Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

e3d14dc9c1...b9.exe

windows7-x64

10

e3d14dc9c1...b9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 11:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e3d14dc9c127ca06e0800c09081727b9.exe

  • Size

    2.9MB

  • MD5

    e3d14dc9c127ca06e0800c09081727b9

  • SHA1

    e7543719b046218d8c60434731d5af5a53357172

  • SHA256

    347cfd6ac482e6562d6a8bb4029ed095936599ee3de2498f91171c135f9b4632

  • SHA512

    a9ad2ba157fcaa5243fb306650d31ee9543f2455c5af5fafef11cac0c28b9926422689f36753cffbb3f7292c4f031c1a989c858d730c0e75113e8b1d21c3e873

  • SSDEEP

    49152:LKiv1QZi2jT9+5czncFU/HpTMyR9y2MjUefr8GUynIH:LfWNv0OzcOHpg2yvUe7

Score
10/10
modiloadertrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • ModiLoader Second Stage 1 IoCs
  • Script User-Agent 2 IoCs

    Uses user-agent string associated with script host/environment.

Processes

  • C:\Users\Admin\AppData\Local\Temp\e3d14dc9c127ca06e0800c09081727b9.exe
    "C:\Users\Admin\AppData\Local\Temp\e3d14dc9c127ca06e0800c09081727b9.exe"
    1⤵
      PID:1684

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1684-0-0x00000000024F0000-0x00000000024F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1684-1-0x0000000002BF0000-0x0000000003BF0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/1684-2-0x0000000002BF0000-0x0000000003BF0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/1684-4-0x0000000000400000-0x00000000006EC000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/1684-5-0x00000000024F0000-0x00000000024F1000-memory.dmp

      Filesize

      4KB

      Download