modiloader | 31e58a5ffe24c8043ecd08816a14a68bfc6b913e8dd2ebc269d9b1fa38c24b4c

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 13:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe
Size

384KB
MD5

d47eca1186bd3387a4704bf79b9a465e
SHA1

7c78087f20e63ea427527788e7031b9db4a8f022
SHA256

31e58a5ffe24c8043ecd08816a14a68bfc6b913e8dd2ebc269d9b1fa38c24b4c
SHA512

a57517bd3ad539b0e80760fb01ba4b8afb4943bbf282dab458165817e16e5532b757617b7a97c178b2e7655d1e1d65d5ee73ddba8aaf3650f6a0c58a06e0decf
SSDEEP

6144:bcTx2F2idZecnl20lHRxp3gFVuYsQ5cOdeRb8iY91EEVKYVAaMB:bcT0F3Z4mxxk7sIcOa/Y91TVK99B

Score

10^/10

modiloader discovery trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

resource	yara_rule
behavioral2/memory/3132-96-0x0000000003490000-0x00000000034B4000-memory.dmp	modiloader_stage2

Loads dropped DLL 2 IoCs

pid	Process
3132	d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe
3132	d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\atmQQ2.dll	d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3132	d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe
3132	d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe
3132	d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe
3132	d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe
3132	d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe
3132	d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe
3132	d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe
3132	d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3132	d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d47eca1186bd3387a4704bf79b9a465e_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\microsoft shared\MSInfo\atmQQ2.dll

Filesize
20KB

MD5
c3fd9a35b0694328ff28ad9aaa01544c

SHA1
ae094353606ec2f5316fee291c61d673ac259dcb

SHA256
d8fc255f69f962a44978be1713f1555a17ea7006c3ccaa14c6dc379b7e7eedc6

SHA512
6c3837934ea2edbc3382ad26044676b576068685b3013b4622d1a643210c590b55b0717ff2ee15270e3ee80410438d2e6dc3e0eb649b2d1bcd24037c6b40f4f8

Download Submit
memory/3132-0-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/3132-1-0x0000000000950000-0x00000000009A4000-memory.dmp

Filesize
336KB

Download
memory/3132-3-0x0000000000930000-0x0000000000931000-memory.dmp

Filesize
4KB

Download
memory/3132-11-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-9-0x0000000000940000-0x0000000000941000-memory.dmp

Filesize
4KB

Download
memory/3132-8-0x00000000009B0000-0x00000000009B1000-memory.dmp

Filesize
4KB

Download
memory/3132-7-0x0000000000490000-0x0000000000491000-memory.dmp

Filesize
4KB

Download
memory/3132-6-0x00000000008F0000-0x00000000008F1000-memory.dmp

Filesize
4KB

Download
memory/3132-5-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download
memory/3132-4-0x0000000000910000-0x0000000000911000-memory.dmp

Filesize
4KB

Download
memory/3132-2-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/3132-17-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-18-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-19-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-22-0x0000000002280000-0x0000000002281000-memory.dmp

Filesize
4KB

Download
memory/3132-21-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-20-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-23-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-26-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-25-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-24-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-27-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-31-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-30-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-43-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/3132-42-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/3132-41-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/3132-40-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/3132-39-0x00000000022A0000-0x00000000022A1000-memory.dmp

Filesize
4KB

Download
memory/3132-38-0x00000000022B0000-0x00000000022B1000-memory.dmp

Filesize
4KB

Download
memory/3132-51-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-50-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-49-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/3132-48-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/3132-47-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/3132-46-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/3132-45-0x00000000023B0000-0x00000000023B1000-memory.dmp

Filesize
4KB

Download
memory/3132-44-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-37-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/3132-36-0x00000000022D0000-0x00000000022D1000-memory.dmp

Filesize
4KB

Download
memory/3132-35-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/3132-34-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-33-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-32-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-29-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-28-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-52-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-53-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-63-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-67-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-73-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-80-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-88-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-96-0x0000000003490000-0x00000000034B4000-memory.dmp

Filesize
144KB

Download
memory/3132-95-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-94-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-93-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-92-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-91-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-90-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-89-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-87-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-86-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-85-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-84-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-83-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-82-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-81-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-79-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-78-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-77-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-76-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-75-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-74-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-72-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-71-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-70-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-69-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-68-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-66-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-65-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-62-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-61-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-60-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-59-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-58-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-57-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-56-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-64-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-54-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-55-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-97-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/3132-98-0x0000000000950000-0x00000000009A4000-memory.dmp

Filesize
336KB

Download
memory/3132-99-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-101-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-102-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download
memory/3132-103-0x0000000003290000-0x0000000003390000-memory.dmp

Filesize
1024KB

Download