Overview

overview

10

Static

static

3

JaffaCakes...35.exe

windows7-x64

10

JaffaCakes...35.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/01/2025, 06:44 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_0b40320803ad4fe72db5d9f02c083635.exe

  • Size

    755KB

  • MD5

    0b40320803ad4fe72db5d9f02c083635

  • SHA1

    afa4b05957f3d93c5f33cad0f3b1cbcb86bb18f4

  • SHA256

    f6619eca25f492fa04ca8937b5fc454e3eca09df8a2e2bac2722646f8998b6c3

  • SHA512

    186a72bcfa4f1a66b7422e00cc168532ad409c4e1a3cee028c3f4a28ce0033d6c2cc1c7856f1639c2baf47d02f73a8ef3e43eff588495072030c4f2a25f6a437

  • SSDEEP

    12288:Zqlo4RKRkb4QTF2RxAeRXKLWYtu23VkGZGc20fZo+pzMtF3Z4mxxOZ0XcEheF7fy:gXRiQIRxJ+pkcThfzMtQmXOcc+yfRyAM

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • Modiloader family
    modiloader
  • ModiLoader Second Stage 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 4 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Program crash 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0b40320803ad4fe72db5d9f02c083635.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0b40320803ad4fe72db5d9f02c083635.exe"
    1⤵
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:780
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 324
      2⤵
      • Program crash
      PID:64
    • C:\Program Files\Common Files\Microsoft Shared\MSINFO\Media.exe
      "C:\Program Files\Common Files\Microsoft Shared\MSINFO\Media.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3344
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 324
        3⤵
        • Program crash
        PID:5056
      • C:\Windows\SysWOW64\calc.exe
        "C:\Windows\system32\calc.exe"
        3⤵
          PID:3944
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 12
            4⤵
            • Program crash
            PID:4908
        • C:\program files\internet explorer\IEXPLORE.EXE
          "C:\program files\internet explorer\IEXPLORE.EXE"
          3⤵
            PID:2180
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c erase /F "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0b40320803ad4fe72db5d9f02c083635.exe"
          2⤵
          • System Location Discovery: System Language Discovery
          PID:3292
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 780 -ip 780
        1⤵
          PID:2248
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3344 -ip 3344
          1⤵
            PID:1060
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3944 -ip 3944
            1⤵
              PID:4756

            Network

            • flag-us
              DNS
              8.8.8.8.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              8.8.8.8.in-addr.arpa
              IN PTR
              Response
              8.8.8.8.in-addr.arpa
              IN PTR
              dnsgoogle
            • flag-us
              DNS
              209.205.72.20.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              209.205.72.20.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              172.214.232.199.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              172.214.232.199.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              196.249.167.52.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              196.249.167.52.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              134.32.126.40.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              134.32.126.40.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              245.131.30.184.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              245.131.30.184.in-addr.arpa
              IN PTR
              Response
              245.131.30.184.in-addr.arpa
              IN PTR
              a184-30-131-245deploystaticakamaitechnologiescom
            • flag-us
              DNS
              104.219.191.52.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              104.219.191.52.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              56.163.245.4.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              56.163.245.4.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              171.39.242.20.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              171.39.242.20.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              140.71.91.104.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              140.71.91.104.in-addr.arpa
              IN PTR
              Response
              140.71.91.104.in-addr.arpa
              IN PTR
              a104-91-71-140deploystaticakamaitechnologiescom
            • flag-us
              DNS
              172.210.232.199.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              172.210.232.199.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              21.236.111.52.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              21.236.111.52.in-addr.arpa
              IN PTR
              Response
            No results found
            • 8.8.8.8:53
              8.8.8.8.in-addr.arpa
              dns
              66 B
               90 B
               1
              1

              DNS Request

              8.8.8.8.in-addr.arpa

            • 8.8.8.8:53
              209.205.72.20.in-addr.arpa
              dns
              72 B
               158 B
               1
              1

              DNS Request

              209.205.72.20.in-addr.arpa

            • 8.8.8.8:53
              172.214.232.199.in-addr.arpa
              dns
              74 B
               128 B
               1
              1

              DNS Request

              172.214.232.199.in-addr.arpa

            • 8.8.8.8:53
              196.249.167.52.in-addr.arpa
              dns
              73 B
               147 B
               1
              1

              DNS Request

              196.249.167.52.in-addr.arpa

            • 8.8.8.8:53
              134.32.126.40.in-addr.arpa
              dns
              72 B
               158 B
               1
              1

              DNS Request

              134.32.126.40.in-addr.arpa

            • 8.8.8.8:53
              245.131.30.184.in-addr.arpa
              dns
              73 B
               139 B
               1
              1

              DNS Request

              245.131.30.184.in-addr.arpa

            • 8.8.8.8:53
              104.219.191.52.in-addr.arpa
              dns
              73 B
               147 B
               1
              1

