Overview

overview

10

Static

static

10

054572711a...18.exe

windows7-x64

10

054572711a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    55s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-04-2024 13:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    054572711af1299d6004c3bdf4b35239_JaffaCakes118.exe

  • Size

    447KB

  • MD5

    054572711af1299d6004c3bdf4b35239

  • SHA1

    bfbe2514a9141767b0619588b32ed185d851705b

  • SHA256

    b7ff3db5a804ad2eda388345f63848b6c8adad73170c85dfd70567a2639c4624

  • SHA512

    d01fa87b56c505ea9b99ca0fbf5f38d3b0f27bbfe2fe99203dc48fce9116819e346d4cb6348caad89d6183cf84c964dc1bc042923887ac680d37cf469788c369

  • SSDEEP

    6144:wLy84u9nSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXRo6sm:E+u9nx2GjMY3XKfd/H/9Pm6sm

Score
10/10
modiloaderpersistencetrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\054572711af1299d6004c3bdf4b35239_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\054572711af1299d6004c3bdf4b35239_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    PID:4680
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
      PID:3024

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Boot or Logon Autostart Execution

    1
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Privilege Escalation

    Boot or Logon Autostart Execution

    1
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4680-0-0x00000000022F0000-0x00000000022F1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4680-1-0x0000000000400000-0x0000000000476000-memory.dmp
      Filesize

      472KB

      Download
    • memory/4680-3-0x00000000022F0000-0x00000000022F1000-memory.dmp
      Filesize

      4KB

      Download