Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

17912b6fe9...18.exe

windows7-x64

10

17912b6fe9...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/06/2024, 21:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    17912b6fe92a6a47b414b028685c60db_JaffaCakes118.exe

  • Size

    480KB

  • MD5

    17912b6fe92a6a47b414b028685c60db

  • SHA1

    754b1918a98bf85cfdd925e1a50ff3de17e8b1ef

  • SHA256

    5defa642588973d1f05b5727da4abe62fc4af6abc85b510a2eaf28288502e1ca

  • SHA512

    4ebff1a4b24c80a0233bf42e8f84584f4cb9543e1102f95336eb5e0591b99e58dd86ac46cd6a870053161ac5712141630294c8ddcbf67aa915a4c3d77cd16ae2

  • SSDEEP

    6144:J1zdTAymDA+k86XxqaCBeFndXF2idZecnl20lHRxp3gCncduD7yB9VCO6Sco4q8d:FT1jf86Xxd7F3Z4mxx9DqVTVOCLu

Score
10/10
modiloadertrojanupx

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 6 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\17912b6fe92a6a47b414b028685c60db_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\17912b6fe92a6a47b414b028685c60db_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2272
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c del "C:\Users\Admin\AppData\Local\Temp\17912b6fe92a6a47b414b028685c60db_JaffaCakes118.exe"
      2⤵
        PID:1372
    • C:\Users\Admin\Favorites\netservice.exe
      C:\Users\Admin\Favorites\netservice.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2524
      • C:\Windows\SysWOW64\svchost.exe
        C:\Windows\System32\svchost.exe
        2⤵
          PID:5020

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\Favorites\netservice.exe
        Filesize

        480KB

        MD5

        17912b6fe92a6a47b414b028685c60db

        SHA1

        754b1918a98bf85cfdd925e1a50ff3de17e8b1ef

        SHA256

        5defa642588973d1f05b5727da4abe62fc4af6abc85b510a2eaf28288502e1ca

        SHA512

        4ebff1a4b24c80a0233bf42e8f84584f4cb9543e1102f95336eb5e0591b99e58dd86ac46cd6a870053161ac5712141630294c8ddcbf67aa915a4c3d77cd16ae2

        Download Submit

      • memory/2272-16-0x0000000002380000-0x0000000002381000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-14-0x00000000023B0000-0x00000000023B1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-8-0x0000000002320000-0x0000000002321000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-7-0x0000000002330000-0x0000000002331000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-6-0x00000000005C0000-0x00000000005C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-5-0x00000000005D0000-0x00000000005D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-4-0x0000000002340000-0x0000000002341000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-3-0x00000000005F0000-0x00000000005F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-2-0x0000000000610000-0x0000000000611000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-26-0x0000000002490000-0x0000000002491000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-25-0x0000000002430000-0x0000000002431000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-24-0x0000000002440000-0x0000000002441000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-23-0x0000000002460000-0x0000000002461000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-22-0x0000000002480000-0x0000000002481000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-21-0x00000000023A0000-0x00000000023A1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-20-0x0000000002410000-0x0000000002411000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-19-0x00000000023E0000-0x00000000023E1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-18-0x00000000023F0000-0x00000000023F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-17-0x0000000002370000-0x0000000002371000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-0-0x0000000013140000-0x00000000131C4000-memory.dmp

        Filesize

        528KB

        Download

      • memory/2272-9-0x0000000003380000-0x0000000003381000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-13-0x00000000023D0000-0x00000000023D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-15-0x0000000002400000-0x0000000002401000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-12-0x0000000003370000-0x0000000003372000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2272-11-0x0000000002350000-0x0000000002351000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-10-0x0000000003380000-0x0000000003381000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-28-0x00000000005B0000-0x00000000005B1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-27-0x00000000005A0000-0x00000000005A1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-1-0x00000000021C0000-0x0000000002214000-memory.dmp

        Filesize

        336KB

        Download

      • memory/2272-34-0x00000000021C0000-0x0000000002214000-memory.dmp

        Filesize

        336KB

        Download

      • memory/2272-35-0x0000000013140000-0x00000000131C4000-memory.dmp

        Filesize

        528KB

        Download

      • memory/2524-36-0x0000000010410000-0x000000001046F000-memory.dmp

        Filesize

        380KB

        Download

      • memory/2524-68-0x0000000010410000-0x000000001046F000-memory.dmp

        Filesize

        380KB

        Download

      • memory/2524-77-0x0000000013140000-0x00000000131C4000-memory.dmp

        Filesize

        528KB

        Download

      • memory/5020-38-0x0000000000DA0000-0x0000000000DA1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5020-37-0x0000000000CE0000-0x0000000000CE1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5020-71-0x00000000028C0000-0x00000000028C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5020-72-0x0000000010410000-0x000000001046F000-memory.dmp

        Filesize

        380KB

        Download

      • memory/5020-74-0x0000000010410000-0x000000001046F000-memory.dmp

        Filesize

        380KB

        Download

      • memory/5020-73-0x0000000010410000-0x000000001046F000-memory.dmp

        Filesize

        380KB

        Download

      • memory/5020-76-0x0000000010410000-0x000000001046F000-memory.dmp

        Filesize

        380KB

        Download