Analysis
-
max time kernel
49s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20220331-en -
submitted
07-04-2022 13:27
General
-
Target
f23cee6cf6de2de9b3d570a7f017c22b.exe
-
Size
1.0MB
-
MD5
f23cee6cf6de2de9b3d570a7f017c22b
-
SHA1
12b26e966bdb8e29734597d210c54d19509dbff8
-
SHA256
b931f34008a112398ad48f0bd4e2e955dd7385bcc5cafd41cdb2220f26bddc44
-
SHA512
56465532903563e248ccfe2ffdee198e1b967b65d99f7c977bb7e65e84330acc1273afcb119b55c147ebb22a0588e8855e604d0a54c335096efb265308f18586
Score
10/10
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f23cee6cf6de2de9b3d570a7f017c22b.exe"C:\Users\Admin\AppData\Local\Temp\f23cee6cf6de2de9b3d570a7f017c22b.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\DpiScaling.exeC:\Windows\System32\DpiScaling.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 1523⤵
- Program crash
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1444-89-0x0000000000000000-mapping.dmp
-
memory/1556-63-0x0000000000080000-0x0000000000081000-memory.dmpFilesize
4KB
-
memory/1556-65-0x0000000000000000-mapping.dmp
-
memory/1556-83-0x0000000010670000-0x00000000107C6000-memory.dmpFilesize
1.3MB
-
memory/2008-54-0x0000000075731000-0x0000000075733000-memory.dmpFilesize
8KB