Overview

overview

10

Static

static

offer order.exe

windows7_x64

10

offer order.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    83s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    21-05-2022 18:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    offer order.exe

  • Size

    1.7MB

  • MD5

    10419c97cde1aa8bad4e33279a15f7f8

  • SHA1

    b2942c499632593cface5c1fd18c12105656bf75

  • SHA256

    aa840ddac1cbded575db7d3ee2d1e3102fd1c35d0a709f42209543f9913e438f

  • SHA512

    c77bc2ead1869aced4a8e2955317c5cf99bbb68e35d54ec4d8794a6794bf3dda3b24764c8ce21bddf9ff09372565f08e3191a2c46fcbbfaaf649fa5f47bab0bc

Score
10/10
modiloadertrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader First Stage 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\offer order.exe
    "C:\Users\Admin\AppData\Local\Temp\offer order.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1836
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 1436
      2⤵
      • Program crash
      PID:428

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/428-62-0x0000000000000000-mapping.dmp
    Download
  • memory/1836-54-0x0000000075501000-0x0000000075503000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1836-56-0x00000000003A0000-0x00000000003B0000-memory.dmp
    Filesize

    64KB

    Download