Overview

overview

10

Static

static

2cce8f9a45...b0.exe

windows7-x64

10

2cce8f9a45...b0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    6s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2022, 04:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2cce8f9a459b583c659ba36b7eb9470ea216bc37442de2e894392a9eb89035b0.exe

  • Size

    34KB

  • MD5

    621f63d7d8bc9fe5dc1e2f1b17f1ddf0

  • SHA1

    bb8e1f9b21fbde23cc54c1ad7d125f4e05840682

  • SHA256

    2cce8f9a459b583c659ba36b7eb9470ea216bc37442de2e894392a9eb89035b0

  • SHA512

    f77d137a3f45b70a959117463102ea1bde8217903e1ccd425bf3ae28400e0ed07e64b7f45a5311bd1af25360cc632bd49de82fba96d227d1aa8f54facb943ee6

  • SSDEEP

    768:/qJCnrXKxzzfLGtm6BqCzk1gbiWrDlhpJPDSQpcNSZrduxjhp:/qMXGLaLIt1hWrDlhpJPqAUlj

Score
10/10
modiloadertrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2cce8f9a459b583c659ba36b7eb9470ea216bc37442de2e894392a9eb89035b0.exe
    "C:\Users\Admin\AppData\Local\Temp\2cce8f9a459b583c659ba36b7eb9470ea216bc37442de2e894392a9eb89035b0.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    PID:1016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files\Common Files\Microsoft Shared\MSInfo\atmQQ2.dll
    Filesize

    22KB

    MD5

    0d478df25c8906870d1d02976abe69af

    SHA1

    bb370656787c6e2d9ce246a62ed16e848e9563be

    SHA256

    0a1548b1eb7e46808b9d60eeff2b6fa6340b03afe5e84efdd11f0ddf8335f92d

    SHA512

    a21b6abfbba24f38c53a896a8b1f27260f14741969bb01d356d5a331cdd9be58bb33f68c14cf2f753aec6abe8505198b2deba9a35d6d6d9c40d18338e1a57988

    Download Submit

  • memory/1016-54-0x0000000075F51000-0x0000000075F53000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1016-56-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1016-57-0x00000000001B0000-0x00000000001CC000-memory.dmp

    Filesize

    112KB

    Download