Analysis

  • max time kernel
    120s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-01-2025 06:54

General

  • Target

    JaffaCakes118_0b539d23564f43f77e674f426f76b42a.exe

  • Size

    1.4MB

  • MD5

    0b539d23564f43f77e674f426f76b42a

  • SHA1

    c9c23bc2d4f2272a85fc1dc21b643a54f5c963af

  • SHA256

    a97838413b9b5bba3713cf4b5a2078983c3d641ce6e74cf94ce2f0f16d30a2a8

  • SHA512

    bee0d9c8d156a1167238a69391395e5add7b70d4263ce3f79de127744400da5fdf3eff858124504fbcc36bd6de4ba4fc0a4207d75895bf128e5b8193e66f3bd0

  • SSDEEP

    24576:Yrz+Ka7klyytod7ybjePYpE640xUJSNdxWhfjaklDRfIcu5Ic+EXp0I/UkTTiKLm:Yf+mUpd+by6E6nPxE/lD5IcuWnqpgk3m

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

  • Modiloader family
  • ModiLoader Second Stage 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0b539d23564f43f77e674f426f76b42a.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0b539d23564f43f77e674f426f76b42a.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3044
    • C:\WINDOWS\11\01.exe
      "C:\WINDOWS\11\01.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      PID:1972
    • C:\WINDOWS\11\02.exe
      "C:\WINDOWS\11\02.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2172
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.dnfnani.com/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2756
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    01437a83c7dc6738b08e1e986f6f4fff

    SHA1

    a4a102924d776f138d8ca29db98214d6d40c174a

    SHA256

    f9eb844d0594b6cec522175599e315729bac654eed8fdbef0cce8497187227cf

    SHA512

    db39235f0708dbfae8c33b700863365491c65bb4eaf7e1bb90692fd398fad3945c49a64fb792b1b27714d96be63d9d41e9ef80e3d63dcf7578f19eb80005cda4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6514f6a14976be00663b51bbfda7409e

    SHA1

    2f508ccffe3014255d6b69ecd88885e07117868e

    SHA256

    1626c1d22acc0fd560bb2173332e8b243bde60002685c6795117f14343fd9cb0

    SHA512

    14df0af567a781dd8bd80caf446923d299e6832679290778637f02d22dc68b8d5cb0fedaf61d9993ea3406439b20a1ad25c523058ec82e0d034be6cc901815b8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0460a3b8f4d2635a1a0dfa432852a32c

    SHA1

    639cc4f8edc6d2b6d1e6ca126c39502ce360cd91

    SHA256

    7736317d36112d632b051a2d3f9b7547cef2c7664786bca07b3ff76c4e566fe4

    SHA512

    0bfdc3756d714a2d9470ef67e9c33d609907eaf39cc049d8a9e456be5aae911a7e1b0a84f0bc910e9b1b064f5e27b3a90542ff08c4eed58e7381d8656c63648b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c7e4702e472d69c8e3eb0e20d9970b7f

    SHA1

    9a70f3b9b0334524e1d6a46cdebed2cb2c54415a

    SHA256

    d55f0b3502bb56bbb6c3d94e46984c613bdb96ccc90c6184e45a34be03f56f42

    SHA512

    b769c9f10454afc60521a3833c7d17b1f81726619811437826ea174e4e4c23dd8461407886664a3a14f864199d16d3d16176942179ac66039639589dc8b9d711

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3ca787b21968025a8901773114b10ad4

    SHA1

    d5c9b10f9e4de8559e6e907f81f276ee72bc24ec

    SHA256

    b40bec70930400c2880771c2cb9bd778d3603a1088e3a5944b7fd26968eb8d52

    SHA512

    fdccc8b4e6085d6cf105f8fad5f8418b273d1eecc1687e018889d037970b1e613c54e4fdcf325214c36260a8fe3f4aafefe92ad79bc53ca551a1876d006653a0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b65878dbcaa3547b5dfed1c8ff2efe57

    SHA1

    a8e2438c8e03b97d2844fbc69986ab8a6dbfeda8

    SHA256

    233d01cd501f962ddb34fe9c5a5f46081b4aafda3e3858b4d7cdd47ab91b936b

    SHA512

    603c53a577c6c4d0ed4a697a6b6ce2c25e5e8ba010e8400311af465439cca2d6256562290790f243cb602d08e000f9d9fbcc88c3808202f7b23c433b04b5190c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8699ef9f30acf3a777e0550565e95657

