modiloader | f1ec52b29ee7b25983fd7c939cceceb02fada1a9cf93eb178fea78fa22caf17a

Analysis

max time kernel
142s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
28-06-2024 14:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a6c14e8afe501f58c932a50541c6182_JaffaCakes118.exe
Size

594KB
MD5

1a6c14e8afe501f58c932a50541c6182
SHA1

720fd18148ff0352014806f5c511d1f06ea8aab7
SHA256

f1ec52b29ee7b25983fd7c939cceceb02fada1a9cf93eb178fea78fa22caf17a
SHA512

183499e5320b465e2e9be2c019ae7b83ede4796b1748c3e751bf8acf9f2d31956daa08210cdbaf850d59e43d60ccf1b064536edbec84cd83eb23ee6558de99f3
SSDEEP

12288:m73HpXwLT/99MSZXj9FBX5KGKf9qF3Z4mxxPOncTIT+5w8PVo:mLpA//oSF9FBJaYQmXP+cTItMo

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 5 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1636-76-0x0000000000400000-0x000000000055C000-memory.dmp	modiloader_stage2
behavioral1/memory/2508-89-0x0000000000400000-0x000000000055C000-memory.dmp	modiloader_stage2
behavioral1/memory/1636-93-0x0000000000400000-0x000000000055C000-memory.dmp	modiloader_stage2
behavioral1/memory/2508-94-0x0000000000400000-0x000000000055C000-memory.dmp	modiloader_stage2
behavioral1/memory/1636-116-0x0000000000400000-0x000000000055C000-memory.dmp	modiloader_stage2

Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

2868 cmd.exe
Executes dropped EXE 1 IoCs

Processes:

rej0.exe

pid process

2508 rej0.exe
Loads dropped DLL 5 IoCs

Processes:

1a6c14e8afe501f58c932a50541c6182_JaffaCakes118.exeWerFault.exe

pid process

1636 1a6c14e8afe501f58c932a50541c6182_JaffaCakes118.exe
1636 1a6c14e8afe501f58c932a50541c6182_JaffaCakes118.exe
3060 WerFault.exe
3060 WerFault.exe
3060 WerFault.exe

pid	process
2868	cmd.exe

pid	process
2508	rej0.exe

pid	process
1636	1a6c14e8afe501f58c932a50541c6182_JaffaCakes118.exe
1636	1a6c14e8afe501f58c932a50541c6182_JaffaCakes118.exe
3060	WerFault.exe
3060	WerFault.exe
3060	WerFault.exe

Drops file in Program Files directory 3 IoCs

Processes:

1a6c14e8afe501f58c932a50541c6182_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\MSINFO\rej0.exe	1a6c14e8afe501f58c932a50541c6182_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\DelSvel.bat	1a6c14e8afe501f58c932a50541c6182_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\rej0.exe	1a6c14e8afe501f58c932a50541c6182_JaffaCakes118.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3060 2508 WerFault.exe rej0.exe

pid	pid_target	process	target process
3060	2508	WerFault.exe	rej0.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

1a6c14e8afe501f58c932a50541c6182_JaffaCakes118.exerej0.exe

description	pid	process	target process
PID 1636 wrote to memory of 2508	1636	1a6c14e8afe501f58c932a50541c6182_JaffaCakes118.exe	rej0.exe
PID 1636 wrote to memory of 2508	1636	1a6c14e8afe501f58c932a50541c6182_JaffaCakes118.exe	rej0.exe
PID 1636 wrote to memory of 2508	1636	1a6c14e8afe501f58c932a50541c6182_JaffaCakes118.exe	rej0.exe
PID 1636 wrote to memory of 2508	1636	1a6c14e8afe501f58c932a50541c6182_JaffaCakes118.exe	rej0.exe
PID 2508 wrote to memory of 3060	2508	rej0.exe	WerFault.exe
PID 2508 wrote to memory of 3060	2508	rej0.exe	WerFault.exe
PID 2508 wrote to memory of 3060	2508	rej0.exe	WerFault.exe
PID 2508 wrote to memory of 3060	2508	rej0.exe	WerFault.exe
PID 1636 wrote to memory of 2868	1636	1a6c14e8afe501f58c932a50541c6182_JaffaCakes118.exe	cmd.exe
PID 1636 wrote to memory of 2868	1636	1a6c14e8afe501f58c932a50541c6182_JaffaCakes118.exe	cmd.exe
PID 1636 wrote to memory of 2868	1636	1a6c14e8afe501f58c932a50541c6182_JaffaCakes118.exe	cmd.exe
PID 1636 wrote to memory of 2868	1636	1a6c14e8afe501f58c932a50541c6182_JaffaCakes118.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\1a6c14e8afe501f58c932a50541c6182_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1a6c14e8afe501f58c932a50541c6182_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1636

