modiloader | 31e58a5ffe24c8043ecd08816a14a68bfc6b913e8dd2ebc269d9b1fa38c24b4c

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 13:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe
Size

384KB
MD5

d47eca1186bd3387a4704bf79b9a465e
SHA1

7c78087f20e63ea427527788e7031b9db4a8f022
SHA256

31e58a5ffe24c8043ecd08816a14a68bfc6b913e8dd2ebc269d9b1fa38c24b4c
SHA512

a57517bd3ad539b0e80760fb01ba4b8afb4943bbf282dab458165817e16e5532b757617b7a97c178b2e7655d1e1d65d5ee73ddba8aaf3650f6a0c58a06e0decf
SSDEEP

6144:bcTx2F2idZecnl20lHRxp3gFVuYsQ5cOdeRb8iY91EEVKYVAaMB:bcT0F3Z4mxxk7sIcOa/Y91TVK99B

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

resource	yara_rule
behavioral1/memory/2768-84-0x0000000003280000-0x00000000032A4000-memory.dmp	modiloader_stage2

Loads dropped DLL 1 IoCs

pid	Process
2768	d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\atmQQ2.dll	d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2768	d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe
2768	d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe
2768	d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe
2768	d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2768	d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Program Files\Common Files\Microsoft Shared\MSInfo\atmQQ2.dll

Filesize
20KB

MD5
c3fd9a35b0694328ff28ad9aaa01544c

SHA1
ae094353606ec2f5316fee291c61d673ac259dcb

SHA256
d8fc255f69f962a44978be1713f1555a17ea7006c3ccaa14c6dc379b7e7eedc6

SHA512
6c3837934ea2edbc3382ad26044676b576068685b3013b4622d1a643210c590b55b0717ff2ee15270e3ee80410438d2e6dc3e0eb649b2d1bcd24037c6b40f4f8

Download Submit
memory/2768-0-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/2768-1-0x0000000000280000-0x00000000002D4000-memory.dmp

Filesize
336KB

Download
memory/2768-2-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/2768-3-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/2768-10-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-14-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2768-9-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2768-8-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/2768-7-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2768-6-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2768-5-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/2768-4-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2768-15-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-16-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-17-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-18-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-19-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-20-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-21-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/2768-22-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/2768-23-0x0000000001ED0000-0x0000000001ED1000-memory.dmp

Filesize
4KB

Download
memory/2768-24-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2768-25-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2768-26-0x0000000001EC0000-0x0000000001EC1000-memory.dmp

Filesize
4KB

Download
memory/2768-27-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/2768-28-0x0000000001EE0000-0x0000000001EE1000-memory.dmp

Filesize
4KB

Download
memory/2768-29-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2768-30-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-31-0x00000000022A0000-0x00000000022A1000-memory.dmp

Filesize
4KB

Download
memory/2768-32-0x0000000002280000-0x0000000002281000-memory.dmp

Filesize
4KB

Download
memory/2768-33-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/2768-34-0x0000000001F40000-0x0000000001F41000-memory.dmp

Filesize
4KB

Download
memory/2768-35-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/2768-36-0x00000000022B0000-0x00000000022B1000-memory.dmp

Filesize
4KB

Download
memory/2768-37-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-38-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-39-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-40-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-41-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-43-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-42-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-44-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-45-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-46-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-49-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-48-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-47-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-55-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-54-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-53-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-52-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-51-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-50-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-56-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-71-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-84-0x0000000003280000-0x00000000032A4000-memory.dmp

Filesize
144KB

Download
memory/2768-83-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-82-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-81-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-80-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-79-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-78-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-77-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-76-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-75-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-74-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-73-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-72-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-70-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-69-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-68-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-67-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-66-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-65-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-64-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-63-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-62-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-61-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-60-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-59-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-58-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-57-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download
memory/2768-85-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/2768-86-0x0000000000280000-0x00000000002D4000-memory.dmp

Filesize
336KB

Download
memory/2768-88-0x0000000003180000-0x0000000003280000-memory.dmp

Filesize
1024KB

Download