Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
24/01/2025, 02:31
General
-
Target
JaffaCakes118_1d2458437d57c7fa653161476b9864b4.exe
-
Size
723KB
-
MD5
1d2458437d57c7fa653161476b9864b4
-
SHA1
19a4f617a42c4d866925e1e9b3a2391bd4cf7b7f
-
SHA256
f63db5ed6aba11f3d2bddd694df81630965dbdf6c8535d87c94c0e4de8952275
-
SHA512
a7ad198fd31deeaadd8d4e82cb2afe946217c01cba06fdd8d7a0d338ef70e79be84baadda405f2e4ebaa3768771d5a774e73ec78fb728938486c34735b1c3c23
-
SSDEEP
12288:7YLoMVJvPBjkyOY5395YiFGy5II3s2OnN2XMcF3Z4mxxfX2Fi0yT8+T:kNJkyOYJgI9ZzOnN28cQmXeZyw+T
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage 2 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file 1 TTPs 2 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory 4 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1d2458437d57c7fa653161476b9864b4.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1d2458437d57c7fa653161476b9864b4.exe"1⤵
- Loads dropped DLL
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\spoo1sv.exeC:\Windows\system32\spoo1sv.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\ReDelBat.bat2⤵
- Deletes itself
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
169B
MD5ed21d809c2469334465312cc6ec432fa
SHA1b1a57c9d1c07203367bd5dfd34ff9ac6312d7e86
SHA256e5240398e7e48ab85d00bcd134f2c4a6d89b087a6bdf61cbf3e731deadda6b33
SHA512bbea672468ff21bbc29e5c92b738ff57c3ca7de20f322f4d6d3510d5065748e285bd7137419bea06c1035f451cd6a0a1be92f743f2ab9aa4a520501cd588ee75
-
Filesize
212B
MD573328c5e74b9477d36f0d3e31a14e178
SHA1b76b275b35ad3d52fa3fd4d844e01db80e79af4f
SHA256a6fccee0d4ec3a7a33db64b22aec951fb686ab69e8c99e9b32d5b394a2f5eafc
SHA512e893cf4df557f1a5d611003f7f432e890cfb1e6f84a84d3d053cd99c49f263b359c944d12dfd2be9158148758f3b7d4043aca8d55f57addc1a4ba5bcf8c68910
-
Filesize
723KB
MD51d2458437d57c7fa653161476b9864b4
SHA119a4f617a42c4d866925e1e9b3a2391bd4cf7b7f
SHA256f63db5ed6aba11f3d2bddd694df81630965dbdf6c8535d87c94c0e4de8952275
SHA512a7ad198fd31deeaadd8d4e82cb2afe946217c01cba06fdd8d7a0d338ef70e79be84baadda405f2e4ebaa3768771d5a774e73ec78fb728938486c34735b1c3c23
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
12KB
-
Filesize
336KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
1.3MB
-
Filesize
336KB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1.3MB