modiloader | 06cc96e8480e244bf31d5080988a4c5af9530bf31a1e5bde269bd89b196b6c6a

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 08:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2b9fa65bf89fba214f46e9fefd78f7b9_JaffaCakes118.exe
Size

757KB
MD5

2b9fa65bf89fba214f46e9fefd78f7b9
SHA1

6be38488c98bec2f74b708f37523f75f8bf71e8a
SHA256

06cc96e8480e244bf31d5080988a4c5af9530bf31a1e5bde269bd89b196b6c6a
SHA512

7edceb4f33a5f63ec1ab24c3ee948b216f6b8ab6b925e8b57e0be59c9e59bbc1efec9a64083c23c915fe1cb47ae1ce4f10c8bb513e7771b893a63bbe4b848c9a
SSDEEP

12288:URdHFZSwdO2oosWfVyLa0iMHN3/m2xtEYba85bv/KdsF3Z4mxxPFkGQ5Angp4rMp:URdfE2o4fILaYHxZX/6CQmX9kGcUxoHJ

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

resource	yara_rule
behavioral2/memory/1772-71-0x0000000000400000-0x000000000050D000-memory.dmp	modiloader_stage2

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\FieleWay.txt	2b9fa65bf89fba214f46e9fefd78f7b9_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2288	1772	WerFault.exe	81

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 2144	1772	2b9fa65bf89fba214f46e9fefd78f7b9_JaffaCakes118.exe	82
PID 1772 wrote to memory of 2144	1772	2b9fa65bf89fba214f46e9fefd78f7b9_JaffaCakes118.exe	82

C:\Users\Admin\AppData\Local\Temp\2b9fa65bf89fba214f46e9fefd78f7b9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2b9fa65bf89fba214f46e9fefd78f7b9_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1772
- C:\program files\internet explorer\IEXPLORE.EXE
  "C:\program files\internet explorer\IEXPLORE.EXE"
  2⤵
  PID:2144
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 652
  2⤵
  - Program crash
  PID:2288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1772 -ip 1772
1⤵
PID:4280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1772-0-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/1772-1-0x00000000022D0000-0x0000000002324000-memory.dmp

Filesize
336KB

Download
memory/1772-6-0x00000000023B0000-0x00000000023B1000-memory.dmp

Filesize
4KB

Download
memory/1772-10-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/1772-12-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-11-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-9-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/1772-8-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/1772-7-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/1772-5-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/1772-4-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/1772-3-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/1772-2-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/1772-14-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-15-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-16-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-17-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-18-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-20-0x00000000035B0000-0x00000000035B1000-memory.dmp

Filesize
4KB

Download
memory/1772-19-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-22-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-21-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-23-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-27-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-26-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-25-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-24-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-31-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-33-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-32-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-30-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-29-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-28-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-36-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-39-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-41-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-40-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-37-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-35-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-38-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-34-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-42-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-43-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-47-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-46-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-45-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-49-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-53-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-54-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-52-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-51-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-50-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-48-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-44-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-55-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-58-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-65-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-68-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-70-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-69-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-67-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-66-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-64-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-63-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-62-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-61-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-60-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-59-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-57-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-56-0x00000000034B0000-0x00000000035B0000-memory.dmp

Filesize
1024KB

Download
memory/1772-71-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/1772-72-0x00000000022D0000-0x0000000002324000-memory.dmp

Filesize
336KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads