Analysis
-
max time kernel
147s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
24-11-2024 20:32
General
-
Target
970fdd86ccacc153b497c4f19cbe8f54_JaffaCakes118.exe
-
Size
1.3MB
-
MD5
970fdd86ccacc153b497c4f19cbe8f54
-
SHA1
f8f23667c8b8258620f1f67118ea68339b75958e
-
SHA256
d93ebe63a4955070bcf43eb5bd096951954e4965a6e64e1a5f5c6837221cda76
-
SHA512
7a1fb2724328125be627d8bc9e685f93144b1f7c0a4e0138dc5b1e9cb7d4a4f11a58b60b50d71679e0470d0afc9b6eebfda4d3e33e52cb024df6495ca30a4489
-
SSDEEP
24576:3h0t0fgQSwA84eHTINk9qT9JxFXVFXDTQEahtPeXzuOnm7Be:ut0fiwAwRolrkEgPqXN
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
UAC bypass 3 TTPs 1 IoCs
-
ModiLoader Second Stage 26 IoCs
-
Loads dropped DLL 2 IoCs
-
Themida packer 25 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
System policy modification 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\970fdd86ccacc153b497c4f19cbe8f54_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\970fdd86ccacc153b497c4f19cbe8f54_JaffaCakes118.exe"1⤵
- UAC bypass
- Loads dropped DLL
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- System policy modification
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
33KB
MD5a3355421114af116a25df4b9823bdd3e
SHA109e78cb5eabde04205c468acf3d92e850aad5505
SHA256da09ba73027b748949942ca21c48933c3f07f4083adb37d87ed96d7da189474d
SHA512e1540faacd38c9a4de93930a0d772572f66dc6bf3398d3441b7cfe74e64a018d58152d56a3e680c7d4af0e09f16d91d4d3106ff954faa84141fc05544b1f3f28
-
Filesize
7KB
MD567587e25a971a141628d7f07bd40ffa0
SHA176fcd014539a3bb247cc0b761225f68bd6055f6b
SHA256e6829866322d68d5c5b78e3d48dcec70a41cdc42c6f357a44fd329f74a8b4378
SHA5126e6de7aa02c48f8b96b06e5f1160fbc5c95312320636e138cc997ef3362a61bc50ec03db1f06292eb964cd71915ddb2ec2eb741432c7da44215a4acbb576a350
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
108KB
-
Filesize
4KB
-
Filesize
56KB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
56KB
-
Filesize
32KB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
4KB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
944KB