Overview

overview

10

Static

static

10

001e9becdd...93.exe

windows10-2004-x64

7

1a1cf2a2f6...31.exe

windows10-2004-x64

7

2eac3720bc...61.exe

windows10-2004-x64

1

320e3af17b...4c.exe

windows10-2004-x64

3

33bcab7033...70.exe

windows10-2004-x64

6

47a52afd63...2e.exe

windows10-2004-x64

10

4b24d27301...69.exe

windows10-2004-x64

7

4c481d251f...5a.exe

windows10-2004-x64

1

4c9ab76300...dd.exe

windows10-2004-x64

6

50a04b093c...95.dll

windows10-2004-x64

6

5266183553...2f.dll

windows10-2004-x64

8

547798defb...6e.exe

windows10-2004-x64

10

5fb2242c04...96.exe

windows10-2004-x64

1

63a0bf6385...12.exe

windows10-2004-x64

10

6a08b51e02...68.exe

windows10-2004-x64

5

803d827a2c...53.exe

windows10-2004-x64

7

85523c6377...c3.exe

windows10-2004-x64

3

8ab3db7349...03.exe

windows10-2004-x64

9

9b87457fe8...f0.exe

windows10-2004-x64

8

a3c7b0df18...cc.exe

windows10-2004-x64

1

ab4fa067af...38.exe

windows10-2004-x64

10

b1c5c3ca41...7d.exe

windows10-2004-x64

3

ca561f9403...c5.exe

windows10-2004-x64

7

d278eb3d6c...8f.exe

windows10-2004-x64

6

d3e04348f4...91.exe

windows10-2004-x64

10

d7e876a714...c9.exe

windows10-2004-x64

7

dd8bf2763c...38.exe

windows10-2004-x64

dd9ca1355f...9a.exe

windows10-2004-x64

7

dd9d07d1f5...27.exe

windows10-2004-x64

10

ef3c260fed...49.exe

windows10-2004-x64

10

f40df86d68...df.exe

windows10-2004-x64

10

fb861230c0...01.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    154s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-10-2023 21:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    63a0bf6385356dd0297449bdca2a2f171846315505800e81a4c0285f09c87312.exe

  • Size

    304KB

  • MD5

    abebbf12d4f5c17f5fc6d295b780e5a0

  • SHA1

    58f129763b6b98483f44c5847de8c34c01316d65

  • SHA256

    63a0bf6385356dd0297449bdca2a2f171846315505800e81a4c0285f09c87312

  • SHA512

    8f64772716006990bbca182fbee187d6792fd9eb9b6d891296bb4d9067a7568fc57ec845a5302afe206b935900e8f76061035f5cfd14bbe487f3311ae9dbb900

  • SSDEEP

    6144:6h+ykFDX/tt5ipwQd3Zks1NqZNlPur5UMRjIjXn+Z:s+ykFJfimQd3V1QZNu5FRQ3s

Score
10/10
modiloaderevasionpersistencetrojan

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • Checks for common network interception software 1 TTPs

    Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    evasion
  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • ModiLoader Second Stage 45 IoCs
  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Looks for VMWare Tools registry key 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Deletes itself 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 10 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 12 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\63a0bf6385356dd0297449bdca2a2f171846315505800e81a4c0285f09c87312.exe
    "C:\Users\Admin\AppData\Local\Temp\63a0bf6385356dd0297449bdca2a2f171846315505800e81a4c0285f09c87312.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2964
    • C:\Users\Admin\AppData\Local\Temp\63a0bf6385356dd0297449bdca2a2f171846315505800e81a4c0285f09c87312.exe
      C:\Users\Admin\AppData\Local\Temp\63a0bf6385356dd0297449bdca2a2f171846315505800e81a4c0285f09c87312.exe
      2⤵
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:384
      • C:\Windows\SysWOW64\dllhost.exe
        dllhost.exe
        3⤵
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of WriteProcessMemory
        PID:1676
        • C:\Windows\SysWOW64\dllhost.exe
          dllhost.exe
          4⤵
          • Looks for VirtualBox Guest Additions in registry
          • Adds policy Run key to start application
          • Looks for VMWare Tools registry key
          • Checks BIOS information in registry
          • Deletes itself
          • Adds Run key to start application
          • Maps connected drives based on registry
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: MapViewOfSection
          • Suspicious use of WriteProcessMemory
          PID:4432
          • C:\Windows\SysWOW64\dllhost.exe
            "C:\Windows\SysWOW64\dllhost.exe"
            5⤵
              PID:244
            • C:\Windows\SysWOW64\explorer.exe
              explorer.exe
              5⤵
                PID:2548

