modiloader | 435df61fa73993f4b7d3078e0e4e4a3e56fb1bccbefbe7878c934dd1b01e5278

Analysis

max time kernel
133s
max time network
147s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
25/10/2022, 17:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fattura scaduta.exe
Size

936KB
MD5

2df6641dd76043f80aefd2395c8797c3
SHA1

b74940aae38d2f47c35cfe6ec3a271f0314d0454
SHA256

18d3b2043c0bbcb8af1d740837e13dbfbf803156a205df76ed824625d57158e4
SHA512

dc84301b5ff0a8d2a1efba5de1a1a5f9afe59ad6b70330b778d462ba6d81373e52b3dc62a032af98e45cddd0974811c23475200b9251c841504c609105b8110a
SSDEEP

24576:J6K2h1iVrItFQWGKN+NXN40JIyLrFHDvk:J6K286n+NXmWb1j

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 40 IoCs

resource	yara_rule
behavioral1/memory/2028-56-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-59-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-60-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-58-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-61-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-62-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-63-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-64-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-66-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-65-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-67-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-69-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-68-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-70-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-71-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-72-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-73-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-75-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-74-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-77-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-78-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-79-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-81-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-82-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-80-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-84-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-85-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-83-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-87-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-86-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-88-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-90-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-91-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-89-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-93-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-94-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-95-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-96-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-98-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2
behavioral1/memory/2028-97-0x0000000003130000-0x0000000003186000-memory.dmp	modiloader_stage2

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1892	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1892	AUDIODG.EXE
Token: 33	1892	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1892	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\Fattura scaduta.exe
"C:\Users\Admin\AppData\Local\Temp\Fattura scaduta.exe"
1⤵
PID:2028

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1044

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x204
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1892

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1044-76-0x000007FEFBEE1000-0x000007FEFBEE3000-memory.dmp

Filesize
8KB

Download
memory/2028-65-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-78-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-60-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-58-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-61-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-62-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-63-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-64-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-66-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-54-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download
memory/2028-67-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-69-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-68-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-70-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-71-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-72-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-73-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-75-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-74-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-56-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-59-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-79-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-77-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-81-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-82-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-80-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-84-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-85-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-83-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-87-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-86-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-88-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-90-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-91-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-89-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-93-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-94-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-95-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-96-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-98-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download
memory/2028-97-0x0000000003130000-0x0000000003186000-memory.dmp

Filesize
344KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads