Overview

overview

10

Static

static

8

红警全�...14.exe

windows7-x64

10

红警全�...14.exe

windows10-2004-x64

10

软件教程.js

windows7-x64

1

软件教程.js

windows10-2004-x64

1

Analysis

  • max time kernel
    162s
  • max time network
    175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-11-2022 06:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    红警全能王v2014.exe

  • Size

    1.0MB

  • MD5

    7ff0bf0155a77e93f86216aefceab475

  • SHA1

    ab65d99772cb00ca6d686120ce5e5d206ddc3975

  • SHA256

    2c6bd4d46cc9505b7d502da962ee34aa62fcad728e800fd50e8d8ad8505dcca5

  • SHA512

    92849fe1a18634f74c541b114533266fe7c328bbb33a3e31360b91d2b343dd9b3b49640eb787fa3c80deee992c726d166bd6caec8414bd8a8d563ec3e428a0e4

  • SSDEEP

    24576:soahC2h99zfs3wl76HyFf6Mhng8dNAomDAHnrf6XRbJDRM4:svsm99zfs3wl7ca6Mh3mkEbJy

Score
10/10
modiloadertrojanupx

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 2 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\红警全能王v2014.exe
    "C:\Users\Admin\AppData\Local\Temp\红警全能王v2014.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4788-132-0x0000000000400000-0x000000000069E000-memory.dmp
    Filesize

    2.6MB

    Download
  • memory/4788-133-0x0000000000400000-0x000000000069E000-memory.dmp
    Filesize

    2.6MB

    Download