C:\Program Files\Common Files\Microsoft Shared\MSINFO\rej0.exe
"C:\Program Files\Common Files\Microsoft Shared\MSINFO\rej0.exe"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 304
3⤵
- Loads dropped DLL
- Program crash
PID:3060

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Program Files\Common Files\Microsoft Shared\MSINFO\DelSvel.bat""
2⤵
- Deletes itself
PID:2868

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\Microsoft Shared\MSInfo\DelSvel.bat
Filesize
212B

MD5
400868b1bb900e256ac6f0adf3678905

SHA1
9125c1cc464e39f994bdf7fc15149845cc5487b9

SHA256
605cdaf394854fe35f9c6289ca450389bfce8c318bf9b798096decf7ab510fc8

SHA512
ab77798f3e22bf1010f65b973be1617c76eba5192c09033bdb71842c16f45feebbd2ec282911c5eec1546a85198b2f1f4dfde063476c298c44e57aa8ab0e374a

Download Submit
\Program Files\Common Files\Microsoft Shared\MSInfo\rej0.exe
Filesize
594KB

MD5
1a6c14e8afe501f58c932a50541c6182

SHA1
720fd18148ff0352014806f5c511d1f06ea8aab7

SHA256
f1ec52b29ee7b25983fd7c939cceceb02fada1a9cf93eb178fea78fa22caf17a

SHA512
183499e5320b465e2e9be2c019ae7b83ede4796b1748c3e751bf8acf9f2d31956daa08210cdbaf850d59e43d60ccf1b064536edbec84cd83eb23ee6558de99f3

Download Submit
memory/1636-31-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-59-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-36-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-75-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-74-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-73-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-72-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-71-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-70-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-69-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-68-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-67-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-66-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-65-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-64-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-63-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-62-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-61-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-60-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-30-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-58-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-57-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-56-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-55-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-54-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-53-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-52-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-29-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-50-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-49-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-48-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-47-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-46-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-45-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-44-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-43-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-42-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-41-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-40-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-39-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-38-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-37-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-35-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-34-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-33-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-32-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-0-0x0000000000400000-0x000000000055C000-memory.dmp

Filesize
1.4MB

Download
memory/1636-21-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-51-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-28-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-27-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-26-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-25-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-24-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-23-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-22-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-20-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-19-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-18-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-17-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-16-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/1636-15-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/1636-14-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/1636-13-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/1636-12-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/1636-11-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/1636-10-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/1636-9-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/1636-8-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/1636-7-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/1636-6-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/1636-5-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/1636-4-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/1636-3-0x00000000005F0000-0x00000000005F1000-memory.dmp

Filesize
4KB

Download
memory/1636-2-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/1636-76-0x0000000000400000-0x000000000055C000-memory.dmp

Filesize
1.4MB

Download
memory/1636-85-0x0000000004350000-0x00000000044AC000-memory.dmp

Filesize
1.4MB

Download
memory/1636-86-0x0000000004350000-0x00000000044AC000-memory.dmp

Filesize
1.4MB

Download
memory/1636-93-0x0000000000400000-0x000000000055C000-memory.dmp

Filesize
1.4MB

Download
memory/1636-95-0x00000000003A0000-0x00000000003F4000-memory.dmp

Filesize
336KB

Download
memory/1636-102-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/1636-101-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/1636-100-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/1636-99-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/1636-98-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/1636-97-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/1636-96-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/1636-103-0x0000000004350000-0x00000000044AC000-memory.dmp

Filesize
1.4MB

Download
memory/1636-105-0x0000000004350000-0x00000000044AC000-memory.dmp

Filesize
1.4MB

Download
memory/1636-1-0x00000000003A0000-0x00000000003F4000-memory.dmp

Filesize
336KB

Download
memory/1636-116-0x0000000000400000-0x000000000055C000-memory.dmp

Filesize
1.4MB

Download
memory/2508-88-0x0000000000400000-0x000000000055C000-memory.dmp

Filesize
1.4MB

Download
memory/2508-89-0x0000000000400000-0x000000000055C000-memory.dmp

Filesize
1.4MB

Download
memory/2508-94-0x0000000000400000-0x000000000055C000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads