Analysis
-
max time kernel
140s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
25-11-2024 23:17
Behavioral task
behavioral1
Sample
9e7b00464496f69df5c8de4212562411_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
9e7b00464496f69df5c8de4212562411_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
9e7b00464496f69df5c8de4212562411_JaffaCakes118.exe
-
Size
872KB
-
MD5
9e7b00464496f69df5c8de4212562411
-
SHA1
6221140d23656f47b15f5d5c331e2bc5738353a5
-
SHA256
6d9aefb2a9505b2f22f590a80dcd9c40b545eed5f359ecf3977cc84672f1bc7b
-
SHA512
31766facda1b2c23f21dbc9f07a6babfb2ec8e78be92c17c8fb1cb919ea2e012a819425834e86091e5f494ffc0936bc6fc4213c773cd20093402badc7f4666d0
-
SSDEEP
12288:ErxlzWQwlRnAeFE7y0rrVzC/eC/zhrP543v7SVc0E71X+E:ErDiTRnAd7PNUjzhrP543v5RX
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage 1 IoCs
Processes:
resource yara_rule behavioral2/memory/1404-1-0x0000000000400000-0x00000000004E1000-memory.dmp modiloader_stage2 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
9e7b00464496f69df5c8de4212562411_JaffaCakes118.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 9e7b00464496f69df5c8de4212562411_JaffaCakes118.exe