Overview

overview

10

Static

static

3

f008c75829...18.exe

windows7-x64

10

f008c75829...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-09-2024 14:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f008c7582930b0cfe31b423560177429_JaffaCakes118.exe

  • Size

    638KB

  • MD5

    f008c7582930b0cfe31b423560177429

  • SHA1

    561d33f6c20a560ec943eedf661709e01beb4d43

  • SHA256

    00b2a6d50cf5342a2a1ed88e369cfe093b8b082bb2c9d770710556e7494f2d50

  • SHA512

    e7c1c94fc80b9fd891c6f4617bdc8e4e34e15052d3c7b24fddb042ea98ca6b784099fa2428112277d34f9a4b646db325fb45136701f3b6f11fc956fd595e452f

  • SSDEEP

    12288:9Q8tUfibfnhgUHKfDgAnJGrgkw1c2obY7517iQq/ORXe:yfmfNwGrgkCocd1mh/ORXe

Score
10/10
modiloaderdiscoverypersistencetrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 4 IoCs
  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 4 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f008c7582930b0cfe31b423560177429_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f008c7582930b0cfe31b423560177429_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3528
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4180
      • C:\Windows\SysWOW64\Windous_system
        C:\Windows\system32\Windous_system
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        PID:3720
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\SgotoDel.bat
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4.exe
    Filesize

    775KB

    MD5

    3cc599cbdea82619149a2b62e866b14c

    SHA1

    0a0722ea4164c87a4453c1ce1389d8d591182852

    SHA256

    41a3304e344cb143e79a690219d5f7c8ab54cc26e8acd43445fcbe78859c35b6

    SHA512

    db2e7647126273896d38928168d31e51714093b52f55abf691629fbaef14a1a831a0e59b339e8aacbe401e96032d355137450fecfe57d86413d8d5a39dcb3fe4

    Download Submit

  • C:\Windows\SysWOW64\SgotoDel.bat
    Filesize

    144B

    MD5

    8ae64039d826b5cd7b18f19cd02448fc

    SHA1

    9fbbc25be9a768acc0f028a24aa8733f6ab4c80b

    SHA256

    ff89096af7bf23fbabfdf635f6f5707fae6ce937326ba951bdc44abd89b0d175

    SHA512

    f01616a7efb2a2a93430eb72bda046064150f9f8416d421c4f78fa947a2ac75a00ff01097336b53e605d7747a84f1b024381717ccfa5acdfd5bb47b7aaf1bb09

    Download Submit

  • memory/3528-25-0x0000000002A30000-0x0000000002A31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-4-0x0000000000B60000-0x0000000000B61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-23-0x0000000002A30000-0x0000000002A31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-8-0x0000000000CD0000-0x0000000000CD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-7-0x0000000000D00000-0x0000000000D01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-6-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-5-0x0000000000BA0000-0x0000000000BA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-24-0x0000000002A30000-0x0000000002A31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-15-0x0000000002A30000-0x0000000002A31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-18-0x0000000002A30000-0x0000000002A31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-34-0x0000000002A20000-0x0000000002A21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-36-0x0000000002A20000-0x0000000002A21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-0-0x0000000001000000-0x0000000001106000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3528-33-0x0000000002A20000-0x0000000002A21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-32-0x0000000002A20000-0x0000000002A21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-31-0x0000000002A20000-0x0000000002A21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-30-0x0000000002A20000-0x0000000002A21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-29-0x0000000002A20000-0x0000000002A21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-28-0x0000000002A30000-0x0000000002A31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-26-0x0000000002A30000-0x0000000002A31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-35-0x0000000002A20000-0x0000000002A21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-10-0x0000000002A20000-0x0000000002A21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-9-0x0000000000B80000-0x0000000000B81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-22-0x0000000002A30000-0x0000000002A31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-21-0x0000000002A30000-0x0000000002A31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-20-0x0000000002A30000-0x0000000002A31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-19-0x0000000002A30000-0x0000000002A31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-17-0x0000000002A30000-0x0000000002A31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-16-0x0000000002A30000-0x0000000002A31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-14-0x0000000002A30000-0x0000000002A31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-27-0x0000000002A30000-0x0000000002A31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-13-0x0000000002A30000-0x0000000002A31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-12-0x0000000002A30000-0x0000000002A31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-3-0x0000000000B70000-0x0000000000B71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-2-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-1-0x00000000006E0000-0x0000000000730000-memory.dmp

    Filesize

    320KB

    Download

  • memory/3528-11-0x0000000002A30000-0x0000000002A31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3528-62-0x0000000001000000-0x0000000001106000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3528-63-0x00000000006E0000-0x0000000000730000-memory.dmp

    Filesize

    320KB

    Download

  • memory/3720-59-0x0000000000400000-0x00000000004CB200-memory.dmp

    Filesize

    812KB

    Download

  • memory/4180-60-0x0000000000400000-0x00000000004CB200-memory.dmp

    Filesize

    812KB

    Download

  • memory/4180-42-0x0000000000400000-0x00000000004CB200-memory.dmp

    Filesize

    812KB

    Download