Overview

overview

10

Static

static

3

f437194765...18.exe

windows7-x64

10

f437194765...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    24-09-2024 18:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f4371947650402411158039cc10e0613_JaffaCakes118.exe

  • Size

    378KB

  • MD5

    f4371947650402411158039cc10e0613

  • SHA1

    48adb59ad72d74f2e7135dc3628703c390c562c9

  • SHA256

    f04b19bbbe2fcb714fe2310df2f29fa2e76e7f66c1ae9c3133e8f2c2d4eddace

  • SHA512

    4659049c2a2bdf7f85e66f636da1eb39032d27fccea7ea1eff0d73d882d7d4b2785143dbeb99d8b69e50a890997df869ecbd7e9c6ce74e719fda460b3e065809

  • SSDEEP

    6144:5NjIs9KnfkDxJ9SnoDOXlRUB0R4R4jkLaPsvpuJHB2yI9lCS6ZpRh6/mV/5Tufz0:5NN9Knf0JUn8OXl6Bw4NLaUReh9I9ES2

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 3 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f4371947650402411158039cc10e0613_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f4371947650402411158039cc10e0613_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2788
    • C:\program files\internet explorer\IEXPLORE.EXE
      "C:\program files\internet explorer\IEXPLORE.EXE"
      2⤵
        PID:2816
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 292
        2⤵
        • Program crash
        PID:2792

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2788-0-0x0000000000400000-0x0000000000523000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2788-2-0x00000000004C4000-0x0000000000522000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2788-1-0x0000000000400000-0x0000000000523000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2788-4-0x0000000000400000-0x0000000000523000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2788-5-0x0000000000400000-0x0000000000523000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2788-6-0x00000000004C4000-0x0000000000522000-memory.dmp

      Filesize

      376KB

      Download