    SHA1

    c03c50c29bea3080e7cb3974e57ecd7828b7a4fd

    SHA256

    f604be53b8c39cb9c16dfb7638f358b6ccf584d99801ffe7dffecd5fbccb15ae

    SHA512

    d8a96c6fdcf4381776bb9b5ce3e943c50c58cf84d1ae8ecbe85d549badebf1e44073186b543dbae671c7bb2d4ddd5e59e245c412f7c383b458c8ad2e02b6deb3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8843207771e7cbb2d4634399137798ed

    SHA1

    a852330325e9a417fda474035a5143ec9cd363e0

    SHA256

    7501b47d7fedb9598e56bbf91c014dee83deacafc28471df3f79fe167f31c0be

    SHA512

    765696ac29d17af3d3191effc739b19caf3ea523ff864c9544326a1a6e7c1b564fc176aa28ea734d7632136c6bc5aad85ee00c1a5424b5b1cd885219f30ba878

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9f2d928845231e6603f7c718f7ab2c27

    SHA1

    7c3a99e08201781daf291c7234dcf4fbc754fc82

    SHA256

    1db55c6a1c49115467c9bc8c6394942d6378c244b78b3810488b5fc37c1f1044

    SHA512

    d9904065ac8192a86d15d8146b8b4367809aa6c18c594ac3e55eb164f2f663f691d746baeb88d289c0ae01dde81694960a8eaa22d786c3b8c2ac602e04fedbac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2369c3e888f25ec05b0dbb62aa6fbbf6

    SHA1

    fa4407274371687596ed3adbbe29ef23eb59b2ff

    SHA256

    a6a43755029065eb28cde66c858a7d55bc2f1f4015ef88ab71332819bd07395f

    SHA512

    c34a9a1496d33817e6249f8315107c507a5093233aa1250a0f31840257034824a9e2c682d37c792f298052c59e18d20ac6ab0df9e5c900d75db6ceb1bcdaa7bb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6ee09175390cc55d812746df0f48fca3

    SHA1

    c8819bb7ffeede7736ffdee34270fbcf03d53e88

    SHA256

    74fb5cf59647749b1e5883695c0c3babb5eca5f98969e84634aef9e7ec96cf6c

    SHA512

    6c9ecd5c22ebcdf91d6ec5697f37b55eb37dc086df8bbf15d71a79cec4764258e9d8aa5af4295903de108c0c170418022900529bbcc9c46d857e00a7b8ee0151

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    180ea432e3774837eb4f0b4315474d80

    SHA1

    61bb09aeecf91061ce8dd7cde1598e5bcd7b93bf

    SHA256

    ec44b1a4d9f89427590e5218c962ac08fb3d7830f866bdf57ad23cc8642781b4

    SHA512

    29a8c18683634d5b48e69bc3328b904cbdaff48f7319cb45222c57cdb334b7d467a6e80f2e3b8a08cff88e88ba761c6c842955e3810866665a5d0eb80d8f614c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3f5e94a5409c91bf37ea8d159a699bf0

    SHA1

    9baf235fd62eb6b801c09cdafd261c83059e2f81

    SHA256

    f800996f281bd30e79108a83a90f75b33133ddff923602f7d40c28264d7430aa

    SHA512

    ca1ff50de8114760042975b4f0db41c822272994ef5ccaea90902bb5954edb2ebfceac2443e93648e1c4bab2ec1ed789c29f0fcc62f9bffb1ac293af449e718d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f705affb43f932755cf8defb5f1861e8

    SHA1

    a1a1b52def4439afad86afb02777d634dd04bac4

    SHA256

    771685d3ca7d4a808e5f2ebffa21500a3f95e7b826752a9501649ad49a84482f

    SHA512

    f429906db6ea723b0cb0a23c1706d01688d1f989387ee614bec9bbfdc4824456ea752ef836299a754cc58df08c3a611b295885f756dc8bed50684c0814ff40d8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    92cb83f8450f9c44e797750a4387391a

