4b071670c45dcc727e9e51d9ee2facb8fe54df491b550d69c384bdc902d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    db0350d9d9e64a2778db296f485d8e03

    SHA1

    bf38544d89d1bd2c42be5b325b6bef76844ff3f2

    SHA256

    2103e3761e4b3fb9c8676466539843f40465b0b94f1880809aafa5592fd38dfa

    SHA512

    2d50030c56baa63d1c8a5346b1afa40e910ce06a1d6b75ff07fa169e03380f728ee957cff7e4040e5c11eb27eb62202d28a8c79d430074cb97b3c199f7df3d78

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    67186a71320e0e8d10b0029b4764a0ae

    SHA1

    1a9d128d7bc318fcf3d32859997a6669b81cd96d

    SHA256

    48041936e6d9304877dc98ca2ea7783677c28f27197353e0ead9848e34854e5e

    SHA512

    b7e455f952c82f4c8b65a0ded1c23f4f135c8cf14498a0b6a2a9369e54b2ea916e251f5ae62279f93a1f509be1cce869a661cca88675c0ac7ca3a19e49d98132

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d104fbc10ef8b526641fb7716516992c

    SHA1

    7d390fbf342b36fcf592dca3c78c83598cd6bc22

    SHA256

    bb6ae02c4dc81b05e513e9450b554d7d947fdd511c59c108c86d1097c17dffbe

    SHA512

    19c23919093fa374cadf80bb709179bd4284f09d9fbb481dfa593b30beb3ac194d6d44bb93bc6a35ff430627528f0717753658fd142d34e2a20fdf09eb05bff2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3e75804a7aa8a5521308f1eca035c1ef

    SHA1

    4ef9a97c54de67bce5a7b7f20386b8743c3f973c

    SHA256

    9887c5de9319c147f98c9f4ba5ac413aafa5a9577c2683e813d039323cb5cd97

    SHA512

    6518f40d93492a140d2b929b21f1cac233b7d713ac0bf9d076be60ca5de976cba1d2dbdfc88622764211417135245371dc9382fa3a1b0b1ce47994b3d5e8350a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f3795825564777195593c4903fc6bfcf

    SHA1

    5d34937fdd6b31ed8b9f15312920a2cd0ed4b5f6

    SHA256

    b275769d106591409f41a205e3cdfa38ba7ebc449cd17f53b6a7b33e8e6f3dd4

    SHA512

    667dc4fd4e19d43695eea170d292eebe26f59678d65309f1705ab3956bc8d3e4d625ddec1bd4d0ec8010f5d00a56101be21c1ec89e615b4624ec85bdeea99dc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9aafc82e0de3aa3d2799cc62322fbaf9

    SHA1

    7e32496386c6f6fc78d8d8fb157b8743762de6e8

    SHA256

    904b4abfad06007285a65c94ea53127c4e3e725c9e54598d9045e4098d2180ed

    SHA512

    006f49c5c818d369a9bfeda1e9e84732cc4622c608a66c5457f387d5f05fad80b1c6afe9693da2445c01cdb029e7f5c8837a3e61f5c649d50de540c748fd0671

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ae9735e28adfdc906b3d981aecd5a5bc

    SHA1

    6e9f9bc20248826814546d1830fd35cf1aea5231

    SHA256

    0acb2ba2d3bde9f8a4fea53a2182077195bd8c75a28b68094b5f58774debf052

    SHA512

    b53aff11f06bc2e2d60bdf41497dfdce19cd93339801c15e12aeb7436e32dfa95fa3f326554b9dd9ce9bca2b8c97b36f246fe4bc4230f6e85fb44f4e663e18d0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a9560b8940f7016d0ea7ee8d0aa02830

