Overview

overview

10

Static

static

9df1dda509...75.exe

windows7-x64

10

9df1dda509...75.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    90s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-12-2022 09:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9df1dda509bc600784990066f2bd188b2bd956fc79d1fce1a70e56de1135f275.exe

  • Size

    640KB

  • MD5

    9705ee27fa98efa1ea8abb42de8d5946

  • SHA1

    1ad51958475571fb6b8401f67c89d572104c8292

  • SHA256

    9df1dda509bc600784990066f2bd188b2bd956fc79d1fce1a70e56de1135f275

  • SHA512

    e4ffdbb5545bc8fb9786d91b714b7e91144ad03ab96143280abad3298b4408bfa1a8ffe3c44a3ca91dbea76a07263d9420504aea74b393cde2c6e1624c743539

  • SSDEEP

    12288:W7NDgoQihyEg+ecqyS7+cZ++NVFmFqgTIsnbm+bTwdsh9U2L5RE:WpDeOye1S7+0hVEFqsIsnbrnG2L5W

Score
10/10
modiloadertrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9df1dda509bc600784990066f2bd188b2bd956fc79d1fce1a70e56de1135f275.exe
    "C:\Users\Admin\AppData\Local\Temp\9df1dda509bc600784990066f2bd188b2bd956fc79d1fce1a70e56de1135f275.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:4008
    • C:\program files\internet explorer\IEXPLORE.EXE
      "C:\program files\internet explorer\IEXPLORE.EXE"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2640
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2640 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2384

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    ac572cbbc82d6d652cdbe2596aeac4ee

    SHA1

    a631b27cf33fe134f42ed411d7ea06c21df41ad5

    SHA256

    50b6d8f62150a7bd25fb3e462130e8e054a0f1fb619487e8c426a4c8bf6bdca8

    SHA512

    070095ec83e4eeccae5dcbadcb3132f08fd0aac50badbc42cb72691236b6cfcdf14ce275fb1bf5511896bb4dd25c2121e044341003c1a507be8fabc0b2b1bfff

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    19e55a7bc5d11c362f0a373fab57939a

    SHA1

    041c7bec38d460dfffd8f471f49a4e652eeec4f2

    SHA256

    5d75adef0b94049cd288939d59d0fa65c45c6a6fee72a4e063bdc65ce0b8e463

    SHA512

    42b688adfbd25e5f10120d58dd161bb3aa7d139f2c37b1f8e738be7338d4c2687c66070bc59535cfe7c1656b5731d4b6e81902ef125a033d57942271102b2090

    Download Submit
  • memory/4008-132-0x0000000000400000-0x00000000005B5000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/4008-133-0x0000000000400000-0x00000000005B5000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/4008-134-0x00000000023D0000-0x0000000002424000-memory.dmp
    Filesize

    336KB

    Download