Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

d36f50a40d...18.exe

windows7-x64

10

d36f50a40d...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07/12/2024, 20:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d36f50a40d127a49df5d363aefa62909_JaffaCakes118.exe

  • Size

    36KB

  • MD5

    d36f50a40d127a49df5d363aefa62909

  • SHA1

    6f8f5f662f7e422b4456546a4aa7d54194c48688

  • SHA256

    dc1d7dc22511ce01af67bccc833de3e9d9119f11eb5da4292f90c8b0b8d0621d

  • SHA512

    3a404d7c63c90d3fefc6b01dc3e9f2a0920db25be4e7a755dc2eccf7b7bb8d6f681a879f18128c2f6681537fa0a2c1fbc599fc22b1367b775696b3d4e6ae53f7

  • SSDEEP

    768:o12Zohqmbw35aKIO//TX6h6aakTzcgHcDol5dqT4FaM4Q4:o12KNbwpiOzKXTzcgHcDmqT4FB4

Score
10/10
modiloadertrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • Modiloader family
    modiloader
  • ModiLoader Second Stage 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d36f50a40d127a49df5d363aefa62909_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d36f50a40d127a49df5d363aefa62909_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:2468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files\Common Files\Microsoft Shared\MSInfo\atmQQ2.dll
    Filesize

    20KB

    MD5

    c313e21e1675a460469293354a85c37e

    SHA1

    f1c8487bf1e30d4aadf6efb4a92f39802203df6f

    SHA256

    efacfcf2d06f1139000c3e77f3d6bec3f3fdb6a79ab67c70a81fd766d303b82d

    SHA512

    1d1c85d7affd92c2563e38d1d6b61bd32912b031d584943f3c6593ceabdf55c3c475dc7ef4a4bba137da1e26e8c146128384437771d566c269ee0a357c5a4095

    Download Submit

  • memory/2468-0-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2468-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-2-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2468-6-0x0000000000320000-0x0000000000343000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2468-7-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2468-8-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-9-0x0000000000320000-0x0000000000343000-memory.dmp

    Filesize

    140KB

    Download