Overview

overview

10

Static

static

3

0269020959...18.exe

windows7-x64

10

0269020959...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    20-06-2024 03:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02690209598094f7456576472f275353_JaffaCakes118.exe

  • Size

    714KB

  • MD5

    02690209598094f7456576472f275353

  • SHA1

    25b6e41dd50b092db750ed0367aecbf3572e7dd8

  • SHA256

    285583228a9e072db82596fa638112f176bd8e18431d89dbe7ce71fac7327eea

  • SHA512

    3877968ae4510b540f22796510c932e2cb027b77d44802023ca00c8f29c0577caafd39fba652abf33be132a2eb8293f236258ebdd89bb22d2229d87a7e7be405

  • SSDEEP

    12288:Q1GzKgUNf3b+DZXgQ1ItATME9zzJXeJ6cjy0CTFq54gxePdfD1piOe6XOWjlZkI:MgGyXb1DzzJQeiaVfr8WjlmI

Score
10/10
modiloadertrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 4 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 4 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02690209598094f7456576472f275353_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\02690209598094f7456576472f275353_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1936
    • C:\Program Files\Common Files\Microsoft Shared\MSINFO\Windovs.exe
      "C:\Program Files\Common Files\Microsoft Shared\MSINFO\Windovs.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:2068
      • C:\Windows\SysWOW64\calc.exe
        "C:\Windows\system32\calc.exe"
        3⤵
          PID:3024
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 280
          3⤵
          • Loads dropped DLL
          • Program crash
          PID:2608
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Program Files\Common Files\Microsoft Shared\MSINFO\SetupDel.bat""
        2⤵
        • Deletes itself
        PID:2464

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\Common Files\Microsoft Shared\MSInfo\SetupDel.bat
      Filesize

      212B

      MD5

      29e27cf2a153083f1f229e481aef8185

      SHA1

      651bec91e5e72c4c2001dd694905edd5c19bc76f

      SHA256

      5faa3b4f5a756cad780cec7bf87301a50217d9ee35331bec2258e4ff86e31d9d

      SHA512

      674d00461bb000c92dc08b5223d2a632b7b02ab223b7fdafe0bda2a05541bd31892f9a4e85c358b5bdeefb67230dd49c41929a48d655e423e0e7130bba47e7f5

      Download Submit

    • C:\Windovs.exe
      Filesize

      714KB

      MD5

      02690209598094f7456576472f275353

      SHA1

      25b6e41dd50b092db750ed0367aecbf3572e7dd8

      SHA256

      285583228a9e072db82596fa638112f176bd8e18431d89dbe7ce71fac7327eea

      SHA512

      3877968ae4510b540f22796510c932e2cb027b77d44802023ca00c8f29c0577caafd39fba652abf33be132a2eb8293f236258ebdd89bb22d2229d87a7e7be405

      Download Submit

    • memory/1936-37-0x0000000000400000-0x00000000004BA200-memory.dmp

      Filesize

      744KB

      Download

    • memory/1936-1-0x00000000002A0000-0x00000000002A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1936-0-0x0000000000400000-0x00000000004BA200-memory.dmp

      Filesize

      744KB

      Download

    • memory/1936-22-0x00000000021C0000-0x000000000227B000-memory.dmp

      Filesize

      748KB

      Download

    • memory/1936-21-0x00000000021C0000-0x000000000227B000-memory.dmp

      Filesize

      748KB

      Download

    • memory/1936-49-0x0000000000400000-0x00000000004BA200-memory.dmp

      Filesize

      744KB

      Download

    • memory/2068-23-0x0000000000400000-0x00000000004BA200-memory.dmp

      Filesize

      744KB

      Download

    • memory/2068-38-0x0000000000400000-0x00000000004BA200-memory.dmp

      Filesize

      744KB

      Download

    • memory/2068-25-0x0000000000260000-0x0000000000261000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3024-32-0x0000000000400000-0x00000000004BB000-memory.dmp

      Filesize

      748KB

      Download

    • memory/3024-28-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download