Overview

overview

10

Static

static

5

JaffaCakes...9e.exe

windows7-x64

10

JaffaCakes...9e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-01-2025 07:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_4c3ca5ffc98faf804206bfc3bb3dd29e.exe

  • Size

    130KB

  • MD5

    4c3ca5ffc98faf804206bfc3bb3dd29e

  • SHA1

    b18c577b31f9d3c8b4f4813a0356e7f1c703fecb

  • SHA256

    b5e8f26d15ba23a11fca0acb7ecd4f006d0a37d7cd65339ed7719aeefdb95301

  • SHA512

    12fbc44157572c27742ecd317875c31b1373ec03fa5f7f962d56d3bfee2fe2f6b8401a3e269f2c4b704f0c39c540d66781a9c43140b4c28e87ec25823961ae82

  • SSDEEP

    3072:Y84GNptB3kujWxpmqhzCVPSE+9lI4py/MyFB8TyF9out:YfIppyxsueBStzI3/MWBWyF9oS

Score
10/10
modiloaderdiscoveryevasiontrojanupx

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • Modiloader family
    modiloader
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • ModiLoader Second Stage 15 IoCs
  • Loads dropped DLL 4 IoCs
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • UPX packed file 16 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4c3ca5ffc98faf804206bfc3bb3dd29e.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4c3ca5ffc98faf804206bfc3bb3dd29e.exe"
    1⤵
    • UAC bypass
    • Loads dropped DLL
    • Checks whether UAC is enabled
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • System policy modification
    PID:3576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\bguiv32.dll
    Filesize

    32KB

    MD5

    c39ec2622aa0d0afcfbf9e4bb3a1b9a6

    SHA1

    6174e8c18402ec200a741d5c21520262b226e2a8

    SHA256

    f8f62ab5f60571e6453341489c6369486004176d9c5dc7eaa09ab350de6dd229

    SHA512

    63da27414c1433acb645211ea3dda63968ea1a5ee176b5f8b26e35d9e3bb767b5e0a0a3c7a94154aabc984294161cdd686607d202fa098a73528fef755a63752

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\drvstore.dll
    Filesize

    7KB

    MD5

    e02c2c35c1866e34590953e0441b6e1f

    SHA1

    528b6ed481db2ae67eba75564fc87c25c424071e

    SHA256

    548c7779f17161b0b7e3596ba9c295cb737913f1a4c4e868d62d3e9a2e4019a0

    SHA512

    28445ee24112852b76450684cd348e854e3df584921cfb1676d56b876cf0abdb8bf7e3453c734aa7205be8e0757e7772f356adddd46581a4aca44b1c2c348c6d

    Download Submit

  • memory/3576-21-0x0000000000400000-0x0000000000553000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3576-30-0x0000000000400000-0x0000000000553000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3576-13-0x0000000004570000-0x000000000457E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3576-16-0x0000000004420000-0x0000000004421000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3576-17-0x0000000000400000-0x0000000000553000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3576-19-0x00000000043E0000-0x00000000043E8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3576-20-0x0000000004570000-0x000000000457E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3576-18-0x0000000000400000-0x0000000000553000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3576-0-0x0000000000400000-0x0000000000553000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3576-24-0x0000000000400000-0x0000000000553000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3576-27-0x0000000000400000-0x0000000000553000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3576-1-0x00000000009F0000-0x00000000009F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3576-33-0x0000000000400000-0x0000000000553000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3576-36-0x0000000000400000-0x0000000000553000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3576-39-0x0000000000400000-0x0000000000553000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3576-42-0x0000000000400000-0x0000000000553000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3576-45-0x0000000000400000-0x0000000000553000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3576-48-0x0000000000400000-0x0000000000553000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3576-51-0x0000000000400000-0x0000000000553000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3576-54-0x0000000000400000-0x0000000000553000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3576-57-0x0000000000400000-0x0000000000553000-memory.dmp

    Filesize

    1.3MB

    Download