Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

17912b6fe9...18.exe

windows7-x64

10

17912b6fe9...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/06/2024, 21:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    17912b6fe92a6a47b414b028685c60db_JaffaCakes118.exe

  • Size

    480KB

  • MD5

    17912b6fe92a6a47b414b028685c60db

  • SHA1

    754b1918a98bf85cfdd925e1a50ff3de17e8b1ef

  • SHA256

    5defa642588973d1f05b5727da4abe62fc4af6abc85b510a2eaf28288502e1ca

  • SHA512

    4ebff1a4b24c80a0233bf42e8f84584f4cb9543e1102f95336eb5e0591b99e58dd86ac46cd6a870053161ac5712141630294c8ddcbf67aa915a4c3d77cd16ae2

  • SSDEEP

    6144:J1zdTAymDA+k86XxqaCBeFndXF2idZecnl20lHRxp3gCncduD7yB9VCO6Sco4q8d:FT1jf86Xxd7F3Z4mxx9DqVTVOCLu

Score
10/10
modiloadertrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 2 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\17912b6fe92a6a47b414b028685c60db_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\17912b6fe92a6a47b414b028685c60db_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c del "C:\Users\Admin\AppData\Local\Temp\17912b6fe92a6a47b414b028685c60db_JaffaCakes118.exe"
      2⤵
      • Deletes itself
      PID:2660
  • C:\Users\Admin\Favorites\netservice.exe
    C:\Users\Admin\Favorites\netservice.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2572
    • C:\Windows\SysWOW64\svchost.exe
      C:\Windows\System32\svchost.exe
      2⤵
        PID:2652

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\Favorites\netservice.exe
      Filesize

      480KB

      MD5

      17912b6fe92a6a47b414b028685c60db

      SHA1

      754b1918a98bf85cfdd925e1a50ff3de17e8b1ef

      SHA256

      5defa642588973d1f05b5727da4abe62fc4af6abc85b510a2eaf28288502e1ca

      SHA512

      4ebff1a4b24c80a0233bf42e8f84584f4cb9543e1102f95336eb5e0591b99e58dd86ac46cd6a870053161ac5712141630294c8ddcbf67aa915a4c3d77cd16ae2

      Download Submit

    • memory/1728-19-0x0000000002190000-0x0000000002191000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-28-0x00000000001B0000-0x00000000001B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-7-0x00000000005B0000-0x00000000005B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-6-0x0000000001B60000-0x0000000001B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-5-0x0000000000250000-0x0000000000251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-18-0x00000000021A0000-0x00000000021A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-3-0x0000000001B70000-0x0000000001B71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-2-0x0000000000580000-0x0000000000581000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-1-0x0000000001BC0000-0x0000000001C14000-memory.dmp

      Filesize

      336KB

      Download

    • memory/1728-26-0x0000000002250000-0x0000000002251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-27-0x0000000002240000-0x0000000002241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-25-0x00000000021E0000-0x00000000021E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-24-0x00000000021F0000-0x00000000021F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-23-0x0000000002210000-0x0000000002211000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-22-0x0000000002230000-0x0000000002231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-21-0x0000000001E40000-0x0000000001E41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-20-0x00000000021C0000-0x00000000021C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-0-0x0000000013140000-0x00000000131C4000-memory.dmp

      Filesize

      528KB

      Download

    • memory/1728-8-0x0000000003120000-0x0000000003121000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-29-0x00000000001C0000-0x00000000001C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-4-0x0000000000260000-0x0000000000261000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-17-0x0000000001E20000-0x0000000001E21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-16-0x0000000001E30000-0x0000000001E31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-15-0x00000000021B0000-0x00000000021B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-14-0x0000000001E50000-0x0000000001E51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-13-0x0000000002180000-0x0000000002181000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-12-0x0000000003110000-0x0000000003112000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1728-11-0x0000000001E00000-0x0000000001E01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-10-0x0000000003120000-0x0000000003121000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-9-0x00000000005A0000-0x00000000005A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1728-37-0x0000000001BC0000-0x0000000001C14000-memory.dmp

      Filesize

      336KB

      Download

    • memory/1728-36-0x0000000013140000-0x00000000131C4000-memory.dmp

      Filesize

      528KB

      Download

    • memory/2572-33-0x0000000013140000-0x00000000131C4000-memory.dmp

      Filesize

      528KB

      Download

    • memory/2572-228-0x0000000013140000-0x00000000131C4000-memory.dmp

      Filesize

      528KB

      Download

    • memory/2652-39-0x0000000000080000-0x0000000000081000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2652-45-0x00000000000A0000-0x00000000000A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2652-54-0x00000000000C0000-0x00000000000C1000-memory.dmp

      Filesize

      4KB

      Download