Overview

overview

10

Static

static

3

Hqtxxjpjckxave.exe

windows7-x64

10

Hqtxxjpjckxave.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2023, 08:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Hqtxxjpjckxave.exe

  • Size

    743KB

  • MD5

    94b1f0ce6e3425e8461b1ed3fd9f0439

  • SHA1

    8912717e3164a6c74eaa24a2318c662320e4783a

  • SHA256

    1ca9a78c794861c21817bf7c4cd1b903bfb3ce4c64d2f6daf3ef4606775b6efc

  • SHA512

    b1878ca9493d2f2a7933dbca470b10a9a219acaa3b5cc34c8dd39f81937a5e1dd004c9c3d32aad26b1470f5238e1861af879c8c30291b46ced9db68fab882e38

  • SSDEEP

    12288:QVxfM/PNmfig4qXnWy1ZsY2mTS7gazVb8N0K1WqLjPGb:0iEfB4Q9+VIECjP

Score
10/10
modiloaderpersistencetrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Script User-Agent 3 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 56 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3144
    • C:\Users\Admin\AppData\Local\Temp\Hqtxxjpjckxave.exe
      "C:\Users\Admin\AppData\Local\Temp\Hqtxxjpjckxave.exe"
      2⤵
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:4504
      • C:\Windows\SysWOW64\SndVol.exe
        "C:\Windows\System32\SndVol.exe"
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of AdjustPrivilegeToken
        PID:3876
    • C:\Windows\SysWOW64\help.exe
      "C:\Windows\SysWOW64\help.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3636
      • C:\Program Files\Mozilla Firefox\Firefox.exe
        "C:\Program Files\Mozilla Firefox\Firefox.exe"
        3⤵
          PID:744
          • C:\Windows\system32\WerFault.exe
            C:\Windows\system32\WerFault.exe -u -p 744 -s 156
            4⤵
            • Program crash
            PID:4772
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -pss -s 472 -p 744 -ip 744
      1⤵
        PID:1100

      Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/3144-148-0x0000000003170000-0x0000000003221000-memory.dmp

              Filesize

              708KB

              Download

            • memory/3144-162-0x00000000089F0000-0x0000000008A83000-memory.dmp

              Filesize

              588KB

              Download

            • memory/3144-155-0x00000000089F0000-0x0000000008A83000-memory.dmp

              Filesize

              588KB

              Download

            • memory/3636-154-0x00000000012E0000-0x000000000136F000-memory.dmp

              Filesize

              572KB

              Download

            • memory/3636-153-0x0000000001400000-0x000000000174A000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/3636-152-0x0000000000BA0000-0x0000000000BCD000-memory.dmp

              Filesize

              180KB

              Download

            • memory/3636-150-0x00000000006A0000-0x00000000006A7000-memory.dmp

              Filesize

              28KB

              Download

            • memory/3636-149-0x00000000006A0000-0x00000000006A7000-memory.dmp

              Filesize

              28KB

              Download

            • memory/3876-146-0x0000000002F50000-0x000000000329A000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/3876-147-0x0000000002CB0000-0x0000000002CC0000-memory.dmp

              Filesize

              64KB

              Download

            • memory/3876-145-0x0000000010410000-0x000000001043F000-memory.dmp

              Filesize

              188KB

              Download

            • memory/3876-144-0x0000000010410000-0x000000001043F000-memory.dmp

              Filesize

              188KB

              Download

            • memory/3876-142-0x0000000000EA0000-0x0000000000EA1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4504-133-0x0000000002250000-0x0000000002251000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4504-141-0x0000000010410000-0x000000001043F000-memory.dmp

              Filesize

              188KB

              Download

            • memory/4504-140-0x0000000010410000-0x000000001043F000-memory.dmp

              Filesize

              188KB

              Download

            • memory/4504-136-0x0000000000400000-0x00000000004C0000-memory.dmp

              Filesize

              768KB

              Download

            • memory/4504-134-0x0000000002290000-0x00000000022C2000-memory.dmp

              Filesize

              200KB

              Download