Overview

overview

10

Static

static

SecuriteIn...93.exe

windows7_x64

10

SecuriteIn...93.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    06-07-2022 02:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.generic.ml.11693.exe

  • Size

    1.0MB

  • MD5

    b7e7dbddbf21cffd9bc1c8dc94d4a441

  • SHA1

    f224aa8a1b6fcc26c1ebce42166529191381abd5

  • SHA256

    c8fc44d1f9bae45933ba95a20f0aebf0e69f8304ea11a4346e610dfacc8ce049

  • SHA512

    72caa05fd9bb53057ecc0beb0a48505901c1d1f6d76394e3340f4ba9daaf472f95a760634a4943858821b41e2ae887f0ac76aa667c5d4fba72436f0d3f20dc67

Score
10/10
modiloaderxloaderloaderpersistenceratsuricatatrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader
  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    suricata
  • ModiLoader Second Stage 38 IoCs
  • Xloader Payload 6 IoCs
    rat
  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 3 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 21 IoCs
  • Suspicious behavior: MapViewOfSection 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1380
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.generic.ml.11693.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.generic.ml.11693.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1260
      • C:\Windows\SysWOW64\logagent.exe
        C:\Windows\System32\logagent.exe
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of AdjustPrivilegeToken
        PID:1356
    • C:\Windows\SysWOW64\wuapp.exe
      "C:\Windows\SysWOW64\wuapp.exe"
      2⤵
      • Adds policy Run key to start application
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • Drops file in Program Files directory
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:364
      • C:\Windows\SysWOW64\cmd.exe
        /c del "C:\Windows\SysWOW64\logagent.exe"
        3⤵
          PID:896
        • C:\Program Files\Mozilla Firefox\Firefox.exe
          "C:\Program Files\Mozilla Firefox\Firefox.exe"
          3⤵
            PID:1608

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Registry Run Keys / Startup Folder

      1
      T1060

      Privilege Escalation

      Defense Evasion

      Modify Registry

      2
      T1112

      Credential Access

      Discovery

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • \Users\Admin\AppData\Local\Temp\sqlite3.dll
        Filesize

        650KB

        MD5

        5c73e64374d9ba37ac5569d1f7de5c9b

        SHA1

        592e26ffea429b30e0a648720b43739d2ff5e590

        SHA256

        5d0a5018218dbc363909a7eb915a763863cfbcad6d1a6231eb20633d098d57c7

        SHA512

        c0cfaf1bd497a799b3480a268bc4d2548d139f3f4b9f1ed41b09cd4c934d285b0ca36c1c3f45f8718feb50274bce1897939d0dfe612e26010c8bbaf004fe8905

        Download Submit
      • memory/364-123-0x0000000000000000-mapping.dmp
        Download
      • memory/364-126-0x0000000000B90000-0x0000000000E93000-memory.dmp
        Filesize

        3.0MB

        Download
      • memory/364-127-0x0000000001330000-0x000000000133B000-memory.dmp
        Filesize

        44KB

        Download
      • memory/364-128-0x0000000000090000-0x00000000000BC000-memory.dmp
        Filesize

        176KB

        Download
      • memory/364-129-0x00000000004A0000-0x0000000000530000-memory.dmp
        Filesize

        576KB

        Download
      • memory/364-131-0x0000000000090000-0x00000000000BC000-memory.dmp
        Filesize

        176KB

        Download
      • memory/896-125-0x0000000000000000-mapping.dmp
        Download
      • memory/1260-79-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-54-0x00000000753C1000-0x00000000753C3000-memory.dmp
        Filesize

        8KB

        Download
      • memory/1260-75-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-73-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-74-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-90-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-89-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-88-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-87-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-86-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-85-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-84-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-83-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-82-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-81-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-80-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-69-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-78-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-77-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-76-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-92-0x0000000010410000-0x000000001043C000-memory.dmp
        Filesize

        176KB

        Download
      • memory/1260-70-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-96-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-98-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-97-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-99-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-100-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-108-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-107-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-109-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-112-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-113-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-114-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-111-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-72-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-71-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-68-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-67-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-66-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1260-65-0x00000000042A0000-0x00000000042F3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/1356-93-0x0000000010410000-0x000000001043C000-memory.dmp
        Filesize

        176KB

        Download
      • memory/1356-124-0x0000000010410000-0x000000001043C000-memory.dmp
        Filesize

        176KB

        Download
      • memory/1356-121-0x0000000000310000-0x0000000000321000-memory.dmp
        Filesize

        68KB

        Download
      • memory/1356-118-0x00000000002C0000-0x00000000002D1000-memory.dmp
        Filesize

        68KB

        Download
      • memory/1356-117-0x0000000000B00000-0x0000000000E03000-memory.dmp
        Filesize

        3.0MB

        Download
      • memory/1356-116-0x0000000010410000-0x000000001043C000-memory.dmp
        Filesize

        176KB

        Download
      • memory/1356-95-0x0000000000000000-mapping.dmp
        Download
      • memory/1380-122-0x0000000006940000-0x0000000006A6A000-memory.dmp
        Filesize

        1.2MB

        Download
      • memory/1380-119-0x00000000064E0000-0x0000000006609000-memory.dmp
        Filesize

        1.2MB

        Download
      • memory/1380-130-0x0000000004EF0000-0x0000000004F8F000-memory.dmp
        Filesize

        636KB

        Download
      • memory/1380-132-0x0000000004EF0000-0x0000000004F8F000-memory.dmp
        Filesize

        636KB

        Download