Overview

overview

10

Static

static

3

ee547d07a6...18.exe

windows7-x64

10

ee547d07a6...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-09-2024 20:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ee547d07a66ddee8cd8a89f5c7af17e0_JaffaCakes118.exe

  • Size

    353KB

  • MD5

    ee547d07a66ddee8cd8a89f5c7af17e0

  • SHA1

    5fa01bd7b8b42f6c136a771c1323464514359253

  • SHA256

    01ee00438aae21b9e5e71585ce24f95f99cd3f47cf8430bec99e590122b7c0e3

  • SHA512

    519cfa9ebf588f3311d153d7c887f94991213e78e30d696da1b7b711419e3b3b83963553c923a1bb51728e9238e03373f5a93c85942b8e8ef9458f7e7783919b

  • SSDEEP

    6144:VApv2TGV7drbndj93FK+BX2JagZfjhJkiZdkCGrAtDuWhXVf40gPbuykp:VApv2T8Bn3FsthawZGctB9gzyp

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ee547d07a66ddee8cd8a89f5c7af17e0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ee547d07a66ddee8cd8a89f5c7af17e0_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1904
    • C:\program files\internet explorer\IEXPLORE.EXE
      "C:\program files\internet explorer\IEXPLORE.EXE"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2608
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2608 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45241e33438fc1cb6af8063a9cc08eaf

    SHA1

    4ad1d0decf2ed9c557dad20897c2fc96208f1553

    SHA256

    675956546596c869eaac0db3352878ef06debf004cca59060a81bf0b307b83c6

    SHA512

    54ccfa554cc11f8b752fe71f597dc206e2b13d0904b8292275ea80f62e518420c409f038fcf77c3e3b2611863e70884bb0d30aa66bb93103c19968e62b837d45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    50100e5a946690dafe0f889a5a822e50

    SHA1

    24dda2e3639fd50a22e659b4fed8c6a30912e7ab

    SHA256

    777974e95d73bbd8442a77fafb5e439cb40495099df5b8e28d11738fe03adcee

    SHA512

    4dc93c230a1ca4946ba038788b464bb56b92aa20fe812c016867463c39259f0e0302a38b9c9f5dd07367eabc41121158aa98d464d338aeecd232b9509d586743

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    319fbf3d7fc3af5de70d3a1edb75d09e

    SHA1

    ec507762dce35370bb30122e3107b4007daf9a8d

    SHA256

    d4d14adf81009853663edbb0dc7116d45877c163b1bb3515856f63d435eb3ab2

    SHA512

    a45bb01252aad0c6e21fac60ac5fe3d19bbf40a34059f797afb8aba7ce154b9350ad8b0727dd1d5b23b890c31f5f5df593d5592871c1bf59f66ffcbc50a84030

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5346bfc1a86f7345f7541768f0027b8f

    SHA1

    7603e782ec14a139e3446c1e22ea58d763ffa9af

    SHA256

    37fcf82556504cdead44271cb6a728a552bff6c90785615fad9e0fc53a05fe98

    SHA512

    f0b688e92f6c11b626d14d09c5c0cee3235cc9dcfb0d91335f14a9039905e19ebac7fcee4fd836d01f1e2ebfea0b74299c16187af6cebc019426a878c89e48bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dca48935acf6b340aea2eda26aad420a

    SHA1

    66e9c11d03c1193c11d8a3c1d64185fbcb77ee89

    SHA256

    b39b311356d30c7812da612dfbf371c65065961ce69604c888bdafb50c935069

    SHA512

    4999f7d980a95d38b7b26bcb955732cb988eb06d0288ed5c2a0ae5bc31544321e49555ffccd1b793291c71331c4b072f89f725d7a72555841d8b0f1ef4e0fcb5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c567c130076dff1dbeeb62be34043fa3

    SHA1

    b0180cb528c59e595c9805ca2584e0ac7bfa653d

    SHA256

    528eb7bc1ef25d873b9ec3e59d4ba678958e3e79f8e9c9c9f26b41b109b49528

    SHA512

    5ee54333bbbca98756664b000fc38494ea873246ae42f7c43106b48cf81d9db4a38ba73e0be744c82875e3d4aab5c0ff217d7ea8fe4d94b7a79a292499d1e449

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d475b9d70d215aac4babe00413d7a9dc

    SHA1

    22477b5c6b7dbdc545846d37684571a0a7c64ed0

    SHA256

    866489c2dcdcbb3e1c3aecbe279c322da33e824be74c5b522400ecd5dbf750b6

    SHA512

    e6ac49e3be5c8140e9befa580a0a1630d54c822888054deaf5e56ab7b158554f08dc941ce8369873c580195c002b3bb07f2fca884382a6be738d78806d14f9e7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA22C.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarAF0A.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1904-0-0x0000000000400000-0x0000000000520000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1904-5-0x0000000000400000-0x0000000000520000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1904-4-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1904-1-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2608-3-0x0000000000270000-0x0000000000390000-memory.dmp

    Filesize

    1.1MB

    Download