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/244-64-0x0000000000C00000-0x0000000000CC4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/244-37-0x0000000000C00000-0x0000000000CC4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/244-36-0x0000000000C00000-0x0000000000CC4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/244-35-0x00000000009D0000-0x00000000009D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/244-34-0x0000000000580000-0x0000000000587000-memory.dmp

        Filesize

        28KB

        Download

      • memory/244-33-0x0000000000580000-0x0000000000587000-memory.dmp

        Filesize

        28KB

        Download

      • memory/244-39-0x0000000000C00000-0x0000000000CC4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/244-40-0x0000000000C00000-0x0000000000CC4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/244-38-0x0000000000C00000-0x0000000000CC4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/244-42-0x0000000000C00000-0x0000000000CC4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/384-11-0x000000000DD90000-0x000000000DE54000-memory.dmp

        Filesize

        784KB

        Download

      • memory/384-12-0x0000000000400000-0x0000000000436000-memory.dmp

        Filesize

        216KB

        Download

      • memory/384-2-0x0000000000400000-0x0000000001400000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/384-4-0x0000000000400000-0x0000000001400000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/384-5-0x0000000000400000-0x0000000001400000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/384-6-0x000000000DD90000-0x000000000DE54000-memory.dmp

        Filesize

        784KB

        Download

      • memory/384-7-0x000000000DD90000-0x000000000DE54000-memory.dmp

        Filesize

        784KB

        Download

      • memory/1676-9-0x0000000000580000-0x0000000000587000-memory.dmp

        Filesize

        28KB

        Download

      • memory/1676-13-0x00000000009C0000-0x00000000009C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1676-15-0x00000000008F0000-0x00000000009B4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/1676-17-0x00000000008F0000-0x00000000009B4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/1676-14-0x00000000008F0000-0x00000000009B4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/1676-10-0x0000000000580000-0x0000000000587000-memory.dmp

        Filesize

        28KB

        Download

      • memory/2548-57-0x0000000000E20000-0x0000000000EE4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/2548-54-0x00000000006E0000-0x0000000000B13000-memory.dmp

        Filesize

        4.2MB

        Download

      • memory/2548-62-0x0000000000E20000-0x0000000000EE4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/2548-56-0x00000000006E0000-0x0000000000B13000-memory.dmp

        Filesize

        4.2MB

        Download

      • memory/2548-58-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2548-61-0x0000000000E20000-0x0000000000EE4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/2548-66-0x0000000000E20000-0x0000000000EE4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/2548-59-0x0000000000E20000-0x0000000000EE4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/2548-60-0x0000000000E20000-0x0000000000EE4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/2964-0-0x0000000002250000-0x0000000002254000-memory.dmp

        Filesize

        16KB

        Download

      • memory/4432-19-0x0000000000580000-0x0000000000587000-memory.dmp

        Filesize

        28KB

        Download

      • memory/4432-32-0x0000000000720000-0x00000000007E4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/4432-31-0x0000000000720000-0x00000000007E4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/4432-30-0x0000000000720000-0x00000000007E4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/4432-44-0x0000000000720000-0x00000000007E4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/4432-45-0x0000000000720000-0x00000000007E4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/4432-46-0x0000000000720000-0x00000000007E4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/4432-48-0x0000000000720000-0x00000000007E4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/4432-49-0x0000000000720000-0x00000000007E4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/4432-51-0x0000000000720000-0x00000000007E4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/4432-52-0x0000000000720000-0x00000000007E4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/4432-53-0x0000000000720000-0x00000000007E4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/4432-50-0x0000000000720000-0x00000000007E4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/4432-29-0x0000000000720000-0x00000000007E4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/4432-28-0x0000000000720000-0x00000000007E4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/4432-27-0x0000000000720000-0x00000000007E4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/4432-26-0x0000000000720000-0x00000000007E4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/4432-23-0x00000000007F0000-0x00000000007F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4432-25-0x0000000000720000-0x00000000007E4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/4432-24-0x0000000000720000-0x00000000007E4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/4432-22-0x0000000000720000-0x00000000007E4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/4432-21-0x0000000000720000-0x00000000007E4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/4432-20-0x0000000000580000-0x0000000000587000-memory.dmp

        Filesize

        28KB

        Download

      • memory/4432-75-0x0000000000720000-0x00000000007E4000-memory.dmp

        Filesize

        784KB

        Download

      • memory/4432-76-0x0000000000720000-0x00000000007E4000-memory.dmp

        Filesize

        784KB

        Download