Analysis
-
max time kernel
40s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220715-en -
resource tags
arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system -
submitted
04-08-2022 20:19
Behavioral task
behavioral1
Sample
530b512844e279b34bc64adf339e9e5cdacc4d782624643a1c8254dc911878cc.dll
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
530b512844e279b34bc64adf339e9e5cdacc4d782624643a1c8254dc911878cc.dll
Resource
win10v2004-20220721-en
General
-
Target
530b512844e279b34bc64adf339e9e5cdacc4d782624643a1c8254dc911878cc.dll
-
Size
110KB
-
MD5
86042406b67b22e834bcd1a7cd7ebdd1
-
SHA1
5c17cfaa8cc413e95d3b6afc912ae418c48fb465
-
SHA256
530b512844e279b34bc64adf339e9e5cdacc4d782624643a1c8254dc911878cc
-
SHA512
c86ff54f91f2e232e22aa3d37845dbffa130504341792a096709df8ff70b55760f1e2ff817c1a13643cde3b6ac610986808fb7dab7b9a94c575350a0b3fe6240
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2024-56-0x00000000000B1000-0x00000000000C9000-memory.dmp modiloader_stage2 -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1876 wrote to memory of 2024 1876 rundll32.exe rundll32.exe PID 1876 wrote to memory of 2024 1876 rundll32.exe rundll32.exe PID 1876 wrote to memory of 2024 1876 rundll32.exe rundll32.exe PID 1876 wrote to memory of 2024 1876 rundll32.exe rundll32.exe PID 1876 wrote to memory of 2024 1876 rundll32.exe rundll32.exe PID 1876 wrote to memory of 2024 1876 rundll32.exe rundll32.exe PID 1876 wrote to memory of 2024 1876 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\530b512844e279b34bc64adf339e9e5cdacc4d782624643a1c8254dc911878cc.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\530b512844e279b34bc64adf339e9e5cdacc4d782624643a1c8254dc911878cc.dll,#12⤵