Overview

overview

10

Static

static

10

faa93b1610...18.exe

windows7-x64

10

faa93b1610...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27-09-2024 15:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    faa93b1610ee4b13d330824811f6f713_JaffaCakes118.exe

  • Size

    890KB

  • MD5

    faa93b1610ee4b13d330824811f6f713

  • SHA1

    12bd73dca8d5d2d07e35943cdc13867ce049b8cc

  • SHA256

    1695bef17b944a22b7809ffa1b14f357d6cd3d3840bd9f4ba61296555850a39e

  • SHA512

    f9b08731a34ce5e7d83572690f43b125c8511d13d72377da060c847b8ef79c5cc3045f148f9abb7fe50152cfba9cedf18220244ecc04570e6d433bc853ea8c0d

  • SSDEEP

    12288:QodE14DgAug/cPX72Rdu/g1V/Ke6HabYsRnyzRbUk5mgl8td6JFFmyh3:QoWsA+8cuoywMskxUk5J8td6Jzj

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\faa93b1610ee4b13d330824811f6f713_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\faa93b1610ee4b13d330824811f6f713_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:2404

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\xp corona.ini
    Filesize

    13KB

    MD5

    ccf04f87254195414708e754ea94565b

    SHA1

    ed589e9b69a460e1bf9c213303581b865edea1f1

    SHA256

    8b9352d6b60174c6c10088f9e2a0be20ba9772ddda65ed897f2be5bc88c9ddfd

    SHA512

    a1455ffa7719e96ab5f6fa7aa8cff94efeb0a6d6bf2cfa099532cc51d346de0164a73484aa2c0e1a05ce2b3ed17d68de91062a98c83b8398ede85944c337928a

    Download Submit

  • memory/2404-0-0x0000000000300000-0x0000000000301000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2404-357-0x0000000000300000-0x0000000000301000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2404-356-0x0000000000400000-0x00000000004E4000-memory.dmp

    Filesize

    912KB

    Download