Overview

overview

10

Static

static

3

JaffaCakes...b8.exe

windows7-x64

10

JaffaCakes...b8.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    13s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    23-01-2025 11:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_16a8b1bd23698fbbb83183fc397e4fb8.exe

  • Size

    26KB

  • MD5

    16a8b1bd23698fbbb83183fc397e4fb8

  • SHA1

    2423fc9d4623a72fbe7c7f171fae02c9f8d3578e

  • SHA256

    bd976d79b38b2ed9c9e8a0b09934c07b940ecf1f9de79e264d2ad7b6d5589793

  • SHA512

    4f2691b54dd066aaac65044594ac9be5c34c2056da65b564004c91788032cf508f1f78ab487ce5d27b5749c18c49a1705989d697e418a8866c2405dcde31aa7b

  • SSDEEP

    384:sKoA0iaVZAszu/RQ+mLyvXYu5+z0jkKYaevegsOzy2RdLLw7553XDnXoB7G:LoTHupC2/kgRFm7Te2XLwdRbXf

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • Modiloader family
    modiloader
  • ModiLoader Second Stage 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 5 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_16a8b1bd23698fbbb83183fc397e4fb8.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_16a8b1bd23698fbbb83183fc397e4fb8.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2348
    • C:\Windows\winow.exe
      C:\Windows\winow.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:2116

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\winow.dll
    Filesize

    33KB

    MD5

    99720062d76c75bc094d4b19505fda16

    SHA1

    63c861bb02a2d45852d9afb5ba866ec84491bcb5

    SHA256

    6ced7d25b13e5d524dde5cc98060ae81a08126a52df400569b73eec14c46880c

    SHA512

    b381eb3af3f8fe8ebb21feaa99b53910cc91bc06b45288428f376c3b8f3a11e476b7c4834aea1a3db950bce92cb546eee06c868280b5d4a6174b75a502b589fd

    Download Submit

  • C:\Windows\winow.exe
    Filesize

    26KB

    MD5

    16a8b1bd23698fbbb83183fc397e4fb8

    SHA1

    2423fc9d4623a72fbe7c7f171fae02c9f8d3578e

    SHA256

    bd976d79b38b2ed9c9e8a0b09934c07b940ecf1f9de79e264d2ad7b6d5589793

    SHA512

    4f2691b54dd066aaac65044594ac9be5c34c2056da65b564004c91788032cf508f1f78ab487ce5d27b5749c18c49a1705989d697e418a8866c2405dcde31aa7b

    Download Submit

  • memory/2116-11-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2348-2-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2348-8-0x0000000000220000-0x0000000000245000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2348-12-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download