modiloader | f35a3199b34c54e7c3c6f848b71bf6a35cd6f993a047a338ff07da449c44c34d

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 14:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06edf9e5b3d6495566399c3d501ae4cf_JaffaCakes118.exe
Size

684KB
MD5

06edf9e5b3d6495566399c3d501ae4cf
SHA1

37e65972e8c58278932bad3e682516205aed3bae
SHA256

f35a3199b34c54e7c3c6f848b71bf6a35cd6f993a047a338ff07da449c44c34d
SHA512

49cee0e1e93ec70de646bb7824370711ab077fbc005dd3cd0c65e24ef357d52af053786e8f2c4a9d945fdf31228d2f0945cd713a9e844409ec1e9b91162b3926
SSDEEP

12288:KwcvqRrloU/SpmY8rpDPtxwsKHEWpC+ntF3Z4mxx90MHoTAFb/:yg8mDrprtaACbntQmX9KU

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 2 IoCs

resource	yara_rule
behavioral1/memory/2744-99-0x0000000000400000-0x000000000056B000-memory.dmp	modiloader_stage2
behavioral1/memory/2176-102-0x0000000000400000-0x000000000056B000-memory.dmp	modiloader_stage2

Deletes itself 1 IoCs

pid	Process
2180	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2744	Windows.exe

Loads dropped DLL 2 IoCs

pid	Process
2176	06edf9e5b3d6495566399c3d501ae4cf_JaffaCakes118.exe
2176	06edf9e5b3d6495566399c3d501ae4cf_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\_Windows.exe	Windows.exe
File opened for modification	C:\Windows\SysWOW64\_Windows.exe	Windows.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2744 set thread context of 2872	2744	Windows.exe	29

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\Windows.exe	06edf9e5b3d6495566399c3d501ae4cf_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\MSINFO\Windows.exe	06edf9e5b3d6495566399c3d501ae4cf_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2744	2176	06edf9e5b3d6495566399c3d501ae4cf_JaffaCakes118.exe	28
PID 2176 wrote to memory of 2744	2176	06edf9e5b3d6495566399c3d501ae4cf_JaffaCakes118.exe	28
PID 2176 wrote to memory of 2744	2176	06edf9e5b3d6495566399c3d501ae4cf_JaffaCakes118.exe	28
PID 2176 wrote to memory of 2744	2176	06edf9e5b3d6495566399c3d501ae4cf_JaffaCakes118.exe	28
PID 2744 wrote to memory of 2872	2744	Windows.exe	29
PID 2744 wrote to memory of 2872	2744	Windows.exe	29
PID 2744 wrote to memory of 2872	2744	Windows.exe	29
PID 2744 wrote to memory of 2872	2744	Windows.exe	29
PID 2744 wrote to memory of 2872	2744	Windows.exe	29
PID 2744 wrote to memory of 2872	2744	Windows.exe	29
PID 2176 wrote to memory of 2180	2176	06edf9e5b3d6495566399c3d501ae4cf_JaffaCakes118.exe	30
PID 2176 wrote to memory of 2180	2176	06edf9e5b3d6495566399c3d501ae4cf_JaffaCakes118.exe	30
PID 2176 wrote to memory of 2180	2176	06edf9e5b3d6495566399c3d501ae4cf_JaffaCakes118.exe	30
PID 2176 wrote to memory of 2180	2176	06edf9e5b3d6495566399c3d501ae4cf_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\06edf9e5b3d6495566399c3d501ae4cf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\06edf9e5b3d6495566399c3d501ae4cf_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Program Files\Common Files\Microsoft Shared\MSINFO\Windows.exe
  "C:\Program Files\Common Files\Microsoft Shared\MSINFO\Windows.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:2744
- - C:\Windows\SysWOW64\calc.exe
    "C:\Windows\system32\calc.exe"
    3⤵
    PID:2872
- C:\Windows\SysWOW64\cmd.exe
  cmd /c erase /F "C:\Users\Admin\AppData\Local\Temp\06edf9e5b3d6495566399c3d501ae4cf_JaffaCakes118.exe"
  2⤵
  - Deletes itself
  PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Program Files\Common Files\Microsoft Shared\MSInfo\Windows.exe

