Overview

overview

10

Static

static

3

ecb4f1222d...18.exe

windows7-x64

10

ecb4f1222d...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-09-2024 02:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ecb4f1222d64949eb248795fc1ce5082_JaffaCakes118.exe

  • Size

    628KB

  • MD5

    ecb4f1222d64949eb248795fc1ce5082

  • SHA1

    93e0523ad79cee1c5bfca2fbcb759f2b6b878fa9

  • SHA256

    cdc2a42cd8b6fc23dd3238786895d9090b469329ef6e45200e13b30e8e9eb5ba

  • SHA512

    be423099d7c13dec19ebce6abca739b2db37bd3edfc76ace93c9d79a356120fd028eff44be1e2831bee5a9ef91600d8215af0bd4f60bc21e900aaafc7b12d834

  • SSDEEP

    12288:pUaHSIUvBl7H6xDYY7WZrpiB1+F3Z4mxx64IxSo62jDrkAwh0:6aHSIGB96xsY78pif+QmXqsohkDi

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in Program Files directory 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ecb4f1222d64949eb248795fc1ce5082_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ecb4f1222d64949eb248795fc1ce5082_JaffaCakes118.exe"
    1⤵
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2364
    • C:\program files\internet explorer\IEXPLORE.EXE
      "C:\program files\internet explorer\IEXPLORE.EXE"
      2⤵
        PID:2504
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 312
        2⤵
        • Program crash
        PID:1792

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\AutoRun.inf
      Filesize

      157B

      MD5

      d27451cf32abe7a48f20a44c1d240777

      SHA1

      ebe8640298f71d3d7191ea7e7dbf618c4f620d08

      SHA256

      e62b737c2867f81414ff038e3d1ca72a14d77fba22b8f0cb0575e50262eb5568

      SHA512

      1df9eb1cf7d91e2ffc7826af910b26e710d510bc0dbeee85832a43ea3b9da034c905aa24d70fb7311fdee44a9e5b4ff97000ca708de89c9f5354dbf137d73101

      Download Submit

    • memory/2364-10-0x0000000000540000-0x0000000000541000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2364-2-0x0000000000570000-0x0000000000571000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2364-34-0x00000000002F0000-0x00000000002F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2364-1-0x0000000000830000-0x0000000000884000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2364-15-0x00000000002E0000-0x00000000002E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2364-14-0x00000000033D0000-0x00000000033D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2364-13-0x0000000003480000-0x0000000003481000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2364-9-0x0000000002120000-0x0000000002121000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2364-38-0x0000000000830000-0x0000000000884000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2364-35-0x00000000033A0000-0x00000000033A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2364-12-0x0000000003380000-0x0000000003383000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2364-8-0x0000000000580000-0x0000000000581000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2364-7-0x0000000000590000-0x0000000000591000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2364-6-0x0000000000520000-0x0000000000521000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2364-5-0x0000000000530000-0x0000000000531000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2364-4-0x0000000002110000-0x0000000002111000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2364-3-0x0000000000550000-0x0000000000551000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2364-0-0x0000000000400000-0x0000000000515000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2364-37-0x0000000000400000-0x0000000000515000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2364-11-0x0000000003390000-0x0000000003391000-memory.dmp

      Filesize

      4KB

      Download