Overview

overview

10

Static

static

10

cf9eb9bd16...18.exe

windows7-x64

10

cf9eb9bd16...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-12-2024 23:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cf9eb9bd16cbcd615e6b08cf50573d46_JaffaCakes118.exe

  • Size

    4.9MB

  • MD5

    cf9eb9bd16cbcd615e6b08cf50573d46

  • SHA1

    9bfe7cd1416aa1b4248fdcd564f20f87c7dda93a

  • SHA256

    e860ddf0264977358fce6d5d29017109ae98484d32021de5a0ab343e10a5e78d

  • SHA512

    0b83fe4d5d19cc127fef39054e9fad8f7d0fea1747d854a9970a8159311814e6bb0b7cb95e94128669357c0656c9c0226c0f22dd03b983a3b41fa1549b30881c

  • SSDEEP

    49152:01p9x3DzxdkzW7eQ2TgDzI8qI8xXBSlYxSxjSYcTARUI8KDUI81BSXqfvxYaLI8E:snzzx6SeQ/U8L8xXB9skG98k98W8nzBe

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • Modiloader family
    modiloader
  • ModiLoader Second Stage 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cf9eb9bd16cbcd615e6b08cf50573d46_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\cf9eb9bd16cbcd615e6b08cf50573d46_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1488

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Operate.ini
    Filesize

    572B

    MD5

    3ba5c67a9036d8e30c71015b9c8b3daa

    SHA1

    cca9f934692cc3c0aa8dc285b09e9c32c8304551

    SHA256

    c264ba82836fd0d312e7d57fcb1de42c49ca0c96ebe83be530dec1ee99fa4161

    SHA512

    e1e0e51a533a5e574c6750d44e919838cb0d8c5c92bc165ba5f7dc5d5037d6b7c8cad26b7c4503c4d7967b7d7725fd9506848b177e716bb287cd9b384c18c0bb

    Download Submit

  • memory/1488-0-0x0000000000400000-0x0000000000918000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/1488-3-0x00000000027E0000-0x00000000027E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1488-4-0x00000000005F1000-0x00000000005F2000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1488-38-0x0000000000400000-0x0000000000918000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/1488-39-0x0000000000400000-0x0000000000918000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/1488-40-0x00000000027E0000-0x00000000027E1000-memory.dmp

    Filesize

    4KB

    Download