    SHA1

    19aaf3f9da426ab739232508216fe434446ccbce

    SHA256

    68809c0d85bc529239267c03177db98fcc6e8b27708a2af0f9ce3ce31386a64d

    SHA512

    fd818855f266fc7a42ce219d7e459068267454d1a16bc12da859719b5cfb7661443b54fce45cc49d86a455d0963efb795faded5c378ea5e2110df4674d6ba1b9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9ae8a51c54c6c624c4a262970044e922

    SHA1

    131bc902a4fc0215437996099256464e1e50e7dd

    SHA256

    cf2f09268419ee6e6e384e1b1cf645fa8302703b500af998de59e071db7356f6

    SHA512

    c56b61dd1ed1920cef751de39d1d1fb409b66d4128ec7e9cc449a47f120799dfceef9f6399c8214557bb004be5499885a966a7fad452b83428251b68be425854

  • C:\Users\Admin\AppData\Local\Temp\Cab6EEA.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar6F5C.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/2208-9-0x00000000022B0000-0x00000000022B1000-memory.dmp

    Filesize

    4KB

  • memory/2208-5-0x00000000022D0000-0x00000000022D1000-memory.dmp

    Filesize

    4KB

  • memory/2208-23-0x0000000003650000-0x0000000003651000-memory.dmp

    Filesize

    4KB

  • memory/2208-24-0x00000000008D0000-0x00000000008D1000-memory.dmp

    Filesize

    4KB

  • memory/2208-22-0x0000000003660000-0x0000000003661000-memory.dmp

    Filesize

    4KB

  • memory/2208-21-0x0000000003670000-0x0000000003671000-memory.dmp

    Filesize

    4KB

  • memory/2208-20-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

  • memory/2208-19-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

  • memory/2208-18-0x0000000003620000-0x0000000003622000-memory.dmp

    Filesize

    8KB

  • memory/2208-17-0x0000000000400000-0x00000000007C9000-memory.dmp

    Filesize

    3.8MB

  • memory/2208-3-0x0000000000B30000-0x0000000000B31000-memory.dmp

    Filesize

    4KB

  • memory/2208-1-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

  • memory/2208-27-0x0000000000370000-0x00000000003C4000-memory.dmp

    Filesize

    336KB

  • memory/2208-28-0x0000000000415000-0x0000000000416000-memory.dmp

    Filesize

    4KB

  • memory/2208-29-0x0000000000400000-0x00000000007C9000-memory.dmp

    Filesize

    3.8MB

  • memory/2208-4-0x0000000000B10000-0x0000000000B11000-memory.dmp

    Filesize

    4KB

  • memory/2208-6-0x00000000008F0000-0x00000000008F1000-memory.dmp

    Filesize

    4KB

  • memory/2208-7-0x00000000008E0000-0x00000000008E1000-memory.dmp

    Filesize

    4KB

  • memory/2208-8-0x00000000022C0000-0x00000000022C1000-memory.dmp

    Filesize

    4KB

  • memory/2208-0-0x0000000000400000-0x00000000007C9000-memory.dmp

    Filesize

    3.8MB

  • memory/2208-12-0x0000000003630000-0x0000000003730000-memory.dmp

    Filesize

    1024KB

  • memory/2208-13-0x0000000003640000-0x0000000003641000-memory.dmp

    Filesize

    4KB

  • memory/2208-15-0x0000000003730000-0x0000000003731000-memory.dmp

    Filesize

    4KB

  • memory/2208-16-0x00000000022E0000-0x00000000022E1000-memory.dmp

    Filesize

    4KB

  • memory/2208-14-0x0000000003630000-0x0000000003633000-memory.dmp

    Filesize

    12KB

  • memory/2208-10-0x0000000000900000-0x0000000000901000-memory.dmp

    Filesize

    4KB

  • memory/2208-11-0x0000000003630000-0x0000000003730000-memory.dmp

    Filesize

    1024KB

  • memory/2208-2-0x0000000000370000-0x00000000003C4000-memory.dmp

    Filesize

    336KB

  • memory/2552-26-0x0000000000310000-0x00000000006D9000-memory.dmp

    Filesize

    3.8MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.