modiloader | f5702c23a4ede95ed38acddadf1b9eedf581878a4f30b9f4bac0ab00ed3c6c50

Analysis

max time kernel
92s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07-07-2024 23:58

Target

2a41a29c05616afadefd70f0692329a8_JaffaCakes118.exe
Size

274KB
MD5

2a41a29c05616afadefd70f0692329a8
SHA1

0c2b6f47f144ea371bcc9ce6fed84ddc3a83b999
SHA256

f5702c23a4ede95ed38acddadf1b9eedf581878a4f30b9f4bac0ab00ed3c6c50
SHA512

3fd69a484086efb53fd26a3171a2e92c366e7753f829d7c89991e72c084fada620597b2023e73093971d3a8493526c2a73539b915da71e2025cc2655f4f0bc59
SSDEEP

6144:ov0bISM/YTzHGpclUfdWiavWDSU8FoJNKLpNM7ALXfd28O2h97:7bIpIzHGpblwySU8FEKVG7ALfd21w7

Score

10^/10

modiloader trojan

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

resource	yara_rule
behavioral2/memory/2640-2-0x0000000000400000-0x0000000000517000-memory.dmp	modiloader_stage2

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2172	2640	WerFault.exe	82

C:\Users\Admin\AppData\Local\Temp\2a41a29c05616afadefd70f0692329a8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2a41a29c05616afadefd70f0692329a8_JaffaCakes118.exe"
1⤵
PID:2640
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 532
  2⤵
  - Program crash
  PID:2172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2640 -ip 2640
1⤵
PID:1892

memory/2640-0-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download
memory/2640-1-0x0000000002290000-0x0000000002291000-memory.dmp

Filesize
4KB

Download
memory/2640-2-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download