Analysis
-
max time kernel
143s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
02-01-2025 05:18
General
-
Target
JaffaCakes118_62e47b54734e7a9a05bffda45df00922.exe
-
Size
127KB
-
MD5
62e47b54734e7a9a05bffda45df00922
-
SHA1
6345bea5765762eeb2b10eecb37a3ac6f945ab45
-
SHA256
ee9435588703e9945fa550b48a458c99720c8c3653c2b16e4a5c236965368456
-
SHA512
41d876592132d3f8b3ead23681dba06b8cc0c67381cb5d1b2a199b7dbe785ff28d6998b41a3e4c913b9f24ed70154bad1d095482e7b18a8ea3bc332eafd1bba9
-
SSDEEP
3072:T4uvYl5yjK8RNbFUpbtVmxoPodf4qGP21ouv4Miu:T4kYXylkVtVKM+kPYow4M
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Modiloader family
-
ModiLoader Second Stage 18 IoCs
-
Adds policy Run key to start application 2 TTPs 4 IoCs
-
Disables RegEdit via registry modification 1 IoCs
-
Disables Task Manager via registry modification
-
Deletes itself 1 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
UPX packed file 20 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 44 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_62e47b54734e7a9a05bffda45df00922.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_62e47b54734e7a9a05bffda45df00922.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svchost.exepath<<C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_62e47b54734e7a9a05bffda45df00922.exe>>path2⤵
- Modifies WinLogon for persistence
- Adds policy Run key to start application
- Disables RegEdit via registry modification
- Deletes itself
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
127KB
MD562e47b54734e7a9a05bffda45df00922
SHA16345bea5765762eeb2b10eecb37a3ac6f945ab45
SHA256ee9435588703e9945fa550b48a458c99720c8c3653c2b16e4a5c236965368456
SHA51241d876592132d3f8b3ead23681dba06b8cc0c67381cb5d1b2a199b7dbe785ff28d6998b41a3e4c913b9f24ed70154bad1d095482e7b18a8ea3bc332eafd1bba9
-
Filesize
76KB
-
Filesize
28KB
-
Filesize
4.1MB
-
Filesize
76KB
-
Filesize
4.1MB
-
Filesize
4.1MB
-
Filesize
4.1MB
-
Filesize
4.1MB
-
Filesize
4.1MB
-
Filesize
4.1MB
-
Filesize
4.1MB
-
Filesize
4.1MB
-
Filesize
4.1MB
-
Filesize
4.1MB
-
Filesize
4.1MB
-
Filesize
4.1MB
-
Filesize
4.1MB
-
Filesize
4.1MB
-
Filesize
4.1MB
-
Filesize
4.1MB
-
Filesize
4.1MB
-
Filesize
4.1MB
-
Filesize
4.1MB
-
Filesize
4.1MB
-
Filesize
4.1MB
-
Filesize
4.1MB
-
Filesize
4.1MB
-
Filesize
4.1MB
-
Filesize
4.1MB