modiloader | 35f2e83ae1824192895db4652379e09d403315098c1e864719b5660df7bda548

Analysis

max time kernel
102s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2022 03:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1c287a3ca407a74a477c47c59892a35.exe
Size

855KB
MD5

a1c287a3ca407a74a477c47c59892a35
SHA1

5a3623e0bca2e8db1fb9e6e75594dfcc06120cab
SHA256

35f2e83ae1824192895db4652379e09d403315098c1e864719b5660df7bda548
SHA512

2c63b495089ac51e51ea893b3fecd6e755ad3a0805bcef492c41349d9075d35df882f23374ce1ab5974005a8b6622e7fb3f947745ae53572c243c0ca957d5cec
SSDEEP

12288:Hkcz1cfQZIGdTetgXN+j5kiGNtlvSsg8J/2p9Uy1/GGmnAPU4wuvYe+msnzu8xde:HR6f4wtgXUVkp1KsgSaH1/GGmArzGzk

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 63 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1444-132-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-135-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-136-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-137-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-134-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-138-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-139-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-140-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-141-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-142-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-143-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-145-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-146-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-147-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-148-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-149-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-150-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-144-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-151-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-152-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-153-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-154-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-157-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-158-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-156-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-155-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-160-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-161-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-162-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-163-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-159-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-165-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-166-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-167-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-168-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-164-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-170-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-171-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-172-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-169-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-173-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-174-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-175-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-176-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-177-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-178-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-179-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-180-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-181-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-182-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-183-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-184-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-185-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-186-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-187-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-188-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-189-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-190-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-191-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-192-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-193-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-195-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2
behavioral2/memory/1444-194-0x00000000022C0000-0x00000000022EA000-memory.dmp	modiloader_stage2

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

216 1444 WerFault.exe a1c287a3ca407a74a477c47c59892a35.exe

pid	pid_target	process	target process
216	1444	WerFault.exe	a1c287a3ca407a74a477c47c59892a35.exe

C:\Users\Admin\AppData\Local\Temp\a1c287a3ca407a74a477c47c59892a35.exe
"C:\Users\Admin\AppData\Local\Temp\a1c287a3ca407a74a477c47c59892a35.exe"
1⤵
PID:1444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 688
2⤵
- Program crash
PID:216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1444 -ip 1444
1⤵
PID:5060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1444-132-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-135-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-136-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-137-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-134-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-138-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-139-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-140-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-141-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-142-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-143-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-145-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-146-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-147-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-148-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-149-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-150-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-144-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-151-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-152-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-153-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-154-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-157-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-158-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-156-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-155-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-160-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-161-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-162-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-163-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-159-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-165-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-166-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-167-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-168-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-164-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-170-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-171-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-172-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-169-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-173-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-174-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-175-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-176-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-177-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-178-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-179-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-180-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-181-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-182-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-183-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-184-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-185-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-186-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-187-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-188-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-189-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-190-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-191-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-192-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-193-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-195-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download
memory/1444-194-0x00000000022C0000-0x00000000022EA000-memory.dmp

Filesize
168KB

Download