Overview

overview

10

Static

static

DHL_45678.exe

windows7_x64

1

DHL_45678.exe

windows10_x64

10

Analysis

  • max time kernel
    145s
  • max time network
    146s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    14-05-2021 16:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DHL_45678.exe

  • Size

    680KB

  • MD5

    f6ca1b224a24f24e3711cb9c7d5116e6

  • SHA1

    0df6caa2522747881e0b7f727ea8fd8bdfc6ea38

  • SHA256

    021490096d2120ed8c0802cb40e95a2501c83c5fde854071122c4e47c4ae370f

  • SHA512

    4853b2b5994ab21063e3d9cfb58400911bad4247ad51b170969615cb8355ea4246d3e69c30317df519b1063da289d734934fc7ff664b8269552ac51bdca0b5ef

Score
10/10
modiloaderparallaxpersistencerattrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ParallaxRat

    ParallaxRat is a multipurpose RAT written in MASM.

    ratparallax
  • ParallaxRat payload 1 IoCs

    Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DHL_45678.exe
    "C:\Users\Admin\AppData\Local\Temp\DHL_45678.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Program Files (x86)\internet explorer\ieinstal.exe
      "C:\Program Files (x86)\internet explorer\ieinstal.exe"
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1320
      • C:\Windows\SysWOW64\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\UN.vbs"
        3⤵
          PID:1668

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1320-121-0x0000000003280000-0x0000000003281000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1320-120-0x0000000002FC0000-0x0000000002FC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1320-123-0x0000000003250000-0x0000000003251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1320-124-0x0000000010540000-0x0000000010566000-memory.dmp

      Filesize

      152KB

      Download

    • memory/1320-125-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

      Download

    • memory/2232-114-0x0000000000730000-0x0000000000731000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2232-116-0x0000000002AC0000-0x0000000002ADA000-memory.dmp

      Filesize

      104KB

      Download