Overview

overview

10

Static

static

3

e493711917...18.exe

windows7-x64

10

e493711917...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-09-2024 10:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e49371191739ff954cb62429143e5579_JaffaCakes118.exe

  • Size

    586KB

  • MD5

    e49371191739ff954cb62429143e5579

  • SHA1

    397b0ba0f67827ed7a830fd70a59910fdcca3d76

  • SHA256

    4ed27ae580c02da3f25f6e40341b5d9edb58cbd4c89e86857fa0252a7c4298bb

  • SHA512

    30d25e5db633a4eac6b5f79423dd79ad5f4819b1f2deef75e75a17c4fe9f61bb9fb47e5591b9b3cdf8ee7f6950cf86ec7b8ae1fe981bdb5621c13f99df942ea3

  • SSDEEP

    12288:zmNxPfT6t2CQcAjaV16qM30BB1F3Z4mxx1ZSQgj/7RXi:qTj1CQcjAq20BB1QmX1Zzgj7c

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 5 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e49371191739ff954cb62429143e5579_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e49371191739ff954cb62429143e5579_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2348
    • C:\Program Files\Common Files\Microsoft Shared\MSINFO\svchost.exe
      "C:\Program Files\Common Files\Microsoft Shared\MSINFO\svchost.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      PID:2412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • F:\AutoRun.inf
    Filesize

    169B

    MD5

    5f7787360c566d826fdc5029dad5180f

    SHA1

    971aa4517fff5937a33b17029e9576ff73e8b827

    SHA256

    99c80c3778f7d635be13b495f0e1ff12c74bdfd282f93a10cce9f092eb8dbdb6

    SHA512

    02bd59d3e719bdc95a004cbfd9490015e3e28697e14d57b8fc1c6120a7b99c3c1cc7d105ee9889188f323322bf209aa806376d0f170ab83079ce19f76796932e

    Download Submit

  • F:\svchost.exe
    Filesize

    586KB

    MD5

    e49371191739ff954cb62429143e5579

    SHA1

    397b0ba0f67827ed7a830fd70a59910fdcca3d76

    SHA256

    4ed27ae580c02da3f25f6e40341b5d9edb58cbd4c89e86857fa0252a7c4298bb

    SHA512

    30d25e5db633a4eac6b5f79423dd79ad5f4819b1f2deef75e75a17c4fe9f61bb9fb47e5591b9b3cdf8ee7f6950cf86ec7b8ae1fe981bdb5621c13f99df942ea3

    Download Submit

  • memory/2348-13-0x0000000003280000-0x0000000003281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-66-0x0000000000400000-0x0000000000558000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2348-29-0x0000000003270000-0x0000000003271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-28-0x0000000003270000-0x0000000003271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-27-0x0000000003270000-0x0000000003271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-26-0x0000000003270000-0x0000000003271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-25-0x0000000003270000-0x0000000003271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-24-0x0000000003270000-0x0000000003271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-23-0x0000000003270000-0x0000000003271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-22-0x0000000003270000-0x0000000003271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-21-0x0000000003270000-0x0000000003271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-20-0x0000000003270000-0x0000000003271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-19-0x0000000003270000-0x0000000003271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-11-0x0000000003280000-0x0000000003281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-17-0x0000000003270000-0x0000000003271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-16-0x0000000003280000-0x0000000003281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-15-0x0000000003280000-0x0000000003281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-14-0x0000000003280000-0x0000000003281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-0-0x0000000000400000-0x0000000000558000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2348-30-0x0000000003270000-0x0000000003271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-18-0x0000000003270000-0x0000000003271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-10-0x0000000000370000-0x0000000000371000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-9-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-7-0x00000000003D0000-0x00000000003D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-6-0x0000000000350000-0x0000000000351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-5-0x0000000000360000-0x0000000000361000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-4-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-3-0x0000000000380000-0x0000000000381000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-2-0x00000000003B0000-0x00000000003B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-8-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-1-0x0000000000280000-0x00000000002D4000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2348-65-0x0000000000280000-0x00000000002D4000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2348-57-0x00000000043E0000-0x0000000004538000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2348-12-0x0000000003280000-0x0000000003281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2412-59-0x0000000000400000-0x0000000000558000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2412-67-0x0000000000400000-0x0000000000558000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2412-69-0x0000000000400000-0x0000000000558000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2412-81-0x0000000000400000-0x0000000000558000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2412-84-0x0000000000400000-0x0000000000558000-memory.dmp

    Filesize

    1.3MB

    Download