    SHA1

    f13cb46696b2c6eb9ba4aad5abcbf2b56fbaca39

    SHA256

    4e4484e7a3fe9e0d500519d67640178ad1532404f5bef30612fabab1792a8865

    SHA512

    61e1d123b57adc93e857235213a4faf69bb49fa19134e9f1e3e8eada7379dd0150cd4d53a0a5190f67c6632267e3c1a31ae78c3b4e60e03cc522c0bb24f6c7f4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8e337a64d0d99746221e914d8e8369a8

    SHA1

    c52a0f853c468678256abee720dad35de619a4f2

    SHA256

    8da6d9f0e0ced438df771c701f401e0c3d843ce4ca3f1771d33b186c27de915a

    SHA512

    c3bf801b4a08d24f65cb53053dadcc2a53173b36cc068477d38e695e3ac92e03c5bffc05d525e3b1b9e33570ae2e04ccf478983c38e9d652485d67ce12a42712

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    24691f1c96ade099b7daeb3b44712973

    SHA1

    2ad9716dad893c7aba32424b384b6f5de0705c8d

    SHA256

    92ad158d3f0810b793d913921590ed9f8fdbd2c6c0a4b7d9c85faf1a49314ec2

    SHA512

    07ad5382db956996b204c05e876ee3d7c6ac608871040df9fdd86a591272b1869bd8605a5a16ee941da82f499c8baea1340d493c501bce43b14090816b3f61c3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e2ab153d8bcbd4bd4f0eb5fd8ce48420

    SHA1

    1221d5c6ec7304d7015985f6d622fc824b2fd362

    SHA256

    ea4086bce4fcb2bf67482c3af3ecd69190df6fb1a5b8cd59531152664cd74a01

    SHA512

    094c6e4436d810b0248e8bf5ed672f0b7ce814f7b1a659a84ae617c065eba0bdac74fdac77bfeb39de5052bc4906f687b050b07f9c6215861a829e97b7ead856

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    74ee876d2b296ff40ebaf2d69d226acb

    SHA1

    b4be3d60d2e37dabe45b15a767abe06e5e088490

    SHA256

    68b59aa2dc2a70a5b0c2d79049a21b9f4df9e809555c1ea4467333f448d0650c

    SHA512

    0dcde9116859fdcba72112562ed99575f2dea9339d60522a12e0462e94abf29329f5ab9342a45c599a1c4edc33ca395d1c717ff9ffd1513487db0e73b9246c93

  • C:\Users\Admin\AppData\Local\Temp\CabD1A4.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarD214.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • \Windows\11\01.exe

    Filesize

    685KB

    MD5

    dd22522bfbde59bb606df42589ee4998

    SHA1

    29f5c7125e86ee93199cfb79df8264317ef1448d

    SHA256

    f6d9dfbf7b78da983e9ca7eb7f812d021ef0d6bff15e129dea18bba6e965e114

    SHA512

    771e5d787cc43efbee7d3479091daef7a79487e88dde86a1d9e4d0fbdc9366554c4281783ce85cd2d46950dcff4637318e34b6c45f8943547aa91bf927604d4f

  • \Windows\11\02.exe

    Filesize

    1.1MB

    MD5

    773a0f44b141b140584cc4373a60b3be

    SHA1

    eb86b8019c3649c8c6e36a9558c9d443c8e38d6f

    SHA256

    defb1dc99f7982f9c0b5d621ad995d0739cef0826d3b25e27f3077c01a4b9ddf

    SHA512

    6043604cd2c2edb23f16c0ec4d4a0a4386d8471b693adbe275741aab7d29e38964925d24d1333537182b7bb1581d1cf489bb70aa8e42600e7cbbb5a0815b7041

  • memory/1972-11-0x0000000000400000-0x00000000004BF000-memory.dmp

    Filesize

    764KB

  • memory/1972-9-0x0000000000300000-0x0000000000301000-memory.dmp

    Filesize

    4KB

  • memory/2172-21-0x0000000000400000-0x0000000000615000-memory.dmp

    Filesize

    2.1MB

  • memory/2172-26-0x0000000000400000-0x0000000000615000-memory.dmp

    Filesize

    2.1MB

  • memory/2172-27-0x0000000000400000-0x0000000000615000-memory.dmp

    Filesize

    2.1MB

  • memory/3044-19-0x0000000002A50000-0x0000000002C65000-memory.dmp

    Filesize

    2.1MB