              DNS Request

              104.219.191.52.in-addr.arpa

            • 8.8.8.8:53
              56.163.245.4.in-addr.arpa
              dns
              71 B
               157 B
               1
              1

              DNS Request

              56.163.245.4.in-addr.arpa

            • 8.8.8.8:53
              171.39.242.20.in-addr.arpa
              dns
              72 B
               158 B
               1
              1

              DNS Request

              171.39.242.20.in-addr.arpa

            • 8.8.8.8:53
              140.71.91.104.in-addr.arpa
              dns
              72 B
               137 B
               1
              1

              DNS Request

              140.71.91.104.in-addr.arpa

            • 8.8.8.8:53
              172.210.232.199.in-addr.arpa
              dns
              74 B
               128 B
               1
              1

              DNS Request

              172.210.232.199.in-addr.arpa

            • 8.8.8.8:53
              21.236.111.52.in-addr.arpa
              dns
              72 B
               158 B
               1
              1

              DNS Request

              21.236.111.52.in-addr.arpa

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files\Common Files\microsoft shared\MSInfo\Media.exe
              Filesize

              755KB

              MD5

              0b40320803ad4fe72db5d9f02c083635

              SHA1

              afa4b05957f3d93c5f33cad0f3b1cbcb86bb18f4

              SHA256

              f6619eca25f492fa04ca8937b5fc454e3eca09df8a2e2bac2722646f8998b6c3

              SHA512

              186a72bcfa4f1a66b7422e00cc168532ad409c4e1a3cee028c3f4a28ce0033d6c2cc1c7856f1639c2baf47d02f73a8ef3e43eff588495072030c4f2a25f6a437

              Download Submit

            • memory/780-0-0x0000000000400000-0x0000000000584000-memory.dmp

              Filesize

              1.5MB

              Download

            • memory/780-1-0x0000000000A70000-0x0000000000AC4000-memory.dmp

              Filesize

              336KB

              Download

            • memory/780-9-0x00000000033D0000-0x00000000033D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-8-0x0000000002380000-0x0000000002381000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-7-0x0000000002390000-0x0000000002391000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-6-0x0000000000A10000-0x0000000000A11000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-5-0x0000000000A20000-0x0000000000A21000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-4-0x00000000023A0000-0x00000000023A1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-3-0x0000000000A40000-0x0000000000A41000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-2-0x0000000002370000-0x0000000002371000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-20-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-19-0x00000000033D0000-0x00000000033D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-18-0x00000000033D0000-0x00000000033D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-17-0x00000000033D0000-0x00000000033D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-16-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-15-0x00000000033D0000-0x00000000033D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-14-0x00000000033D0000-0x00000000033D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-13-0x00000000033D0000-0x00000000033D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-12-0x00000000033D0000-0x00000000033D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-11-0x00000000023B0000-0x00000000023B1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-10-0x00000000033D0000-0x00000000033D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-32-0x00000000024C0000-0x00000000024C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-41-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-40-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-66-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-65-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-64-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-63-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-62-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-61-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-60-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-59-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-58-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-57-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-56-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-55-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-54-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-53-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-52-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-51-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-50-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-49-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-48-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-47-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-46-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-45-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-44-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-43-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-42-0x0000000000400000-0x0000000000584000-memory.dmp

              Filesize

              1.5MB

              Download

            • memory/780-39-0x00000000033D0000-0x00000000033D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-38-0x00000000033D0000-0x00000000033D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-37-0x00000000033D0000-0x00000000033D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-36-0x00000000033D0000-0x00000000033D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-35-0x00000000024F0000-0x00000000024F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-34-0x0000000002490000-0x0000000002491000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-33-0x00000000024A0000-0x00000000024A1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-31-0x00000000024E0000-0x00000000024E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-30-0x00000000033C0000-0x00000000033C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-29-0x0000000002400000-0x0000000002401000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-28-0x0000000002470000-0x0000000002471000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-27-0x0000000002440000-0x0000000002441000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-26-0x0000000002450000-0x0000000002451000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-25-0x00000000023E0000-0x00000000023E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-24-0x00000000023F0000-0x00000000023F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-23-0x0000000002460000-0x0000000002461000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-22-0x0000000002410000-0x0000000002411000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-21-0x0000000002430000-0x0000000002431000-memory.dmp

              Filesize

              4KB

              Download

            • memory/780-83-0x0000000000A70000-0x0000000000AC4000-memory.dmp

              Filesize

              336KB

              Download

            • memory/780-91-0x0000000000400000-0x0000000000584000-memory.dmp

              Filesize

              1.5MB

              Download

            • memory/3344-90-0x0000000000400000-0x0000000000584000-memory.dmp

              Filesize

              1.5MB

              Download

            • memory/3944-87-0x0000000000400000-0x0000000000584000-memory.dmp

              Filesize

              1.5MB

              Download

            We care about your privacy.

            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.