Overview

overview

10

Static

static

4b2e593add...73.exe

windows7-x64

10

4b2e593add...73.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    181s
  • max time network
    184s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-11-2022 17:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4b2e593addbb89b981e8b3d9ead6cb2bbafd646a620942803c268aeb51a6f773.exe

  • Size

    976KB

  • MD5

    72d3cb6dec38a72bb9996cf50f9ca152

  • SHA1

    fc0094507beca86633a2ff012a91d9e54a058c0d

  • SHA256

    4b2e593addbb89b981e8b3d9ead6cb2bbafd646a620942803c268aeb51a6f773

  • SHA512

    b3f1e45494120de1b50b7497f5ffa9f3ec105fdc3928d6951f8194a5c427d980d03c062d75f068714eb7540715e85aebf33211dafc9b6bdfaa8ac2207ee9214a

  • SSDEEP

    12288:Rt1rtR29DwSwNy6ZgFwg0jPacng2WnAH+QIMYHCoDaMycZ+rfF8hWf:RnxhSwNy6eFGC+jv+QIPHtDocoJf

Score
10/10
modiloaderpersistencetrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b2e593addbb89b981e8b3d9ead6cb2bbafd646a620942803c268aeb51a6f773.exe
    "C:\Users\Admin\AppData\Local\Temp\4b2e593addbb89b981e8b3d9ead6cb2bbafd646a620942803c268aeb51a6f773.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    PID:4836
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 1528
      2⤵
      • Program crash
      PID:1232
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4836 -ip 4836
    1⤵
      PID:1628

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4836-133-0x00000000029B0000-0x00000000029CA000-memory.dmp

      Filesize

      104KB

      Download

    • memory/4836-141-0x0000000002C40000-0x0000000002C89000-memory.dmp

      Filesize

      292KB

      Download

    • memory/4836-148-0x0000000004470000-0x00000000047BA000-memory.dmp

      Filesize

      3.3MB

      Download