Overview

overview

10

Static

static

3

JaffaCakes...81.exe

windows7-x64

10

JaffaCakes...81.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    97s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-01-2025 10:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_645b47a73b0697dc02e1c2e62ef57581.exe

  • Size

    40KB

  • MD5

    645b47a73b0697dc02e1c2e62ef57581

  • SHA1

    f30cc2dfc00cf2c1f2e2242d8e32e3be3c933922

  • SHA256

    f34d9a278989fb288fae67ef5e249646fec3348a4e3da0100180ed86130b7976

  • SHA512

    12b5d9266c8a932bd52b908d427c872a2c470c86a3aa27ab73eefb1ffcafee5aaa3bd3d6d4fcae82cc1c9f460863d71422800978d8d4695e6b387262a50b66d2

  • SSDEEP

    768:B4B2JGYVNfV6vrFDPwp2Gt7YHN0m5vcdXwPXDzHvzExAPOE/3MwVrJ7H8oWXRrKu:BC2oAfIrJwp2Gium5vcxwPzzvzEx6L/c

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • Modiloader family
    modiloader
  • ModiLoader Second Stage 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_645b47a73b0697dc02e1c2e62ef57581.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_645b47a73b0697dc02e1c2e62ef57581.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:5016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Common Files\microsoft shared\MSInfo\atmQQ2.dll
    Filesize

    21KB

    MD5

    cc8eeb30c8cbc678b942ddaed7406b6f

    SHA1

    bd89b815a106971b50655902385e6d931bb987a5

    SHA256

    be9bf97498d159a78869392563c766f07a861f312ebbe0902c8ee9f8f3d262c4

    SHA512

    5b23a326ff9883372ec12b1d306f53f63b4d96a59f4ef9e1dce66c6844257fd8b8c831962ff7750e5d82ae0feb5228780976b38c8675870acff743318975b8c3

    Download Submit

  • memory/5016-0-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/5016-1-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5016-8-0x0000000002260000-0x0000000002284000-memory.dmp

    Filesize

    144KB

    Download

  • memory/5016-9-0x0000000002260000-0x0000000002284000-memory.dmp

    Filesize

    144KB

    Download

  • memory/5016-10-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/5016-11-0x0000000002260000-0x0000000002284000-memory.dmp

    Filesize

    144KB

    Download