Overview

overview

10

Static

static

3

045eba5c55...18.exe

windows7-x64

10

045eba5c55...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-06-2024 08:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    045eba5c557f78f80f5bd0f1cb81a8cf_JaffaCakes118.exe

  • Size

    581KB

  • MD5

    045eba5c557f78f80f5bd0f1cb81a8cf

  • SHA1

    26177198dac244c131e9026f38bf4ce93fe07d98

  • SHA256

    5d42c938d43e8ee3b2065e64e28fd8b6fc9fd8ea32695a3cdae21c15fe7be34e

  • SHA512

    8c987d8f70eee8fe6dfc6402127e3a688ea913e47727b72aed6ffebe6c6621bf12d2d09cdc480c518d2e7090f21a54e35573c3a6ae3eff2323e840b020245952

  • SSDEEP

    12288:wZzmBuSgOOgotR2yDTFjOzzSdgzLF3Z4mxxbyuRCvyCJcdwmqagLAoJ9j:+UZX/yDTknSgQmXNcKndwIgLdj

Score
10/10
modiloadertrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 8 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\045eba5c557f78f80f5bd0f1cb81a8cf_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\045eba5c557f78f80f5bd0f1cb81a8cf_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1436
    • C:\Program Files\Common Files\Microsoft Shared\MSINFO\svchost.bat
      "C:\Program Files\Common Files\Microsoft Shared\MSINFO\svchost.bat"
      2⤵
      • Executes dropped EXE
      PID:2396
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Program Files\Common Files\Microsoft Shared\MSINFO\SxDel.bat""
      2⤵
        PID:1212

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\Common Files\Microsoft Shared\MSINFO\SxDel.bat
      Filesize

      212B

      MD5

      885d38605644abe7c7b192176aa0518e

      SHA1

      b72be257f695a1a8da8d9d63c8e26b8baf87f5ec

      SHA256

      64fc5e47c26655159c298de78f543165d3a7ce0b3c12964a9a28fac42e4899d4

      SHA512

      5c8a5e3f552028e5a1c48d13d6dc65e44ecd9510dd2af717256833b52da42369be7d2e2eab0fb48e65b7868cce80085d809fef66f5fa72a024c232eb962548fe

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\MSInfo\svchost.bat
      Filesize

      581KB

      MD5

      045eba5c557f78f80f5bd0f1cb81a8cf

      SHA1

      26177198dac244c131e9026f38bf4ce93fe07d98

      SHA256

      5d42c938d43e8ee3b2065e64e28fd8b6fc9fd8ea32695a3cdae21c15fe7be34e

      SHA512

      8c987d8f70eee8fe6dfc6402127e3a688ea913e47727b72aed6ffebe6c6621bf12d2d09cdc480c518d2e7090f21a54e35573c3a6ae3eff2323e840b020245952

      Download Submit

    • memory/1436-8-0x0000000002400000-0x0000000002401000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1436-1-0x00000000006D0000-0x0000000000724000-memory.dmp

      Filesize

      336KB

      Download

    • memory/1436-14-0x0000000003380000-0x0000000003381000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1436-9-0x0000000002430000-0x0000000002431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1436-0-0x0000000000400000-0x0000000000550000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1436-7-0x0000000002410000-0x0000000002411000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1436-6-0x0000000002380000-0x0000000002381000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1436-5-0x0000000002390000-0x0000000002391000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1436-4-0x0000000002420000-0x0000000002421000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1436-2-0x00000000023F0000-0x00000000023F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1436-11-0x0000000003380000-0x000000000342C000-memory.dmp

      Filesize

      688KB

      Download

    • memory/1436-15-0x0000000002370000-0x0000000002371000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1436-3-0x00000000023D0000-0x00000000023D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1436-22-0x00000000006D0000-0x0000000000724000-memory.dmp

      Filesize

      336KB

      Download

    • memory/1436-21-0x0000000000400000-0x0000000000550000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1436-23-0x0000000003380000-0x0000000003386000-memory.dmp

      Filesize

      24KB

      Download

    • memory/1436-10-0x00000000023B0000-0x00000000023B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2396-25-0x0000000000400000-0x0000000000550000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2396-26-0x0000000000400000-0x0000000000550000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2396-31-0x0000000000400000-0x0000000000550000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2396-32-0x0000000000400000-0x0000000000550000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2396-37-0x0000000000400000-0x0000000000550000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2396-38-0x0000000000400000-0x0000000000550000-memory.dmp

      Filesize

      1.3MB

      Download