Overview

overview

10

Static

static

0cee359d0e...98.exe

windows7-x64

10

0cee359d0e...98.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    42s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23/11/2022, 19:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0cee359d0ebe2d41c6d9ffbdd40b05ac1de8137bd9634a876591155ca0d78998.exe

  • Size

    34KB

  • MD5

    52b025051accce9b2fa0f2ebe40b8b76

  • SHA1

    6848f8336017cc36aac3172491ddacb95bee1368

  • SHA256

    0cee359d0ebe2d41c6d9ffbdd40b05ac1de8137bd9634a876591155ca0d78998

  • SHA512

    281256d6f34d4f101bcd1ea7d79779b27ee4bbcd16538b05acccbc029165293b3f40cc1318fda287c01c1570e9950c975e2acfc4709817201f8cac3c7c482c0f

  • SSDEEP

    768:/qJCnrXKxzzfLGtm6BqCzk1gbiWrDlhpJPDSQpcNSZrduxjh6H:/qMXGLaLIt1hWrDlhpJPqAUlkH

Score
10/10
modiloadertrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0cee359d0ebe2d41c6d9ffbdd40b05ac1de8137bd9634a876591155ca0d78998.exe
    "C:\Users\Admin\AppData\Local\Temp\0cee359d0ebe2d41c6d9ffbdd40b05ac1de8137bd9634a876591155ca0d78998.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    PID:1788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files\Common Files\Microsoft Shared\MSInfo\atmQQ2.dll
    Filesize

    22KB

    MD5

    87143f201ab6838f890cc41ce400a9cb

    SHA1

    eba0b1bcf61c7669aa32ee55b36c0185f2bac842

    SHA256

    6cc09ac9ac7b59ac718711e0e15c1db1706d12eda760774fa382815b53fc10d5

    SHA512

    0668db93e27753cfee2f8f75fcbfb203e98016beb299e7dce52b61789e2674435aa31d36786901895cd58401580005281461283ff2ac97c860e7173e2bc49cf9

    Download Submit

  • memory/1788-54-0x00000000761F1000-0x00000000761F3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1788-55-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1788-57-0x0000000000320000-0x000000000033C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1788-58-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

    Download