Analysis
-
max time kernel
71s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
04-07-2022 14:23
General
-
Target
28920de5f1a16d20eb01e17bee84c2144eefa938bf0653e4165e3ff18b9244cc.exe
-
Size
2.9MB
-
MD5
69b17d0f9389404a1228d310198b33e9
-
SHA1
d70d61353e3ce850e6891623336ebdab931d5530
-
SHA256
28920de5f1a16d20eb01e17bee84c2144eefa938bf0653e4165e3ff18b9244cc
-
SHA512
6e4523f25ac22c39e3f942646ab85677cb65b367dc28e30d2e2cf69fe23692f160708afcfd9b31f3f85cae7f87eccd7c96a7fedcd30c23b0e768fd40b6012af8
Score
10/10
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
ModiLoader Second Stage 39 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer 5 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 35 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\28920de5f1a16d20eb01e17bee84c2144eefa938bf0653e4165e3ff18b9244cc.exe"C:\Users\Admin\AppData\Local\Temp\28920de5f1a16d20eb01e17bee84c2144eefa938bf0653e4165e3ff18b9244cc.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\28920de5f1a16d20eb01e17bee84c2144eefa938bf0653e4165e3ff18b9244cc.exeC:\Users\Admin\AppData\Local\Temp\28920de5f1a16d20eb01e17bee84c2144eefa938bf0653e4165e3ff18b9244cc.exe2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/724-172-0x0000000000000000-mapping.dmp
-
memory/724-184-0x00000000007D0000-0x0000000000EE2000-memory.dmpFilesize
7.1MB
-
memory/724-186-0x0000000010410000-0x0000000010421000-memory.dmpFilesize
68KB
-
memory/4132-130-0x00000000007D0000-0x0000000000EE2000-memory.dmpFilesize
7.1MB
-
memory/4132-131-0x00000000007D0000-0x0000000000EE2000-memory.dmpFilesize
7.1MB
-
memory/4132-133-0x0000000077950000-0x0000000077AF3000-memory.dmpFilesize
1.6MB
-
memory/4132-134-0x00000000007D0000-0x0000000000EE2000-memory.dmpFilesize
7.1MB
-
memory/4132-135-0x0000000077950000-0x0000000077AF3000-memory.dmpFilesize
1.6MB
-
memory/4132-145-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-146-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-147-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-148-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-149-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-150-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-151-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-152-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-154-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-155-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-156-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-153-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-158-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-159-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-160-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-157-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-162-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-163-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-164-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-161-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-165-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-166-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-167-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-169-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-170-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-168-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-173-0x0000000010410000-0x0000000010421000-memory.dmpFilesize
68KB
-
memory/4132-175-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-176-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-174-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-177-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-178-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-187-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-188-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-189-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-190-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-191-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-192-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-193-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-194-0x0000000005870000-0x00000000058A4000-memory.dmpFilesize
208KB
-
memory/4132-195-0x00000000007D0000-0x0000000000EE2000-memory.dmpFilesize
7.1MB
-
memory/4132-196-0x0000000077950000-0x0000000077AF3000-memory.dmpFilesize
1.6MB