Overview

overview

10

Static

static

3

32bf2d4663...18.exe

windows7-x64

10

32bf2d4663...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    95s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/07/2024, 01:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    32bf2d466325ca12c5e94dd27d695c3d_JaffaCakes118.exe

  • Size

    496KB

  • MD5

    32bf2d466325ca12c5e94dd27d695c3d

  • SHA1

    3aa3dedaa3d63e800cd453e099e223ccd5660ddc

  • SHA256

    4a93f6ff37174af5e5f36d3ce8f0ba0ebf77f4ace0a1b5187452435044bbbad7

  • SHA512

    3ce90c98b59cc72a4ef9080b47b57aac4675f1fad546d1cc9b838f687216b815f2ad59a3c1b4d235e954726d5652fd9d797037d4e4ee8e2b524609dd8eea9ba5

  • SSDEEP

    12288:RWI2OzYJD8eZ3WH/4F3Z4mxxgoEtlK+kt9T2MF:RaOMJjAHgQmX5GM

Score
10/10
modiloadertrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\32bf2d466325ca12c5e94dd27d695c3d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\32bf2d466325ca12c5e94dd27d695c3d_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4832
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c del "C:\Users\Admin\AppData\Local\Temp\32bf2d466325ca12c5e94dd27d695c3d_JaffaCakes118.exe"
      2⤵
        PID:1816
    • C:\Users\Admin\Favorites\netservice.exe
      C:\Users\Admin\Favorites\netservice.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2812
      • C:\Windows\SysWOW64\svchost.exe
        svchost.exe
        2⤵
          PID:3928
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 992
            3⤵
            • Program crash
            PID:5804
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 1000
            3⤵
            • Program crash
            PID:5860
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 3928 -ip 3928
        1⤵
          PID:5780
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3928 -ip 3928
          1⤵
            PID:5840

          Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\Favorites\netservice.exe
                  Filesize

                  496KB

                  MD5

                  32bf2d466325ca12c5e94dd27d695c3d

                  SHA1

                  3aa3dedaa3d63e800cd453e099e223ccd5660ddc

                  SHA256

                  4a93f6ff37174af5e5f36d3ce8f0ba0ebf77f4ace0a1b5187452435044bbbad7

                  SHA512

                  3ce90c98b59cc72a4ef9080b47b57aac4675f1fad546d1cc9b838f687216b815f2ad59a3c1b4d235e954726d5652fd9d797037d4e4ee8e2b524609dd8eea9ba5

                  Download Submit

                • memory/2812-721-0x0000000000400000-0x00000000004B8000-memory.dmp

                  Filesize

                  736KB

                  Download

                • memory/2812-25-0x0000000010410000-0x0000000010468000-memory.dmp

                  Filesize

                  352KB

                  Download

                • memory/3928-27-0x0000000000460000-0x0000000000461000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/3928-26-0x00000000001A0000-0x00000000001A1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/4832-7-0x00000000024B0000-0x00000000024B1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/4832-5-0x0000000002450000-0x0000000002451000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/4832-13-0x0000000003480000-0x0000000003481000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/4832-12-0x0000000003430000-0x0000000003432000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/4832-11-0x0000000003440000-0x0000000003441000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/4832-9-0x00000000024D0000-0x00000000024D1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/4832-8-0x00000000024A0000-0x00000000024A1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/4832-0-0x0000000000400000-0x00000000004B8000-memory.dmp

                  Filesize

                  736KB

                  Download

                • memory/4832-6-0x0000000002440000-0x0000000002441000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/4832-14-0x0000000000760000-0x0000000000761000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/4832-4-0x00000000024C0000-0x00000000024C1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/4832-3-0x0000000002470000-0x0000000002471000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/4832-15-0x0000000000770000-0x0000000000771000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/4832-23-0x0000000000400000-0x00000000004B8000-memory.dmp

                  Filesize

                  736KB

                  Download

                • memory/4832-24-0x0000000002290000-0x00000000022E4000-memory.dmp

                  Filesize

                  336KB

                  Download

                • memory/4832-16-0x0000000003450000-0x0000000003451000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/4832-10-0x0000000002460000-0x0000000002461000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/4832-2-0x0000000002490000-0x0000000002491000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/4832-1-0x0000000002290000-0x00000000022E4000-memory.dmp

                  Filesize

                  336KB

                  Download