Overview

overview

10

Static

static

3

f79dfbc3b8...18.exe

windows7-x64

10

f79dfbc3b8...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26-09-2024 04:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f79dfbc3b8a8f8b9fd83e46883702f87_JaffaCakes118.exe

  • Size

    605KB

  • MD5

    f79dfbc3b8a8f8b9fd83e46883702f87

  • SHA1

    05a6e85d01fa03ba78d592bb3c989a5ab1c0d21b

  • SHA256

    64673f314e82337483b9fac8800a4ed11f8b05d70410d504c27a8d5406c0fea9

  • SHA512

    bfea7d05105d6e2577665afd5a26f29d5dff53ff7d4e2b7e40debf39c0844070fc7b648648bd0645fbf2feb874979c778ebf89d8550ae2b4dc89d828ea707135

  • SSDEEP

    12288:2rsWE6q36UnEFqHZtZbVp1VhbkSp3OeiHequ3GqXHnP3wNmz:24yUnn55bbkSp3Oeibu3GUHPwNmz

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in Program Files directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f79dfbc3b8a8f8b9fd83e46883702f87_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f79dfbc3b8a8f8b9fd83e46883702f87_JaffaCakes118.exe"
    1⤵
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\program files\internet explorer\IEXPLORE.EXE
      "C:\program files\internet explorer\IEXPLORE.EXE"
      2⤵
        PID:2564

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\AutoRun.inf
      Filesize

      163B

      MD5

      b440eed00f70b8fff8c6e70e518a50fd

      SHA1

      27458e044aa79761ea671de12b059adf4cc2178f

      SHA256

      514afe9d37b54efc5d45596a17562d81e998bb3c2e2c296c9f7fcf7fec8ee054

      SHA512

      b4a82119a6614d5a4b96d38ab688c27edcf09f5e667dda3edf850f6b3ba170b2b668b5bc98d4ac041d911f42e129f848aa8b362a83e8ea4241e3dac355d7c850

      Download Submit

    • memory/3032-12-0x00000000032E0000-0x00000000032E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3032-45-0x00000000002D0000-0x0000000000324000-memory.dmp

      Filesize

      336KB

      Download

    • memory/3032-13-0x00000000032E0000-0x00000000032E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3032-22-0x00000000032D0000-0x00000000032D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3032-21-0x00000000032D0000-0x00000000032D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3032-20-0x00000000032D0000-0x00000000032D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3032-19-0x00000000033D0000-0x00000000033D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3032-18-0x00000000033D0000-0x00000000033D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3032-17-0x00000000032E0000-0x00000000032E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3032-16-0x00000000032E0000-0x00000000032E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3032-15-0x00000000032E0000-0x00000000032E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3032-14-0x00000000032E0000-0x00000000032E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3032-23-0x00000000032D0000-0x00000000032D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3032-24-0x00000000032D0000-0x00000000032D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3032-4-0x0000000000610000-0x0000000000611000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3032-10-0x00000000005B0000-0x00000000005B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3032-9-0x0000000000620000-0x0000000000621000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3032-8-0x00000000005F0000-0x00000000005F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3032-7-0x0000000000600000-0x0000000000601000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3032-6-0x00000000003E0000-0x00000000003E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3032-5-0x00000000003F0000-0x00000000003F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3032-11-0x00000000032E0000-0x00000000032E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3032-3-0x00000000005C0000-0x00000000005C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3032-2-0x00000000005E0000-0x00000000005E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3032-1-0x00000000002D0000-0x0000000000324000-memory.dmp

      Filesize

      336KB

      Download

    • memory/3032-46-0x0000000000400000-0x00000000005AA000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/3032-0-0x0000000000400000-0x00000000005AA000-memory.dmp

      Filesize

      1.7MB

      Download