Analysis
-
max time kernel
131s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
17-03-2023 07:25
Behavioral task
behavioral1
Sample
47792144c9b440b3d2fbd422f68a23a8a8dfc16466d2a7430fc283a9d382826f.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
47792144c9b440b3d2fbd422f68a23a8a8dfc16466d2a7430fc283a9d382826f.exe
Resource
win10v2004-20230220-en
General
-
Target
47792144c9b440b3d2fbd422f68a23a8a8dfc16466d2a7430fc283a9d382826f.exe
-
Size
420KB
-
MD5
4c441e0f43f6ea1edf515e4a25ffcd24
-
SHA1
ca5021d2161664853eb3900a1d8c9874672c03f2
-
SHA256
47792144c9b440b3d2fbd422f68a23a8a8dfc16466d2a7430fc283a9d382826f
-
SHA512
488166165f653f6d16c3d4bbd1ddeb547345396f38918481d72cc74da322d363782c6e5024a65b3193c7fe7102200aa76f7f699e3995ba1a0fbd5ca74290237f
-
SSDEEP
6144:Lq4/ZdjqF1Tov7yuTlb5251VnHgv+BrlkaWI0wQA:mIre+bQ5jnNlw5
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage 1 IoCs
Processes:
resource yara_rule behavioral2/memory/3604-133-0x0000000006310000-0x000000000637C000-memory.dmp modiloader_stage2 -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4168 3604 WerFault.exe 47792144c9b440b3d2fbd422f68a23a8a8dfc16466d2a7430fc283a9d382826f.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\47792144c9b440b3d2fbd422f68a23a8a8dfc16466d2a7430fc283a9d382826f.exe"C:\Users\Admin\AppData\Local\Temp\47792144c9b440b3d2fbd422f68a23a8a8dfc16466d2a7430fc283a9d382826f.exe"1⤵PID:3604
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 4962⤵
- Program crash
PID:4168
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3604 -ip 36041⤵PID:4736
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3604-133-0x0000000006310000-0x000000000637C000-memory.dmpFilesize
432KB