Overview

overview

10

Static

static

3

1c616bd493...18.exe

windows7-x64

10

1c616bd493...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-07-2024 20:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c616bd493458c1e6b54cb7873fcc3b5_JaffaCakes118.exe

  • Size

    24KB

  • MD5

    1c616bd493458c1e6b54cb7873fcc3b5

  • SHA1

    c8a2af66ac3e9aee2f2ef042225147282403d715

  • SHA256

    b00de540db8b452c1fea131cfb376f9fdd7c130c7e3e9fed249a4fb8950f3f02

  • SHA512

    24154ebd1eea66ed1dffb33e6b407cafa9477b8d82034b3bf4c5bdeaf761ff53dd285ff659cd0b917048381f8122558874a8f8936c8c23f7b93850d95d6298f3

  • SSDEEP

    384:a3pJzu/RQ+mLyvXYu5+z0M2o+6UWrokrOhE+D/lCeTl0LqJ3o:SupC2/kJ2YUWrEh3mio

Score
10/10
modiloadertrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c616bd493458c1e6b54cb7873fcc3b5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1c616bd493458c1e6b54cb7873fcc3b5_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3232
    • C:\Windows\kulionzx.exe
      C:\Windows\kulionzx.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Windows directory
      • Suspicious use of SetWindowsHookEx
      PID:936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\kulionzx.dll
    Filesize

    27KB

    MD5

    9bf980b69cd4efed2b97d0c17e076336

    SHA1

    843f422e397808abf689654aefa2653bb5343595

    SHA256

    47efd4f96e6aa199ca0aaab87a712b1e2553360d342d55cb68ff280acaf955c2

    SHA512

    e93f6d94c67aaf639b5665a69937e07654205055a4142cfc45a2e4f68f71b6f9b3a3ddd01a2b7e5602c803f9fd589937688b0dd937dcdbd238facdf8dd41bd25

    Download Submit

  • C:\Windows\kulionzx.exe
    Filesize

    24KB

    MD5

    1c616bd493458c1e6b54cb7873fcc3b5

    SHA1

    c8a2af66ac3e9aee2f2ef042225147282403d715

    SHA256

    b00de540db8b452c1fea131cfb376f9fdd7c130c7e3e9fed249a4fb8950f3f02

    SHA512

    24154ebd1eea66ed1dffb33e6b407cafa9477b8d82034b3bf4c5bdeaf761ff53dd285ff659cd0b917048381f8122558874a8f8936c8c23f7b93850d95d6298f3

    Download Submit

  • memory/936-12-0x0000000000590000-0x000000000059D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/936-5-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/936-16-0x0000000000590000-0x000000000059D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/936-18-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3232-1-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3232-15-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download