modiloader | 52fd6afc92ce2df190376cd7b0e3a5bdfd27f53b4d16b0b52f62d2c9a98a79c1

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 06:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21590b47c771984615878e009f2771ae_JaffaCakes118.exe
Size

722KB
MD5

21590b47c771984615878e009f2771ae
SHA1

0ed66364efc4298bf6aa3750bc7db58e7a04dd30
SHA256

52fd6afc92ce2df190376cd7b0e3a5bdfd27f53b4d16b0b52f62d2c9a98a79c1
SHA512

088f3d87ef5136dfcedd808a3bf3a14e51ebead443c798202441e4bb888782fb60f0a231e96f7910b2fd8489e03d5ede2af9e2ccd199c5d479fd8a6ac7cb81fb
SSDEEP

12288:fn1baIwTEgRgJxEYO+lzKB86I6S1KAQUNZcAWeDNfXE6WhqAT7z:v1bNL+IxbO+lGIZrTNZcABWd5TX

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

resource	yara_rule
behavioral2/memory/3080-51-0x0000000000400000-0x0000000000517000-memory.dmp	modiloader_stage2

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\FieleWay.txt	21590b47c771984615878e009f2771ae_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
116	3080	WerFault.exe	81

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3080 wrote to memory of 952	3080	21590b47c771984615878e009f2771ae_JaffaCakes118.exe	85
PID 3080 wrote to memory of 952	3080	21590b47c771984615878e009f2771ae_JaffaCakes118.exe	85

C:\Users\Admin\AppData\Local\Temp\21590b47c771984615878e009f2771ae_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\21590b47c771984615878e009f2771ae_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3080
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 532
  2⤵
  - Program crash
  PID:116
- C:\program files\internet explorer\IEXPLORE.EXE
  "C:\program files\internet explorer\IEXPLORE.EXE"
  2⤵
  PID:952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3080 -ip 3080
1⤵
PID:1244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3080-0-0x0000000002320000-0x0000000002374000-memory.dmp

Filesize
336KB

Download
memory/3080-9-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/3080-10-0x00000000034C0000-0x00000000035C0000-memory.dmp

Filesize
1024KB

Download
memory/3080-8-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/3080-7-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/3080-6-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/3080-5-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/3080-4-0x00000000023D0000-0x00000000023D1000-memory.dmp

Filesize
4KB

Download
memory/3080-3-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/3080-2-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/3080-1-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/3080-51-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download
memory/3080-52-0x0000000002320000-0x0000000002374000-memory.dmp

Filesize
336KB

Download
memory/3080-50-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-49-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-48-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-47-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-46-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-45-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-44-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-43-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-42-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-41-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-40-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-39-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-38-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-37-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-36-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-35-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-34-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-33-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-32-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-31-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-30-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-29-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-28-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-27-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-26-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-25-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-24-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-23-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-22-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-21-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-20-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-19-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-18-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-17-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-16-0x00000000035C0000-0x00000000035C1000-memory.dmp

Filesize
4KB

Download
memory/3080-15-0x00000000035C0000-0x00000000035C1000-memory.dmp

Filesize
4KB

Download
memory/3080-14-0x00000000035C0000-0x00000000035C1000-memory.dmp

Filesize
4KB

Download
memory/3080-13-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3080-12-0x00000000034C0000-0x00000000035C0000-memory.dmp

Filesize
1024KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads