Overview

overview

10

Static

static

3

d3be4a4846...18.exe

windows7-x64

10

d3be4a4846...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08/09/2024, 06:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d3be4a48469b9c5a4e6eb2fc20ce323e_JaffaCakes118.exe

  • Size

    24KB

  • MD5

    d3be4a48469b9c5a4e6eb2fc20ce323e

  • SHA1

    a5d7eca144bfa64b928f7554c77a55d75b2c5d2f

  • SHA256

    e951432538bbb079469287d193bbaebc6a3d6b162ff88794c24f82f9a744ab3f

  • SHA512

    a3a39c7d66ae1c13027f9e9af8eb50c3870ede7ff382fd76ec65b1d2a1f42a4434ef23771a8871b7950d5bd2d70a2843e78ba8c79f032aa0c839507446274e5e

  • SSDEEP

    384:C3pJzu/RQ+mLyvXYu5+z0Y3YkqggX5s1/5uhTUfOa8vNY5Xd8lAocGV:qupC2/kzrqYEUfObek1

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 5 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d3be4a48469b9c5a4e6eb2fc20ce323e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d3be4a48469b9c5a4e6eb2fc20ce323e_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2788
    • C:\Windows\kulionzx.exe
      C:\Windows\kulionzx.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:2844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\kulionzx.dll
    Filesize

    27KB

    MD5

    e87447edc4cc5e36e072697d5133da6d

    SHA1

    55b0ea8fdbc0ce2341efa3f1595517ac2cb9f987

    SHA256

    2bbc984283697781c84328d3d947c12146ab542007df2b98c38877d383c5add1

    SHA512

    862205b60642ee7a286b278a153a13889ae34485ef2f454fe88e0daa1d4984c8a423df4eb71304d35777526bae49d7f978b89fb1d27cefacda1e387e4047c1f5

    Download Submit

  • C:\Windows\kulionzx.exe
    Filesize

    24KB

    MD5

    d3be4a48469b9c5a4e6eb2fc20ce323e

    SHA1

    a5d7eca144bfa64b928f7554c77a55d75b2c5d2f

    SHA256

    e951432538bbb079469287d193bbaebc6a3d6b162ff88794c24f82f9a744ab3f

    SHA512

    a3a39c7d66ae1c13027f9e9af8eb50c3870ede7ff382fd76ec65b1d2a1f42a4434ef23771a8871b7950d5bd2d70a2843e78ba8c79f032aa0c839507446274e5e

    Download Submit

  • memory/2788-0-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2788-13-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2788-8-0x00000000003D0000-0x00000000003F2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2844-12-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2844-9-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download