Overview

overview

10

Static

static

10

e38fe16fc5...18.exe

windows7-x64

10

e38fe16fc5...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15-09-2024 23:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e38fe16fc51b3c42bef629ed62969f64_JaffaCakes118.exe

  • Size

    63KB

  • MD5

    e38fe16fc51b3c42bef629ed62969f64

  • SHA1

    cf295c7d03811b12dd897d3d9e711525c97e7897

  • SHA256

    2aa84a58339db121008c76c2ce37839c11978f630ea862149d87339da0fb5e2f

  • SHA512

    47f60e9081a501d06cabc01f5fc8d4c3cfef75ca21d5ddab3e578a5375dc3aa458dcba8c1fef35ad4c414938ed64b881793df3994e6933c16b9a27ccc5719b86

  • SSDEEP

    1536:HJqEVsjMnWP8GfbqxlspHBhf07ZpJjOzov:VVUsWUHlmuZpks

Score
10/10
modiloaderdiscoverypersistencetrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies WinLogon 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 5 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e38fe16fc51b3c42bef629ed62969f64_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e38fe16fc51b3c42bef629ed62969f64_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Modifies WinLogon
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:2532
    • C:\Windows\SysWOW64\rsoppmod.exe
      C:\Windows\system32\rsoppmod.exe
      2⤵
        PID:2572

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Local\Temp\adx.dll
      Filesize

      625KB

      MD5

      95e2376b3323f062eb562b8586d0f14a

      SHA1

      453d4c3bf4a489433b593420a37bbffb7749875a

      SHA256

      bd3fa8750123d00aa0967fba44372c46ea002681da9c9b77a4f9261553e26017

      SHA512

      b898603d07a49237e4dfc6872d5caa7616bae1258926f10e66c4d3f0d81cccefac1e844395b65bb1f308fbc022061b52e51f60658d0a546c04b365b3428cc87d

      Download Submit

    • \Users\Admin\AppData\Local\Temp\kvr.dll
      Filesize

      1.1MB

      MD5

      9b98d47916ead4f69ef51b56b0c2323c

      SHA1

      290a80b4ded0efc0fd00816f373fcea81a521330

      SHA256

      96e0ae104c9662d0d20fdf59844c2d18334e5847b6c4fc7f8ce4b3b87f39887b

      SHA512

      68b67021f228d8d71df4deb0b6388558b2f935a6aa466a12199cd37ada47ee588ea407b278d190d3a498b0ef3f5f1a2573a469b7ea5561ab2e7055c45565fe94

      Download Submit

    • memory/2532-13-0x0000000000400000-0x0000000000417000-memory.dmp

      Filesize

      92KB

      Download