Overview

overview

10

Static

static

7

JaffaCakes...ec.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    106s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250313-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/03/2025, 18:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_99bbdc1591815718fb050ac629433dec.exe

  • Size

    1.4MB

  • MD5

    99bbdc1591815718fb050ac629433dec

  • SHA1

    0552f93ec09edc1a47ba3b7bd0cf3b6dc4e1bc6e

  • SHA256

    3522c819e523456d22a080a1ae77e08ef196a67d9866b4b212e0688f20f195b7

  • SHA512

    cca52cbb32504129bd4f2a2c624fba84bb225792d05bd501c79232be6a127172191033442049df717af9dca897d86c37bcd755a76b86ebee8e6c75dbb4ace328

  • SSDEEP

    24576:82K3KT1yiPqwG4QIFTj/k13FlWZCOr3uc+HY5yG/AISjyIvLAtZHAaG1KnoQXM7C:8NaJyRcQSY1/WF3/wjyIvoHAacKnJXGK

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • Modiloader family
    modiloader
  • ModiLoader Second Stage 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_99bbdc1591815718fb050ac629433dec.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_99bbdc1591815718fb050ac629433dec.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Re2007.ini
    Filesize

    343B

    MD5

    47c1dcee24928c9b70e012f2c0421d22

    SHA1

    c80cdc04f1b862862cf1541c3d64ae531d7359bd

    SHA256

    dab0c828cc3bbfa3233b2c08a83308751a4830c251b647fe4d2b2b38f6b74451

    SHA512

    58cede84d853ff612098b11e4eab4a5da8daa2237113847c9837e2ebdc121f105417f7637cce5a57f0eea534f294e58124b1088f4083a1d4c212e76b553182fd

    Download Submit

  • memory/2576-0-0x0000000000A20000-0x0000000000A21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2576-16-0x00000000036C0000-0x00000000036C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2576-18-0x0000000000A20000-0x0000000000A21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2576-17-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2576-19-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download