modiloader | 7232c637dfb4f6c3fc6b4fdd53ffb993f33669f6f13dd51b4289e69b4ab4d56b

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 06:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19101acd44ecfe81f47261eb5a1ab6de_JaffaCakes118.exe
Size

610KB
MD5

19101acd44ecfe81f47261eb5a1ab6de
SHA1

87a9d3b2dd2c62573ee5ef1d9c46fa91246da247
SHA256

7232c637dfb4f6c3fc6b4fdd53ffb993f33669f6f13dd51b4289e69b4ab4d56b
SHA512

6f9d9d27e56f72fa0c5403d107fdfc71e816e09beb38f53178f271d30805769dc2abde1452e999c9cbbc55738f6fa64a25bdbcde2c4f6854197216a72e3147d3
SSDEEP

12288:T39gKz0EqJkmSgOK0StF3Z4mxxxoEtlK+kt9T2MNJ:TNUcbStQmXyGwJ

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2544-12-0x0000000003390000-0x0000000003439000-memory.dmp	modiloader_stage2
behavioral2/memory/2544-16-0x0000000000400000-0x0000000000559000-memory.dmp	modiloader_stage2

Drops file in Program Files directory 1 IoCs

Processes:

19101acd44ecfe81f47261eb5a1ab6de_JaffaCakes118.exe

description ioc process

File created C:\Program Files\Common Files\Microsoft Shared\MSINFO\paramstr.txt 19101acd44ecfe81f47261eb5a1ab6de_JaffaCakes118.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2848 2544 WerFault.exe 19101acd44ecfe81f47261eb5a1ab6de_JaffaCakes118.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\paramstr.txt	19101acd44ecfe81f47261eb5a1ab6de_JaffaCakes118.exe

pid	pid_target	process	target process
2848	2544	WerFault.exe	19101acd44ecfe81f47261eb5a1ab6de_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

19101acd44ecfe81f47261eb5a1ab6de_JaffaCakes118.exe

description	pid	process	target process
PID 2544 wrote to memory of 1244	2544	19101acd44ecfe81f47261eb5a1ab6de_JaffaCakes118.exe	IEXPLORE.EXE
PID 2544 wrote to memory of 1244	2544	19101acd44ecfe81f47261eb5a1ab6de_JaffaCakes118.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\19101acd44ecfe81f47261eb5a1ab6de_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19101acd44ecfe81f47261eb5a1ab6de_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2544

C:\program files\internet explorer\IEXPLORE.EXE
"C:\program files\internet explorer\IEXPLORE.EXE"
2⤵
PID:1244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 652
2⤵
- Program crash
PID:2848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2544 -ip 2544
1⤵
PID:1692

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2544-1-0x0000000000A20000-0x0000000000A74000-memory.dmp

Filesize
336KB

Download
memory/2544-0-0x0000000000400000-0x0000000000559000-memory.dmp

Filesize
1.3MB

Download
memory/2544-10-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/2544-9-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/2544-8-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/2544-15-0x0000000002280000-0x0000000002281000-memory.dmp

Filesize
4KB

Download
memory/2544-14-0x0000000003390000-0x0000000003391000-memory.dmp

Filesize
4KB

Download
memory/2544-13-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/2544-12-0x0000000003390000-0x0000000003439000-memory.dmp

Filesize
676KB

Download
memory/2544-7-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/2544-6-0x0000000002290000-0x0000000002291000-memory.dmp

Filesize
4KB

Download
memory/2544-5-0x00000000022A0000-0x00000000022A1000-memory.dmp

Filesize
4KB

Download
memory/2544-4-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/2544-3-0x00000000023D0000-0x00000000023D1000-memory.dmp

Filesize
4KB

Download
memory/2544-2-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/2544-16-0x0000000000400000-0x0000000000559000-memory.dmp

Filesize
1.3MB

Download
memory/2544-17-0x0000000000A20000-0x0000000000A74000-memory.dmp

Filesize
336KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads