Overview

overview

10

Static

static

8acabd0cd0...4d.exe

windows7-x64

10

8acabd0cd0...4d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-11-2022 04:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8acabd0cd013edd60d71ebceda804be54eb06514fc7060fb14ccfe9275ff754d.exe

  • Size

    40KB

  • MD5

    f90d498d89135d8fdbe0326d172428ce

  • SHA1

    af3688a5e58a16d12cf7ac618fd32b2f62871461

  • SHA256

    8acabd0cd013edd60d71ebceda804be54eb06514fc7060fb14ccfe9275ff754d

  • SHA512

    56431b9ea896a6a1d8c7c008176c0c3acc2376050bb43ca55551dd7b87ffe04bddc8e2f1db7c4e93935302ecc5f95a71f1f4b25978ec7cae0088522cff79d386

  • SSDEEP

    768:B4B2JGYVNfV6vrFDPwp2Gt7YHN0m5vcdXwPXDzHvzExAPOE/3MwVrJ7H8oWXRrK9:BC2oAfIrJwp2Gium5vcxwPzzvzEx6L/z

Score
10/10
modiloadertrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8acabd0cd013edd60d71ebceda804be54eb06514fc7060fb14ccfe9275ff754d.exe
    "C:\Users\Admin\AppData\Local\Temp\8acabd0cd013edd60d71ebceda804be54eb06514fc7060fb14ccfe9275ff754d.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Common Files\microsoft shared\MSInfo\atmQQ2.dll
    Filesize

    21KB

    MD5

    2f5ca96ce123f3a995d7941edd718180

    SHA1

    52cd0ebf2e930ede630decc7fda157d23eca2517

    SHA256

    bd4335f482275b2497e40e98145e01d59dba1115198485e43498405e4cf6951a

    SHA512

    e3ac43a5619c9042a8d410ec6363b46ed1e2e5098a56fadaf54cd475e4dd0a8a536a1b1fc895393ee8b73d7b49ed1c4ceb5ecc851912dbf71ebac9d4b434eb7a

    Download Submit

  • C:\Program Files\Common Files\microsoft shared\MSInfo\atmQQ2.dll
    Filesize

    21KB

    MD5

    2f5ca96ce123f3a995d7941edd718180

    SHA1

    52cd0ebf2e930ede630decc7fda157d23eca2517

    SHA256

    bd4335f482275b2497e40e98145e01d59dba1115198485e43498405e4cf6951a

    SHA512

    e3ac43a5619c9042a8d410ec6363b46ed1e2e5098a56fadaf54cd475e4dd0a8a536a1b1fc895393ee8b73d7b49ed1c4ceb5ecc851912dbf71ebac9d4b434eb7a

    Download Submit

  • memory/516-132-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/516-135-0x00000000006C0000-0x00000000006E4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/516-136-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download