Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

e2caf478ce...18.exe

windows7-x64

10

e2caf478ce...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    15/09/2024, 15:23 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e2caf478ced4391cfca807761f4d1568_JaffaCakes118.exe

  • Size

    271KB

  • MD5

    e2caf478ced4391cfca807761f4d1568

  • SHA1

    ff413caca3e9a79b0a467b78d3228f645618917b

  • SHA256

    26237182703a05b250f03316388eb28e7078a6aff6407312fec57c7fc101e88a

  • SHA512

    2cae60cd05161152deba0b3f925dc967feb047de30979d6628c173b66b02f9090283bbe8e2d0e007fe72d5bc16cacde5bfe182c795ad70f0c56b1ae1b76a6ec9

  • SSDEEP

    6144:jQ0AbCds86kSG7sW6lqF0hIwCBo82sKEJRyywQYHTUoiAQgwV:7Ab7yIqF0vCB0sKcIQvnV

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 4 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 4 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2caf478ced4391cfca807761f4d1568_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e2caf478ced4391cfca807761f4d1568_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1244
    • C:\Windows\SysWOW64\¡¡.exe
      C:\Windows\system32\¡¡.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      PID:2516
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\system32\SxDel.bat
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\SxDel.bat
    Filesize

    212B

    MD5

    c02a820225dc6aef10f5c365a3d7fa7d

    SHA1

    4135cb0dc9e971d709432446ed0607e140bb6b4a

    SHA256

    7d5eb543bdea5d9deaea058f48c5a6320d2aef1abff300a08427b7ca932e7070

    SHA512

    2c4c5b5441374271413d60fd5674bea167c758d913b94b8159648395fc2948aa8022f3b5810e191d233e2107fbeb85dab51019ebe9dae9e32864e8bb1d13837d

    Download Submit

  • F:\¡¡.exe
    Filesize

    271KB

    MD5

    e2caf478ced4391cfca807761f4d1568

    SHA1

    ff413caca3e9a79b0a467b78d3228f645618917b

    SHA256

    26237182703a05b250f03316388eb28e7078a6aff6407312fec57c7fc101e88a

    SHA512

    2cae60cd05161152deba0b3f925dc967feb047de30979d6628c173b66b02f9090283bbe8e2d0e007fe72d5bc16cacde5bfe182c795ad70f0c56b1ae1b76a6ec9

    Download Submit

  • memory/1244-0-0x0000000000400000-0x000000000050E000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1244-1-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1244-2-0x0000000000400000-0x000000000050E000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1244-13-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1244-20-0x0000000003170000-0x000000000327E000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1244-33-0x0000000000400000-0x000000000050E000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2516-22-0x0000000000400000-0x000000000050E000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2516-31-0x0000000000400000-0x000000000050E000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2516-23-0x0000000000400000-0x000000000050E000-memory.dmp

    Filesize

    1.1MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.