Filesize
684KB

MD5
06edf9e5b3d6495566399c3d501ae4cf

SHA1
37e65972e8c58278932bad3e682516205aed3bae

SHA256
f35a3199b34c54e7c3c6f848b71bf6a35cd6f993a047a338ff07da449c44c34d

SHA512
49cee0e1e93ec70de646bb7824370711ab077fbc005dd3cd0c65e24ef357d52af053786e8f2c4a9d945fdf31228d2f0945cd713a9e844409ec1e9b91162b3926

Download Submit
memory/2176-36-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-39-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-58-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-77-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-76-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-75-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-74-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-73-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-72-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-71-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-70-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-69-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-68-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-67-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-66-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-65-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-64-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-35-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-62-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-61-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-60-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-59-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-57-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-56-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-55-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-54-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-53-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-52-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-51-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-50-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-49-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-48-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-47-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-46-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-45-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-44-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-43-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-42-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-41-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-40-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-0-0x0000000000400000-0x000000000056B000-memory.dmp

Filesize
1.4MB

Download
memory/2176-38-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-1-0x0000000000280000-0x00000000002D4000-memory.dmp

Filesize
336KB

Download
memory/2176-37-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-63-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-34-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-33-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-32-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-31-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-30-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-29-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-28-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-27-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-26-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-25-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-24-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-23-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-22-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-21-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-20-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-19-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-18-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-17-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2176-16-0x0000000003290000-0x0000000003291000-memory.dmp

Filesize
4KB

Download
memory/2176-15-0x0000000003290000-0x0000000003291000-memory.dmp

Filesize
4KB

Download
memory/2176-14-0x0000000003290000-0x0000000003291000-memory.dmp

Filesize
4KB

Download
memory/2176-13-0x0000000003290000-0x0000000003291000-memory.dmp

Filesize
4KB

Download
memory/2176-12-0x0000000003290000-0x0000000003291000-memory.dmp

Filesize
4KB

Download
memory/2176-11-0x0000000003290000-0x0000000003291000-memory.dmp

Filesize
4KB

Download
memory/2176-10-0x0000000000990000-0x0000000000991000-memory.dmp

Filesize
4KB

Download
memory/2176-9-0x0000000002020000-0x0000000002021000-memory.dmp

Filesize
4KB

Download
memory/2176-8-0x0000000001FB0000-0x0000000001FB1000-memory.dmp

Filesize
4KB

Download
memory/2176-7-0x0000000002000000-0x0000000002001000-memory.dmp

Filesize
4KB

Download
memory/2176-6-0x0000000000970000-0x0000000000971000-memory.dmp

Filesize
4KB

Download
memory/2176-5-0x0000000000980000-0x0000000000981000-memory.dmp

Filesize
4KB

Download
memory/2176-4-0x0000000002010000-0x0000000002011000-memory.dmp

Filesize
4KB

Download
memory/2176-3-0x00000000009A0000-0x00000000009A1000-memory.dmp

Filesize
4KB

Download
memory/2176-2-0x00000000009C0000-0x00000000009C1000-memory.dmp

Filesize
4KB

Download
memory/2176-86-0x0000000004410000-0x000000000457B000-memory.dmp

Filesize
1.4MB

Download
memory/2176-88-0x0000000004410000-0x000000000457B000-memory.dmp

Filesize
1.4MB

Download
memory/2176-102-0x0000000000400000-0x000000000056B000-memory.dmp

Filesize
1.4MB

Download
memory/2176-101-0x0000000000280000-0x00000000002D4000-memory.dmp

Filesize
336KB

Download
memory/2744-89-0x0000000000400000-0x000000000056B000-memory.dmp

Filesize
1.4MB

Download
memory/2744-99-0x0000000000400000-0x000000000056B000-memory.dmp

Filesize
1.4MB

Download
memory/2872-93-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2872-94-0x0000000000400000-0x000000000056B000-memory.dmp

Filesize
1.4MB

Download
memory/2872-96-0x0000000000400000-0x000000000056B000-memory.dmp

Filesize
1.4MB

Download