modiloader | dcce71d13f61f3c0dbf69e8a4a57de81d41277b585b057b4ed6e0cf49a4bb3da

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-04-2024 13:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff5e2863440153305ea8cab67fecb2be_JaffaCakes118.exe
Size

594KB
MD5

ff5e2863440153305ea8cab67fecb2be
SHA1

5179ac947392efd76acf66ca6e2349a394f23b0e
SHA256

dcce71d13f61f3c0dbf69e8a4a57de81d41277b585b057b4ed6e0cf49a4bb3da
SHA512

6c4211f91609ce1eb743b278e70a5b87b22861d0ee3c718bc1d8070df31b25b716668752cb83278f77004287aef1d2ff9adebced9a1ef62b78b861bf45075286
SSDEEP

12288:Hx0FzFNxTG9ppkAUzEFHquQHnF3Z4mxxj7sIcOa/Y91TVK9:Hx0P69+ERQHnQmXnsINwr9

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1708-14-0x0000000000400000-0x000000000050A000-memory.dmp	modiloader_stage2
behavioral1/memory/1708-18-0x0000000003220000-0x0000000003320000-memory.dmp	modiloader_stage2

Drops file in System32 directory 1 IoCs

Processes:

ff5e2863440153305ea8cab67fecb2be_JaffaCakes118.exe

description ioc process

File created C:\Windows\SysWOW64\FieleWay.txt ff5e2863440153305ea8cab67fecb2be_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\FieleWay.txt	ff5e2863440153305ea8cab67fecb2be_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

ff5e2863440153305ea8cab67fecb2be_JaffaCakes118.exe

description	pid	process	target process
PID 1708 wrote to memory of 2564	1708	ff5e2863440153305ea8cab67fecb2be_JaffaCakes118.exe	IEXPLORE.EXE
PID 1708 wrote to memory of 2564	1708	ff5e2863440153305ea8cab67fecb2be_JaffaCakes118.exe	IEXPLORE.EXE
PID 1708 wrote to memory of 2564	1708	ff5e2863440153305ea8cab67fecb2be_JaffaCakes118.exe	IEXPLORE.EXE
PID 1708 wrote to memory of 2564	1708	ff5e2863440153305ea8cab67fecb2be_JaffaCakes118.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\ff5e2863440153305ea8cab67fecb2be_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ff5e2863440153305ea8cab67fecb2be_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1708

C:\program files\internet explorer\IEXPLORE.EXE
"C:\program files\internet explorer\IEXPLORE.EXE"
2⤵
PID:2564

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1708-0-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/1708-1-0x0000000000280000-0x00000000002D4000-memory.dmp

Filesize
336KB

Download
memory/1708-2-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/1708-3-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/1708-4-0x00000000008F0000-0x00000000008F1000-memory.dmp

Filesize
4KB

Download
memory/1708-5-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1708-6-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/1708-7-0x00000000008E0000-0x00000000008E1000-memory.dmp

Filesize
4KB

Download
memory/1708-8-0x00000000008D0000-0x00000000008D1000-memory.dmp

Filesize
4KB

Download
memory/1708-9-0x0000000001EA0000-0x0000000001EA1000-memory.dmp

Filesize
4KB

Download
memory/1708-10-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1708-12-0x0000000003220000-0x0000000003320000-memory.dmp

Filesize
1024KB

Download
memory/1708-14-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/1708-13-0x0000000003220000-0x0000000003320000-memory.dmp

Filesize
1024KB

Download
memory/1708-16-0x0000000000280000-0x00000000002D4000-memory.dmp

Filesize
336KB

Download
memory/1708-15-0x0000000003220000-0x0000000003320000-memory.dmp

Filesize
1024KB

Download
memory/1708-17-0x0000000003220000-0x0000000003320000-memory.dmp

Filesize
1024KB

Download
memory/1708-18-0x0000000003220000-0x0000000003320000-memory.dmp

Filesize
1024KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads