Analysis
-
max time kernel
121s -
max time network
132s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
13/12/2021, 15:17 UTC
General
-
Target
DHL_119040 документ о получении,doc.exe
-
Size
756KB
-
MD5
3b62d1c0b3151a63ebc779d8723596f3
-
SHA1
865a6e4b1e90b8d4d8e27f13b6795df84267b70c
-
SHA256
10f5584682c3f5d54ba1e3afd68822c81e8234531c8b1a41e11774b980915c72
-
SHA512
85d36bf7f352e0d9dd39b5f9646b977dbdbe44bae176a07f78ca4cf1323121fdba68fbb9e8e3d4d90ed9803bc0a66ec9641714d8f9d58a9282c4f7b014e7ca0a
Score
10/10
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage 1 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\DHL_119040 документ о получении,doc.exe"C:\Users\Admin\AppData\Local\Temp\DHL_119040 документ о получении,doc.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 6122⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
784KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
80KB