Overview

overview

10

Static

static

10

easy_Malic...af.exe

windows7-x64

10

easy_Malic...af.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    7s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2023, 15:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    easy_Malicious_0308ee7ba23eb944f910e085a789935b4d525672f59d13033d936188f268c5af.exe

  • Size

    898KB

  • MD5

    9f47d742728c1d932f0413832ee4696b

  • SHA1

    faa2f8a62517019ac9e3af94d3d23812de4c55e4

  • SHA256

    2d5f0e00a9a7110d27ae329e565db43d58bfc0f12c72879174ea5b3e70dd1c5d

  • SHA512

    bb91d2b41b3eeba0d31466c02918b2174dadbda904d06da158499350beced310fc4ab268e98e5d499ba5e72c40a3c9806cb85542d18e83b7bc9faee09a09255c

  • SSDEEP

    24576:IAY+wzSBZYUiR+SgH/jw4+wWiT27w5+vGUtxW2:IAuOFhfc4VT27w5YGUtxW2

Score
10/10
modiloadertrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 8 IoCs
  • ACProtect 1.3x - 1.4x DLL software 5 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Program crash 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\easy_Malicious_0308ee7ba23eb944f910e085a789935b4d525672f59d13033d936188f268c5af.exe
    "C:\Users\Admin\AppData\Local\Temp\easy_Malicious_0308ee7ba23eb944f910e085a789935b4d525672f59d13033d936188f268c5af.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4300
    • C:\Windows\Server.exe
      C:\Windows\Server.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3912
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe"
        3⤵
          PID:4124
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 12
            4⤵
            • Program crash
            PID:1240
        • C:\Windows\SysWOW64\mmc.exe
          "C:\Windows\system32\mmc.exe"
          3⤵
            PID:4948
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 12
              4⤵
              • Program crash
              PID:4836
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Windows\Delet.bat
          2⤵
            PID:3940
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4124 -ip 4124
          1⤵
            PID:1768
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4948 -ip 4948
            1⤵
              PID:2920

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\noi9589.tmp
              Filesize

              172KB

              MD5

              685f1cbd4af30a1d0c25f252d399a666

              SHA1

              6a1b978f5e6150b88c8634146f1406ed97d2f134

              SHA256

              0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

              SHA512

              6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\noi9589.tmp
              Filesize

              172KB

              MD5

              685f1cbd4af30a1d0c25f252d399a666

              SHA1

              6a1b978f5e6150b88c8634146f1406ed97d2f134

              SHA256

              0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

              SHA512

              6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\vpi9BD2.tmp
              Filesize

              172KB

              MD5

              685f1cbd4af30a1d0c25f252d399a666

              SHA1

              6a1b978f5e6150b88c8634146f1406ed97d2f134

              SHA256

              0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

              SHA512

              6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\vpi9BD2.tmp
              Filesize

              172KB

              MD5

              685f1cbd4af30a1d0c25f252d399a666

              SHA1

              6a1b978f5e6150b88c8634146f1406ed97d2f134

              SHA256

              0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

              SHA512

              6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\vpi9BD2.tmp
              Filesize

              172KB

              MD5

              685f1cbd4af30a1d0c25f252d399a666

              SHA1

              6a1b978f5e6150b88c8634146f1406ed97d2f134

              SHA256

              0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

              SHA512

              6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

              Download Submit

            • C:\Windows\Delet.bat
              Filesize

              278B

              MD5

              64145e97b2855322be6b238a48fb4407

              SHA1

              2cc927c1e3ce6360d24f0d1200a3491e3987ff79

              SHA256

              1c9365718aa0d3d73c8a4a2111f51c48d69112f9acc6c35b909fb40f2b9849a7

              SHA512

              8349422c1108f24908479d5f782a70ed31b078238ab37fe88ee240ac7973b56af85a5eec295abe43c2cf491026f1f6b05ab7a45b4fa9a815dc6846ef41299d70

              Download Submit

            • C:\Windows\Server.exe
              Filesize

              898KB

              MD5

              9f47d742728c1d932f0413832ee4696b

              SHA1

              faa2f8a62517019ac9e3af94d3d23812de4c55e4

              SHA256

              2d5f0e00a9a7110d27ae329e565db43d58bfc0f12c72879174ea5b3e70dd1c5d

              SHA512

              bb91d2b41b3eeba0d31466c02918b2174dadbda904d06da158499350beced310fc4ab268e98e5d499ba5e72c40a3c9806cb85542d18e83b7bc9faee09a09255c

              Download Submit

            • C:\Windows\Server.exe
              Filesize

              898KB

              MD5

              9f47d742728c1d932f0413832ee4696b

              SHA1

              faa2f8a62517019ac9e3af94d3d23812de4c55e4

              SHA256

              2d5f0e00a9a7110d27ae329e565db43d58bfc0f12c72879174ea5b3e70dd1c5d

              SHA512

              bb91d2b41b3eeba0d31466c02918b2174dadbda904d06da158499350beced310fc4ab268e98e5d499ba5e72c40a3c9806cb85542d18e83b7bc9faee09a09255c

              Download Submit

            • C:\Windows\SysWOW64\_Server.exe
              Filesize

              898KB

              MD5

              9f47d742728c1d932f0413832ee4696b

              SHA1

              faa2f8a62517019ac9e3af94d3d23812de4c55e4

              SHA256

              2d5f0e00a9a7110d27ae329e565db43d58bfc0f12c72879174ea5b3e70dd1c5d

              SHA512

              bb91d2b41b3eeba0d31466c02918b2174dadbda904d06da158499350beced310fc4ab268e98e5d499ba5e72c40a3c9806cb85542d18e83b7bc9faee09a09255c

              Download Submit

            • memory/3912-159-0x0000000000400000-0x00000000004BD000-memory.dmp

              Filesize

              756KB

              Download

            • memory/3912-162-0x0000000002110000-0x0000000002183000-memory.dmp

              Filesize

              460KB

              Download

            • memory/3912-165-0x00000000021B0000-0x00000000021B1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4124-155-0x0000000000400000-0x00000000004BD000-memory.dmp

              Filesize

              756KB

              Download

            • memory/4300-143-0x00000000022E0000-0x00000000022E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4300-133-0x0000000000400000-0x00000000004BD000-memory.dmp

              Filesize

              756KB

              Download

            • memory/4300-163-0x0000000000400000-0x00000000004BD000-memory.dmp

              Filesize

              756KB

              Download

            • memory/4300-166-0x0000000002260000-0x00000000022D3000-memory.dmp

              Filesize

              460KB

              Download

            • memory/4300-142-0x0000000002260000-0x00000000022D3000-memory.dmp

              Filesize

              460KB

              Download

            • memory/4948-157-0x0000000000480000-0x000000000053D000-memory.dmp

              Filesize

              756KB

              Download