Analysis
-
max time kernel
174s -
max time network
225s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
26-11-2022 23:10
General
-
Target
90f7f6ef0952e478b5281735f87a7e0116c2f620d0b45c6bd6230231d8ea1437.exe
-
Size
5.1MB
-
MD5
0a87095e2b0129902b094d3e144e6deb
-
SHA1
5f400b46f2876c92dcd7ce05ff2699946ce114bc
-
SHA256
90f7f6ef0952e478b5281735f87a7e0116c2f620d0b45c6bd6230231d8ea1437
-
SHA512
2316f53ecb3556c374c594525a75720a7adaa59889715631667e93105264ab30e5dd5b615eb3daaa33831c11476d4161145918d51067c115f221d5248ce756bd
-
SSDEEP
98304:ouzeozbcNTNmwFRcXZhITW5ucNF61j7+W4cacDXu5ZYNuPjqc897tgtzlwwirkx:otozbozFq0S5Xw1/BscpCj94Gzlwxg
Score
10/10
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
-
C:\Users\Admin\AppData\Local\Temp\90f7f6ef0952e478b5281735f87a7e0116c2f620d0b45c6bd6230231d8ea1437.exe"C:\Users\Admin\AppData\Local\Temp\90f7f6ef0952e478b5281735f87a7e0116c2f620d0b45c6bd6230231d8ea1437.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1452-132-0x0000000000400000-0x0000000000951000-memory.dmpFilesize
5.3MB
-
memory/1452-133-0x0000000000400000-0x0000000000951000-memory.dmpFilesize
5.3MB
-
memory/1452-134-0x0000000002690000-0x0000000002694000-memory.dmpFilesize
16KB
-
memory/1452-135-0x00000000026D0000-0x0000000002709000-memory.dmpFilesize
228KB
-
memory/1452-136-0x0000000000400000-0x0000000000951000-memory.dmpFilesize
5.3MB
-
memory/1452-137-0x00000000026D0000-0x0000000002709000-memory.dmpFilesize
228KB
-
memory/1452-138-0x0000000000400000-0x0000000000951000-memory.dmpFilesize
5.3MB
-
memory/1452-139-0x00000000026D0000-0x0000000002709000-memory.dmpFilesize
228KB