Overview

overview

10

Static

static

9d0d64f0f7...8e.exe

windows7-x64

10

9d0d64f0f7...8e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    156s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-12-2022 08:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9d0d64f0f7ae03a45d4c2e914f1dd6ebd79a0701ef2dd38cabbffd53b3d48b8e.exe

  • Size

    388KB

  • MD5

    c7c3b1dfc231e192d1886d682ff941ca

  • SHA1

    6b3e0ad82026e25bd60a9b71fef5b67396696320

  • SHA256

    9d0d64f0f7ae03a45d4c2e914f1dd6ebd79a0701ef2dd38cabbffd53b3d48b8e

  • SHA512

    f930640e2acc12aba970f8ab56a87f1ab613569d1d3a0c24b2f4c5265533edffc795a5614f821ec9d7406f5905fef6c5878997e2aa43234a09d18a3b5864fe08

  • SSDEEP

    6144:7bOAmC045lY0Z79BZb4SCnG35g6N0QJpvJGEGOKPbXl9X0J0qOxl4FBBb86:RmC08W+9BZb3p32qX3v4EAVGeJ4Fd

Score
10/10
modiloadertrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 5 IoCs
  • Loads dropped DLL 2 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9d0d64f0f7ae03a45d4c2e914f1dd6ebd79a0701ef2dd38cabbffd53b3d48b8e.exe
    "C:\Users\Admin\AppData\Local\Temp\9d0d64f0f7ae03a45d4c2e914f1dd6ebd79a0701ef2dd38cabbffd53b3d48b8e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:4960
    • C:\Users\Admin\AppData\Local\Temp\9d0d64f0f7ae03a45d4c2e914f1dd6ebd79a0701ef2dd38cabbffd53b3d48b8e.exe
      C:\Users\Admin\AppData\Local\Temp\9d0d64f0f7ae03a45d4c2e914f1dd6ebd79a0701ef2dd38cabbffd53b3d48b8e.exe
      2⤵
        PID:4452
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 80
          3⤵
          • Program crash
          PID:4544
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4452 -ip 4452
      1⤵
        PID:1316

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\kacir.dll
        Filesize

        19KB

        MD5

        dda37de6068ad16771e3a6464bb8778b

        SHA1

        903317703bfcd07e9bea7246920de98916017e08

        SHA256

        e5fa2290f69a152c53dec772142ddb3d4c04cb2ee25ad05b0ec97ab202361f11

        SHA512

        1d38ba967b34c6d48b8048bf282484bc6c8d6f3644a127a8102d3edbcf5dd854744da7e8f15b10b93b6124db634a7c891c1c175fca8a7b2e6810fc204132ea05

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\kacir.dll
        Filesize

        19KB

        MD5

        dda37de6068ad16771e3a6464bb8778b

        SHA1

        903317703bfcd07e9bea7246920de98916017e08

        SHA256

        e5fa2290f69a152c53dec772142ddb3d4c04cb2ee25ad05b0ec97ab202361f11

        SHA512

        1d38ba967b34c6d48b8048bf282484bc6c8d6f3644a127a8102d3edbcf5dd854744da7e8f15b10b93b6124db634a7c891c1c175fca8a7b2e6810fc204132ea05

        Download Submit

      • memory/4452-138-0x0000000000010000-0x0000000000077A4C-memory.dmp

        Filesize

        414KB

        Download

      • memory/4960-134-0x00000000005B1000-0x00000000005B5000-memory.dmp

        Filesize

        16KB

        Download

      • memory/4960-135-0x0000000000010000-0x0000000000077A4C-memory.dmp

        Filesize

        414KB

        Download

      • memory/4960-137-0x0000000000010000-0x0000000000077A4C-memory.dmp

        Filesize

        414KB

        Download