Analysis
-
max time kernel
21s -
max time network
142s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
24-03-2021 17:03
General
-
Target
file.exe
-
Size
748KB
-
MD5
0cac39b068b68966a00bc3739dd40653
-
SHA1
a1d7852b2287bc05e899e0d837d27452af4fe76f
-
SHA256
deabb312ade9d16c64ea491e5cf9477e1b98f2c5cda72ab2cb1b8b75af558d31
-
SHA512
ac110c2d46b93a69bc335f8cc9e043e616b2e4e4dcddaf083f78ab3dc4aa00f70db9a399f601e6477566f09e1cb9da942203754675dbcdbd87c42349584d0671
Score
10/10
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 15 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\internet explorer\ieinstal.exe"C:\Program Files (x86)\internet explorer\ieinstal.exe"2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1192-2-0x00000000004D0000-0x00000000004D1000-memory.dmpFilesize
4KB
-
memory/2312-4-0x0000000000450000-0x0000000000451000-memory.dmpFilesize
4KB
-
memory/2312-5-0x0000000000000000-mapping.dmp
-
memory/2312-6-0x0000000000510000-0x0000000000511000-memory.dmpFilesize
4KB
-
memory/2312-8-0x0000000000570000-0x0000000000571000-memory.dmpFilesize
4KB
-
memory/2312-12-0x0000000010550000-0x0000000010586000-memory.dmpFilesize
216KB
-
memory/2312-13-0x0000000000D00000-0x0000000000D34000-memory.dmpFilesize
208KB