Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

e06c69c495...18.exe

windows7-x64

10

e06c69c495...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    14/09/2024, 14:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e06c69c49584c658bc6d763b23be5a96_JaffaCakes118.exe

  • Size

    271KB

  • MD5

    e06c69c49584c658bc6d763b23be5a96

  • SHA1

    c9f23e2ae268bcefbf346d37dc1a03c3df1ede90

  • SHA256

    4e58ce8d327985f314bdfd54db5c55068adc4dfcc3f326d09994c96ee9a40fbe

  • SHA512

    ef278781d3eb6eb34382d968cad6452ec3a71f6a618aa4134fbb01837ccb4ea5c7a713e14fddc465b2f4129c9b987333a2f1e79ae5e4d69083e3e59d6eb6dca1

  • SSDEEP

    6144:un04iaqbh4l26Px8c/mcbwBDzQiI9QKDQ38IFnAmvHQN8F7L+:Z4iaqal2wqhI9J8MIFnAmoN8Q

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 5 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e06c69c49584c658bc6d763b23be5a96_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e06c69c49584c658bc6d763b23be5a96_JaffaCakes118.exe"
    1⤵
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1312
    • C:\Windows\IEXPL0RE.EXE
      C:\Windows\IEXPL0RE.EXE
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2376
      • C:\Windows\SysWOW64\mmc.exe
        "C:\Windows\system32\mmc.exe"
        3⤵
          PID:2440
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 280
          3⤵
          • Program crash
          PID:1844
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c C:\Windows\ReDelBat.bat
        2⤵
        • Deletes itself
        • System Location Discovery: System Language Discovery
        PID:2632

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\AutoRun.inf
      Filesize

      172B

      MD5

      ce0c8ce88cb3df958100773386d9a1ed

      SHA1

      055c6253e4f63f18812bf9820b43fdbf8751f327

      SHA256

      1f1349065382cd56502f9ef82162ce578464c0146531c1788a64cbc5858bc4ac

      SHA512

      8a6b3d397c4ca06963859849e8650320fedf7cfdf57646b2ced10da97ead18416691439efb606502533311ec024a7c38bcfca15cf9068adee44f617bc7858ce6

      Download Submit

    • C:\Windows\ReDelBat.bat
      Filesize

      212B

      MD5

      5391194c8a253177b24afe6df00dc66f

      SHA1

      ef2a1010861acc76f7da615f8fa9e82310e50785

      SHA256

      f71d5d1f2da4352415d1184fa066c5d361b3b6591c2c0a5b94a93b1b65a9f77d

      SHA512

      4953606d7573c984a3c65cd024a3392c4c40226ff815f0d7d266b30d10ed86b3cc44d131e4c9da4edfc39c8da0269abdbf4111a13c077c7a3c64affe2dede531

      Download Submit

    • F:\IEXPL0RE.EXE
      Filesize

      271KB

      MD5

      e06c69c49584c658bc6d763b23be5a96

      SHA1

      c9f23e2ae268bcefbf346d37dc1a03c3df1ede90

      SHA256

      4e58ce8d327985f314bdfd54db5c55068adc4dfcc3f326d09994c96ee9a40fbe

      SHA512

      ef278781d3eb6eb34382d968cad6452ec3a71f6a618aa4134fbb01837ccb4ea5c7a713e14fddc465b2f4129c9b987333a2f1e79ae5e4d69083e3e59d6eb6dca1

      Download Submit

    • memory/1312-29-0x0000000002FB0000-0x00000000030B4000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1312-42-0x0000000000400000-0x0000000000504000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1312-1-0x0000000000400000-0x0000000000504000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1312-53-0x0000000000400000-0x0000000000504000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1312-19-0x00000000003E0000-0x00000000003E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1312-0-0x0000000000400000-0x0000000000504000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1312-2-0x00000000003E0000-0x00000000003E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1312-43-0x0000000002FB0000-0x00000000030B4000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/2376-31-0x0000000000400000-0x0000000000504000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/2376-44-0x0000000000400000-0x0000000000504000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/2376-45-0x00000000002E0000-0x00000000002E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2376-32-0x00000000002E0000-0x00000000002E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2376-30-0x00000000002E0000-0x00000000002E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2440-40-0x0000000000400000-0x0000000000504000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/2440-36-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download