Overview

overview

10

Static

static

3

fc86361944...18.exe

windows7-x64

10

fc86361944...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    91s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-12-2024 17:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fc863619442b984950a293daaa218f22_JaffaCakes118.exe

  • Size

    37KB

  • MD5

    fc863619442b984950a293daaa218f22

  • SHA1

    55b302d40f50737630658abccb4065e897a6e018

  • SHA256

    01b661e94e2487ac3f6da6893ec126cc60c6c87d58aeec8bfc7620fea7c82c33

  • SHA512

    110fe336053da074d50fb291faced196ec4925a38ca960e1cc1da58885f15d93e0eb3cbb61387d5b750c1991419dc847cfca9982065f451d98bad0347f195326

  • SSDEEP

    768:i2hqVaXthyz8IxtonIJ4yY5rGfF3J1Rd/5va7OO/sedCKFRYwX4Kpjp:i2UV8tzIx+nIiywifhQ6O/s8F244A1

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • Modiloader family
    modiloader
  • ModiLoader Second Stage 3 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fc863619442b984950a293daaa218f22_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fc863619442b984950a293daaa218f22_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4956

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Common Files\microsoft shared\MSInfo\atmQQ2.dll
    Filesize

    20KB

    MD5

    c9513e5e9e32f0058914ed42a1de1137

    SHA1

    037c7b10f4a53fd721b747c6b5d102dc6332d018

    SHA256

    8902bc6820810f726d09342c57af686ce44f35326b2c8ceaaad0ce016151f120

    SHA512

    a6ca6158d4e7e60e0f38b561dc8917de609cdc808394bfefe8980e8e8efbfdde8cd5d81c6d6df5ababfc276b50d32632e63123e8b2acfef67e213c527ad6f9a0

    Download Submit

  • memory/4956-0-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/4956-1-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4956-2-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/4956-10-0x00000000023A0000-0x00000000023C3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/4956-9-0x00000000023A0000-0x00000000023C3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/4956-11-0x00000000023A0000-0x00000000023C3000-memory.dmp

    Filesize

    140KB

    Download