Analysis
-
max time kernel
6s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
28-11-2022 02:09
General
-
Target
b0a30508d2032142c808163fc761803290c38155d326d46263a195d5e9553161.exe
-
Size
35KB
-
MD5
bd93249784028828869b896537e5340b
-
SHA1
0bae5593a4aefae0155baeb1126e6089f1107bb9
-
SHA256
b0a30508d2032142c808163fc761803290c38155d326d46263a195d5e9553161
-
SHA512
f397ddc26f5c4f767ac3cd2b0b0180f39628cefd1bb212517656743497848602b25f603895ba77750942b6537c825b72b358e3f7088eb15f4c68142c2ba7d5db
-
SSDEEP
768:p11ZCrVD1tuLAXGX2g0ClGe65c+azbKUKrxLiZEK8hKuuTYe0IRu:X2VZMkXGn8XcUxeZEK8UxVRu
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Drops file in Program Files directory 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b0a30508d2032142c808163fc761803290c38155d326d46263a195d5e9553161.exe"C:\Users\Admin\AppData\Local\Temp\b0a30508d2032142c808163fc761803290c38155d326d46263a195d5e9553161.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Program Files\Common Files\Microsoft Shared\MSInfo\atmQQ2.dllFilesize
25KB
MD540289d66b14c54bed03c247de8b95c6e
SHA1ce659b37442d7276a9f877ec7562a865d2814405
SHA256da1d80941092ccc970727b5e4feb84e2a67aa47efb9a1a595cf1a9a525c47b61
SHA5126e12b1897873da86144bcad1d11a3c137aca434e43daa31b07a203469b21d218a3e06b6a6735f9fe30addaa357583985d44c58900a27d2ea379891eada4e7dfa
-
memory/1912-54-0x0000000076031000-0x0000000076033000-memory.dmpFilesize
8KB
-
memory/1912-56-0x0000000000400000-0x0000000000425000-memory.dmpFilesize
148KB
-
memory/1912-57-0x0000000000220000-0x000000000023F000-memory.dmpFilesize
124KB