Overview

overview

10

Static

static

10

e4254c886f...18.exe

windows7-x64

10

e4254c886f...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-09-2024 06:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e4254c886f447b8d8eb2dacf9d398f89_JaffaCakes118.exe

  • Size

    26KB

  • MD5

    e4254c886f447b8d8eb2dacf9d398f89

  • SHA1

    6b5be2d89b566adb98c0f2a21d01a10488f4de75

  • SHA256

    82e0523ae4c739abda81cc432b4d5e1eaad6953a3a7443a565a6fda0d3dc941d

  • SHA512

    eb9c63d60d564edd1f9e469ea43d8167132f458721c3a5c76b78674f5250aa1a04ef3e5098cf4eb4a77a2a67a26c39ffe8721073806409a16aa523a2a001c841

  • SSDEEP

    768:l0N3ug4pec809+euT8OWy1JoT0+di6dW4TUyHeY:y5uXecl+e81Z+dYG

Score
10/10
modiloaderdiscoverypersistencetrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 2 IoCs
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e4254c886f447b8d8eb2dacf9d398f89_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e4254c886f447b8d8eb2dacf9d398f89_JaffaCakes118.exe"
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Suspicious use of SetThreadContext
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2660
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:2288

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2288-1-0x0000000000400000-0x000000000040E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/2660-2-0x0000000000400000-0x000000000040E000-memory.dmp

      Filesize

      56KB

      Download