Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
20-09-2024 08:41
General
-
Target
ed3a3998d854c7ab7e39b503c12c35f4_JaffaCakes118.exe
-
Size
552KB
-
MD5
ed3a3998d854c7ab7e39b503c12c35f4
-
SHA1
15eecc8e8b0b97829149c4bc57b4f57311366600
-
SHA256
9591a4e47912a1bfca0352b89f7d96872b133e4731e134e8908d8e0f6894a966
-
SHA512
633fba49fdd5ab5359ea2533f2f6fd310ed4cdb726a86a543c32c446d2ce4ca78e7d2aa5ddb1cc8c967db4b0be2bf58be1c29e4546617cb38399cf44f407fc18
-
SSDEEP
12288:PtVhdZ0uzREGNdgO6YAVkwViPCVwZfn5JXTs358L43Pk9FRVGGeQ0PoIbmvnkzsX:PtrdZ0uzREGNdgO6YAVkwViPCVwZfn5P
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage 1 IoCs
-
Drops file in Windows directory 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\ed3a3998d854c7ab7e39b503c12c35f4_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ed3a3998d854c7ab7e39b503c12c35f4_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
361B
MD5e5d9e71d7cb8f25cc3ace6c0524acf92
SHA161ec67a84356e1187428ab81da894c715971de62
SHA256c5d231522a671c98fd1930a27ee5cd0b21387107613c6a1990b4c1e98fa2ff5e
SHA512e67b788c6486ed5e574c59e6b5223ddc796364d333ed42259fb662d2d280fd1608b2c18d41340a4736699117db77f575c9fcc69a0284a6b85431d39b8bd18486
-
Filesize
4KB
-
Filesize
584KB