modiloader | a3751773e45f1c053a46d24fddb6e28761730a1220cf3b984ee9a509268426f3

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 03:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

026e6b7587d74eaf2541312e58cbcb16_JaffaCakes118.exe
Size

548KB
MD5

026e6b7587d74eaf2541312e58cbcb16
SHA1

114e256af23b8f70e2d74c53a791f9d87211cd2f
SHA256

a3751773e45f1c053a46d24fddb6e28761730a1220cf3b984ee9a509268426f3
SHA512

de50df70140b13a2e3a2f5abc1b9a39bd93aea6febb94403b5b947f15bd317a37f9c4a60ba4959113cc2b0b462afb06121b2e289fd6c8c907c5be4c3f32f844f
SSDEEP

12288:Zq6rNnJcjLzuMc2Bt+ajBcxy3+F3Z4mxxvK6e4MTJU/hj:ZnRJa3aWdjBiQmXvuNq/N

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1748-52-0x0000000000400000-0x00000000004E0000-memory.dmp	modiloader_stage2

Drops file in System32 directory 1 IoCs

Processes:

026e6b7587d74eaf2541312e58cbcb16_JaffaCakes118.exe

description ioc process

File created C:\Windows\SysWOW64\Setupddos.txt 026e6b7587d74eaf2541312e58cbcb16_JaffaCakes118.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2576 1748 WerFault.exe 026e6b7587d74eaf2541312e58cbcb16_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\Setupddos.txt	026e6b7587d74eaf2541312e58cbcb16_JaffaCakes118.exe

pid	pid_target	process	target process
2576	1748	WerFault.exe	026e6b7587d74eaf2541312e58cbcb16_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

026e6b7587d74eaf2541312e58cbcb16_JaffaCakes118.exe

description	pid	process	target process
PID 1748 wrote to memory of 4492	1748	026e6b7587d74eaf2541312e58cbcb16_JaffaCakes118.exe	IEXPLORE.EXE
PID 1748 wrote to memory of 4492	1748	026e6b7587d74eaf2541312e58cbcb16_JaffaCakes118.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\026e6b7587d74eaf2541312e58cbcb16_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\026e6b7587d74eaf2541312e58cbcb16_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1748

C:\program files\internet explorer\IEXPLORE.EXE
"C:\program files\internet explorer\IEXPLORE.EXE"
2⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 616
2⤵
- Program crash
PID:2576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1748 -ip 1748
1⤵
PID:1984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1748-0-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1748-1-0x00000000021D0000-0x0000000002224000-memory.dmp

Filesize
336KB

Download
memory/1748-46-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1748-45-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/1748-43-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/1748-42-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/1748-41-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/1748-40-0x0000000003320000-0x0000000003322000-memory.dmp

Filesize
8KB

Download
memory/1748-39-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/1748-38-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/1748-37-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/1748-36-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/1748-35-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1748-34-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/1748-33-0x00000000023B0000-0x00000000023B1000-memory.dmp

Filesize
4KB

Download
memory/1748-32-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/1748-49-0x00000000020F0000-0x00000000020F1000-memory.dmp

Filesize
4KB

Download
memory/1748-48-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/1748-47-0x0000000003310000-0x0000000003312000-memory.dmp

Filesize
8KB

Download
memory/1748-31-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/1748-30-0x0000000003320000-0x0000000003321000-memory.dmp

Filesize
4KB

Download
memory/1748-29-0x0000000003320000-0x0000000003321000-memory.dmp

Filesize
4KB

Download
memory/1748-28-0x0000000003320000-0x0000000003321000-memory.dmp

Filesize
4KB

Download
memory/1748-27-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1748-26-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1748-25-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1748-24-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1748-23-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1748-22-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1748-21-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1748-20-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1748-19-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1748-18-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1748-17-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1748-16-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1748-15-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1748-14-0x00000000021A0000-0x00000000021A1000-memory.dmp

Filesize
4KB

Download
memory/1748-13-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1748-12-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1748-11-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1748-10-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1748-9-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/1748-8-0x0000000002170000-0x0000000002171000-memory.dmp

Filesize
4KB

Download
memory/1748-7-0x0000000002180000-0x0000000002181000-memory.dmp

Filesize
4KB

Download
memory/1748-6-0x0000000002110000-0x0000000002111000-memory.dmp

Filesize
4KB

Download
memory/1748-5-0x0000000002120000-0x0000000002121000-memory.dmp

Filesize
4KB

Download
memory/1748-4-0x0000000002190000-0x0000000002191000-memory.dmp

Filesize
4KB

Download
memory/1748-3-0x0000000002140000-0x0000000002141000-memory.dmp

Filesize
4KB

Download
memory/1748-2-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/1748-44-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/1748-53-0x00000000021D0000-0x0000000002224000-memory.dmp

Filesize
336KB

Download
memory/1748-52-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download